public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
StackFrame sf = th.getTopFrame();
RealExpression sym_v1 = (RealExpression) sf.getLongOperandAttr();
double v1 = Types.longToDouble(th.longPop());
RealExpression sym_v2 = (RealExpression) sf.getLongOperandAttr();
double v2 = Types.longToDouble(th.longPop());
double r = v1 * v2;
if (sym_v1 == null && sym_v2 == null) th.longPush(Types.doubleToLong(r));
else th.longPush(0);
RealExpression result = null;
if (sym_v2 != null) {
if (sym_v1 != null) result = sym_v2._mul(sym_v1);
else // v1 is concrete
result = sym_v2._mul(v1);
} else if (sym_v1 != null) result = sym_v1._mul(v2);
sf.setLongOperandAttr(result);
// System.out.println("Execute DMUL: "+ sf.getLongOperandAttr());
return getNext(th);
}
public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
long v1 = th.longPop();
long v2 = th.longPop();
th.push(conditionValue(v1, v2), false);
return getNext(th);
}
public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
int v1 = th.pop();
int v2 = th.pop();
th.push(v1 + v2, false);
return getNext(th);
}
public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
RealExpression sym_fval = (RealExpression) th.getTopFrame().getOperandAttr();
if (sym_fval == null) {
return super.execute(ss, ks, th);
} else {
// System.out.println("Execute symbolic F2L");
// here we get a hold of the current path condition and
// add an extra mixed constraint sym_dval==sym_ival
ChoiceGenerator<?> cg;
if (!th.isFirstStepInsn()) { // first time around
cg = new PCChoiceGenerator(1); // only one choice
ss.setNextChoiceGenerator(cg);
return this;
} else { // this is what really returns results
cg = ss.getChoiceGenerator();
assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg;
}
// get the path condition from the
// previous choice generator of the same type
PathCondition pc;
ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGenerator();
while (!((prev_cg == null) || (prev_cg instanceof PCChoiceGenerator))) {
prev_cg = prev_cg.getPreviousChoiceGenerator();
}
if (prev_cg == null)
pc = new PathCondition(); // TODO: handling of preconditions needs to be changed
else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC();
assert pc != null;
th.pop();
th.longPush(0); // for symbolic expressions, the concrete value does not matter
SymbolicInteger sym_lval = new SymbolicInteger();
StackFrame sf = th.getTopFrame();
sf.setLongOperandAttr(sym_lval);
pc._addDet(Comparator.EQ, sym_fval, sym_lval);
if (!pc.simplify()) { // not satisfiable
ss.setIgnored(true);
} else {
// pc.solve();
((PCChoiceGenerator) cg).setCurrentPC(pc);
// System.out.println(((PCChoiceGenerator) cg).getCurrentPC());
}
// System.out.println("Execute D2I: " + sf.getLongOperandAttr());
return getNext(th);
}
}
public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
long v1 = th.longPop();
long v2 = th.longPop();
if (v1 == 0) {
return th.createAndThrowException("java.lang.ArithmeticException", "division by zero");
}
th.longPush(v2 % v1);
return getNext(th);
}
// the purpose of this method is to set the PCheap to the "eq null" constraint for the input
// specified w/ stringRef
public static int makeSymbolicNull(MJIEnv env, int objRef, int stringRef) {
// introduce a heap choice generator for the element in the heap
ThreadInfo ti = env.getVM().getCurrentThread();
SystemState ss = env.getVM().getSystemState();
ChoiceGenerator<?> cg;
if (!ti.isFirstStepInsn()) {
cg = new HeapChoiceGenerator(1); // new
ss.setNextChoiceGenerator(cg);
env.repeatInvocation();
return -1; // not used anyways
}
// else this is what really returns results
cg = ss.getChoiceGenerator();
assert (cg instanceof HeapChoiceGenerator) : "expected HeapChoiceGenerator, got: " + cg;
// see if there were more inputs added before
ChoiceGenerator<?> prevHeapCG = cg.getPreviousChoiceGenerator();
while (!((prevHeapCG == null) || (prevHeapCG instanceof HeapChoiceGenerator))) {
prevHeapCG = prevHeapCG.getPreviousChoiceGenerator();
}
PathCondition pcHeap;
SymbolicInputHeap symInputHeap;
if (prevHeapCG == null) {
pcHeap = new PathCondition();
symInputHeap = new SymbolicInputHeap();
} else {
pcHeap = ((HeapChoiceGenerator) prevHeapCG).getCurrentPCheap();
symInputHeap = ((HeapChoiceGenerator) prevHeapCG).getCurrentSymInputHeap();
}
String name = env.getStringObject(stringRef);
String refChain =
name + "[-1]"; // why is the type used here? should use the name of the field instead
SymbolicInteger newSymRef = new SymbolicInteger(refChain);
// create new HeapNode based on above info
// update associated symbolic input heap
pcHeap._addDet(Comparator.EQ, newSymRef, new IntegerConstant(-1));
((HeapChoiceGenerator) cg).setCurrentPCheap(pcHeap);
((HeapChoiceGenerator) cg).setCurrentSymInputHeap(symInputHeap);
// System.out.println(">>>>>>>>>>>> initial pcHeap: " + pcHeap.toString());
return -1;
}
void setExecuted(ThreadInfo ti, Instruction insn) {
int idx = ti.getId();
if (covered == null) {
covered = new BitSet[idx + 1];
} else if (idx >= covered.length) {
BitSet[] a = new BitSet[idx + 1];
System.arraycopy(covered, 0, a, 0, covered.length);
covered = a;
}
if (covered[idx] == null) {
covered[idx] = new BitSet(mi.getInstructions().length);
}
int off = insn.getInstructionIndex();
covered[idx].set(off);
if (showBranchCoverage && (insn instanceof IfInstruction)) {
if (branchTrue == null) {
branchTrue = new BitSet(mi.getInstructions().length);
branchFalse = new BitSet(branchTrue.size());
}
if (!((IfInstruction) insn).getConditionValue()) {
branchTrue.set(off);
} else {
branchFalse.set(off);
}
}
}
public Instruction execute(SystemState ss, KernelState ks, ThreadInfo ti) {
if (!ti.isFirstStepInsn()) {
InvocationCG cg = new InvocationCG("INVOKECG", invokes);
ss.setNextChoiceGenerator(cg);
return this;
} else {
InvocationCG cg = ss.getCurrentChoiceGenerator("INVOKECG", InvocationCG.class);
assert (cg != null) : "no current InvocationCG";
Invocation call = cg.getNextChoice();
MethodInfo callee = call.getMethodInfo();
InstructionFactory insnFactory = MethodInfo.getInstructionFactory();
if (callee.isStatic()) {
realInvoke = (InvokeInstruction) insnFactory.create(null, Constants.INVOKESTATIC);
} else {
realInvoke = (InvokeInstruction) insnFactory.create(null, Constants.INVOKENONVIRTUAL);
}
realInvoke.init(mi, offset, position);
realInvoke.setInvokedMethod(
callee.getClassInfo().getName(), callee.getName(), callee.getSignature());
pushArguments(ti, call.getArguments(), call.getAttrs());
return realInvoke;
}
}
void logStack(ThreadInfo ti) {
long time = System.currentTimeMillis();
if (time < nextLog) {
return;
}
nextLog = time + logPeriod;
out.println();
out.print("Thread: ");
out.print(ti.getId());
out.println(":");
out.println(ti.getStackTrace());
out.println();
}
public static void $init(MJIEnv env, int objref) {
ThreadInfo ti = env.getThreadInfo();
StackFrame caller = ti.getCallerStackFrame();
Instruction insn = caller.getPC();
InsnExecCount a = insn.getAttr(InsnExecCount.class);
if (a == null) {
a = new InsnExecCount();
insn.addAttr(a);
}
SystemState ss = env.getSystemState();
if (!ss.hasRestorer(a)) {
env.getSystemState().putRestorer(a, new InsnCountRestorer(a));
}
a.count++;
env.setIntField(objref, "id", a.count);
}
public void setSharedErrorMessage() {
StringBuilder sb = new StringBuilder("@NonShared object violation: ");
sb.append(rec.ei);
sb.append("\n\tcreated in thread: ");
sb.append(rec.tiCreate.getName());
sb.append("\n\tused in thread: ");
sb.append(tiUse.getName());
sb.append("\n\tmethod: ");
sb.append(insn.getSourceLocation());
msg = sb.toString();
}
public Instruction execute(SystemState ss, KernelState ks, ThreadInfo ti) {
Heap heap = ti.getHeap();
ClassInfo ci;
try {
ci = ClassInfo.getResolvedClassInfo(cname);
} catch (NoClassInfoException cx) {
// can be any inherited class or required interface
return ti.createAndThrowException("java.lang.NoClassDefFoundError", cx.getMessage());
}
if (!ci.isRegistered()) {
ci.registerClass(ti);
}
// since this is a NEW, we also have to pushClinit
if (!ci.isInitialized()) {
if (ci.initializeClass(ti)) {
return ti.getPC(); // reexecute this instruction once we return from the clinits
}
}
if (heap.isOutOfMemory()) { // simulate OutOfMemoryError
return ti.createAndThrowException(
"java.lang.OutOfMemoryError", "trying to allocate new " + cname);
}
int objRef = heap.newObject(ci, ti);
newObjRef = objRef;
// pushes the return value onto the stack
ti.push(objRef, true);
ss.checkGC(); // has to happen after we push the new object ref
return getNext(ti);
}
void pushArguments(ThreadInfo ti, Object[] args, Object[] attrs) {
if (args != null) {
for (int i = 0; i < args.length; i++) {
Object a = args[i];
boolean isLong = false;
if (a != null) {
if (a instanceof Ref) {
ti.push(((Ref) a).getReference(), true);
} else if (a instanceof Boolean) {
ti.push((Boolean) a ? 1 : 0, false);
} else if (a instanceof Integer) {
ti.push((Integer) a, false);
} else if (a instanceof Long) {
ti.longPush((Long) a);
isLong = true;
} else if (a instanceof Double) {
ti.longPush(Types.doubleToLong((Double) a));
isLong = true;
} else if (a instanceof Byte) {
ti.push((Byte) a, false);
} else if (a instanceof Short) {
ti.push((Short) a, false);
} else if (a instanceof Float) {
ti.push(Types.floatToInt((Float) a), false);
}
}
if (attrs != null && attrs[i] != null) {
if (isLong) {
ti.setLongOperandAttr(attrs[i]);
} else {
ti.setOperandAttr(attrs[i]);
}
}
}
}
}
boolean checkConst(Record rec, ThreadInfo ti, FieldInfo fi, Instruction insn) {
if (checkConst) {
AnnotationInfo ai = insn.getMethodInfo().getAnnotation("gov.nasa.jpf.Const");
if (ai != null) {
violation = new Violation(rec, ti, fi, insn);
violation.setConstErrorMessage();
ti.breakTransition();
return false;
}
}
return true;
}
boolean checkShared(Record rec, ThreadInfo ti, InfoObject use, Instruction insn) {
if (checkShared) {
AnnotationInfo ai = rec.ei.getClassInfo().getAnnotation("gov.nasa.jpf.NonShared");
if (ai != null && ti != rec.tiCreate) {
violation = new Violation(rec, ti, use, insn);
violation.setSharedErrorMessage();
ti.breakTransition();
return false;
}
}
return true;
}
public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
th.dup2_x2();
return getNext(th);
}
public static void makeFieldsSymbolic(MJIEnv env, int objRef, int stringRef, int objvRef) {
// makes all the fields of obj v symbolic and adds obj v to the symbolic heap to kick off lazy
// initialization
if (objvRef == -1) throw new RuntimeException("## Error: null object");
// introduce a heap choice generator for the element in the heap
ThreadInfo ti = env.getVM().getCurrentThread();
SystemState ss = env.getVM().getSystemState();
ChoiceGenerator<?> cg;
if (!ti.isFirstStepInsn()) {
cg = new HeapChoiceGenerator(1); // new
ss.setNextChoiceGenerator(cg);
env.repeatInvocation();
return; // not used anyways
}
// else this is what really returns results
cg = ss.getChoiceGenerator();
assert (cg instanceof HeapChoiceGenerator) : "expected HeapChoiceGenerator, got: " + cg;
// see if there were more inputs added before
ChoiceGenerator<?> prevHeapCG = cg.getPreviousChoiceGenerator();
while (!((prevHeapCG == null) || (prevHeapCG instanceof HeapChoiceGenerator))) {
prevHeapCG = prevHeapCG.getPreviousChoiceGenerator();
}
PathCondition pcHeap;
SymbolicInputHeap symInputHeap;
if (prevHeapCG == null) {
pcHeap = new PathCondition();
symInputHeap = new SymbolicInputHeap();
} else {
pcHeap = ((HeapChoiceGenerator) prevHeapCG).getCurrentPCheap();
symInputHeap = ((HeapChoiceGenerator) prevHeapCG).getCurrentSymInputHeap();
}
// set all the fields to be symbolic
ClassInfo ci = env.getClassInfo(objvRef);
FieldInfo[] fields = ci.getDeclaredInstanceFields();
FieldInfo[] staticFields = ci.getDeclaredStaticFields();
String name = env.getStringObject(stringRef);
String refChain =
name + "[" + objvRef
+ "]"; // why is the type used here? should use the name of the field instead
SymbolicInteger newSymRef = new SymbolicInteger(refChain);
// ElementInfo eiRef = DynamicArea.getHeap().get(objvRef);
ElementInfo eiRef = JVM.getVM().getHeap().get(objvRef);
Helper.initializeInstanceFields(fields, eiRef, refChain);
Helper.initializeStaticFields(staticFields, ci, ti);
// create new HeapNode based on above info
// update associated symbolic input heap
ClassInfo typeClassInfo = eiRef.getClassInfo();
HeapNode n = new HeapNode(objvRef, typeClassInfo, newSymRef);
symInputHeap._add(n);
pcHeap._addDet(Comparator.NE, newSymRef, new IntegerConstant(-1));
((HeapChoiceGenerator) cg).setCurrentPCheap(pcHeap);
((HeapChoiceGenerator) cg).setCurrentSymInputHeap(symInputHeap);
// System.out.println(">>>>>>>>>>>> initial pcHeap: " + pcHeap.toString());
return;
}
@Override
public Instruction execute(SystemState ss, KernelState ks, ThreadInfo ti) {
StackFrame sf = ti.getTopFrame();
IntegerExpression sym_v1 = (IntegerExpression) sf.getOperandAttr(1);
IntegerExpression sym_v2 = (IntegerExpression) sf.getOperandAttr(0);
if ((sym_v1 == null) && (sym_v2 == null)) { // both conditions are concrete
// System.out.println("Execute IF_ICMPEQ: The conditions are concrete");
return super.execute(ss, ks, ti);
} else { // at least one condition is symbolic
ChoiceGenerator<?> cg;
if (!ti.isFirstStepInsn()) { // first time around
cg = new PCChoiceGenerator(2);
ss.setNextChoiceGenerator(cg);
return this;
} else { // this is what really returns results
cg = ss.getChoiceGenerator();
assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg;
conditionValue = (Integer) cg.getNextChoice() == 0 ? false : true;
}
int v2 = ti.pop();
int v1 = ti.pop();
// System.out.println("Execute IF_ICMPEQ: "+ conditionValue);
PathCondition pc;
// pc is updated with the pc stored in the choice generator above
// get the path condition from the
// previous choice generator of the same type
ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGenerator();
while (!((prev_cg == null) || (prev_cg instanceof PCChoiceGenerator))) {
prev_cg = prev_cg.getPreviousChoiceGenerator();
}
if (prev_cg == null) pc = new PathCondition();
else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC();
assert pc != null;
if (conditionValue) {
if (sym_v1 != null) {
if (sym_v2 != null) { // both are symbolic values
pc._addDet(Comparator.EQ, sym_v1, sym_v2);
} else pc._addDet(Comparator.EQ, sym_v1, v2);
} else pc._addDet(Comparator.EQ, v1, sym_v2);
if (!pc.simplify()) { // not satisfiable
ss.setIgnored(true);
} else {
// pc.solve();
((PCChoiceGenerator) cg).setCurrentPC(pc);
// System.out.println(((PCChoiceGenerator) cg).getCurrentPC());
}
return getTarget();
} else {
if (sym_v1 != null) {
if (sym_v2 != null) { // both are symbolic values
pc._addDet(Comparator.NE, sym_v1, sym_v2);
} else pc._addDet(Comparator.NE, sym_v1, v2);
} else pc._addDet(Comparator.NE, v1, sym_v2);
if (!pc.simplify()) { // not satisfiable
ss.setIgnored(true);
} else {
// pc.solve();
((PCChoiceGenerator) cg).setCurrentPC(pc);
// System.out.println(((PCChoiceGenerator) cg).getCurrentPC());
}
return getNext(ti);
}
}
}
/** @see gov.nasa.jpf.ListenerAdapter#instructionExecuted(gov.nasa.jpf.jvm.JVM) */
public void instructionExecuted(JVM vm) {
Instruction instr = vm.getLastInstruction();
ThreadInfo ti = vm.getLastThreadInfo();
if (instr instanceof InvokeInstruction) {
InvokeInstruction invInstr = ((InvokeInstruction) instr);
String method = invInstr.toString();
// if(method.contains("Test"))
// System.out.println(method);
MethodInfo mi = ((InvokeInstruction) instr).getInvokedMethod();
if (this.traceDefFilter != null && this.traceDefFilter.accept(mi)) {
// Callee
ElementInfo calleeElement = ti.getThisElementInfo();
MethodInfo calleeMethod = invInstr.getInvokedMethod();
ClassInfo calleeClass = null;
int calleeID = -1;
if (calleeMethod.isStatic()) {
// static method: method declared in class
calleeClass = calleeMethod.getClassInfo();
// static methods do not have a instance
calleeID = -1;
} else {
// non static method: method is maybe overridden. get the current class
// instead of the class the method is declared in.
calleeClass = calleeElement.getClassInfo();
// get the current instance
calleeID = calleeElement.getThisReference();
}
assert (calleeClass != null);
// Caller
ElementInfo callerElement = ti.getElementInfo(ti.getCallerStackFrame().getThis());
if (callerElement != null) {
MethodInfo callerMethod = invInstr.getMethodInfo();
ClassInfo callerClass = null;
int callerID = -1;
if (callerMethod.isStatic()) {
// see above
callerClass = callerMethod.getClassInfo();
callerID = -1;
} else {
// see above
callerClass = callerElement.getClassInfo();
callerID = callerElement.getThisReference();
}
// Arguments
Object[] argumentValues = invInstr.getArgumentValues(ti);
Object[] arguments = new Object[argumentValues.length];
for (int i = 0; i < arguments.length; i++) {
if (this.argumentValues) {
if (argumentValues[i] instanceof ElementInfo)
arguments[i] = ((ElementInfo) argumentValues[i]).getThisReference();
else arguments[i] = argumentValues[i];
} else arguments[i] = null;
}
MethodEntry methodEntry =
new MethodEntry(
callerID,
callerMethod,
callerClass,
calleeID,
calleeMethod,
calleeClass,
arguments,
ti.getName());
this.currentStateNode.methods.add(methodEntry);
if (this.timeStamps) methodEntry.time = new Date().getTime();
}
}
}
}
public boolean popConditionValue(ThreadInfo ti) {
int v1 = ti.pop();
int v2 = ti.pop();
return (v1 == v2);
}
void log(ThreadInfo ti, String fmt, Object... args) {
out.print(ti.getId());
out.print(": ");
out.printf(fmt, args);
out.println();
}
public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
th.longPush(value);
return getNext(th);
}