diff --git a/.cirrus.yml b/.cirrus.yml index c0c113987c..04451afda4 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -6,11 +6,11 @@ task: deps_script: - sed -i.bak -e 's/quarterly/latest/' /etc/pkg/FreeBSD.conf - env ASSUME_ALWAYS_YES=yes pkg update -f - - env ASSUME_ALWAYS_YES=yes pkg install -y llvm11 gmake z3 cmake pkgconf google-perftools python3 py39-sqlite3 py39-tabulate nlohmann-json bash coreutils + - env ASSUME_ALWAYS_YES=yes pkg install -y llvm11 gmake z3 cmake pkgconf google-perftools python3 py39-sqlite3 py39-tabulate nlohmann-json bash coreutils immer build_script: - mkdir build - cd build - - cmake -DLLVM_DIR=/usr/local/llvm11 -DMAKE_BINARY=/usr/local/bin/gmake -DJSON_SRC_DIR=/usr/local -DENABLE_TCMALLOC:BOOL=true -DENABLE_POSIX_RUNTIME:BOOL=ON -DENABLE_SOLVER_Z3:BOOL=true -DENABLE_SYSTEM_TESTS:BOOL=ON .. + - cmake -DLLVM_DIR=/usr/local/llvm11 -DMAKE_BINARY=/usr/local/bin/gmake -DJSON_SRC_DIR=/usr/local -DIMMER_SRC_DIR=/usr/local -DENABLE_TCMALLOC:BOOL=true -DENABLE_POSIX_RUNTIME:BOOL=ON -DENABLE_SOLVER_Z3:BOOL=true -DENABLE_SYSTEM_TESTS:BOOL=ON .. - gmake test_script: - sed -i.bak -e 's/lit\./lit11\./' test/lit.cfg diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 931f831a74..ac8af32d3b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -11,6 +11,7 @@ on: env: BASE_IMAGE: ubuntu:jammy-20230126 REPOSITORY: ghcr.io/klee + BUILD_SUFFIX: "default" COVERAGE: 0 DISABLE_ASSERTIONS: 0 ENABLE_DOXYGEN: 0 @@ -31,6 +32,7 @@ env: SQLITE_VERSION: 3400100 BITWUZLA_VERSION: 0.3.1 JSON_VERSION: v3.11.3 + IMMER_VERSION: v0.8.1 jobs: Linux: diff --git a/CMakeLists.txt b/CMakeLists.txt index 6f6dedd689..1579516990 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -681,6 +681,7 @@ configure_file(${CMAKE_SOURCE_DIR}/include/klee/Config/CompileTimeInfo.h.cmin include_directories("${CMAKE_BINARY_DIR}/include") include_directories("${CMAKE_SOURCE_DIR}/include") include_directories("${JSON_SRC_DIR}/include") +include_directories("${IMMER_SRC_DIR}") # set(KLEE_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/include ${CMAKE_BINARY_DIR}/include) ################################################################################ diff --git a/Dockerfile b/Dockerfile index 52fc4fc719..e4d87f0fe9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,7 @@ COPY --from=sqlite3_base /tmp /tmp/ ENV COVERAGE=0 ENV USE_TCMALLOC=1 ENV BASE=/tmp +ENV BUILD_SUFFIX="default" ENV LLVM_VERSION=13.0 ENV ENABLE_DOXYGEN=1 ENV ENABLE_OPTIMIZED=1 @@ -35,6 +36,7 @@ ENV USE_LIBCXX=1 ENV KLEE_RUNTIME_BUILD="Debug+Asserts" ENV SQLITE_VERSION=3400100 ENV JSON_VERSION=v3.11.3 +ENV IMMER_VERSION=v0.8.1 LABEL maintainer="KLEE Developers" # TODO remove adding sudo package @@ -71,4 +73,4 @@ ENV LD_LIBRARY_PATH /home/klee/klee_build/lib/ RUN /bin/bash -c 'ln -s ${BASE}/klee_src /home/klee/ && ln -s ${BASE}/klee_build* /home/klee/klee_build' # TODO Remove when STP is fixed -RUN /bin/bash -c 'echo "export LD_LIBRARY_PATH=$(cd ${BASE}/metaSMT-*-deps/stp-git-basic/lib/ && pwd):$LD_LIBRARY_PATH" >> /home/klee/.bashrc' \ No newline at end of file +RUN /bin/bash -c 'echo "export LD_LIBRARY_PATH=$(cd ${BASE}/metaSMT-*-deps/stp-git-basic/lib/ && pwd):$LD_LIBRARY_PATH" >> /home/klee/.bashrc' diff --git a/build.sh b/build.sh index 6878b06a10..fa26148326 100755 --- a/build.sh +++ b/build.sh @@ -5,6 +5,7 @@ # Base folder where dependencies and KLEE itself are installed BASE=$HOME/klee_build +BUILD_SUFFIX="Release" ## KLEE Required options # Build type for KLEE. The options are: @@ -14,8 +15,7 @@ BASE=$HOME/klee_build # Release+Debug+Asserts # Debug # Debug+Asserts -# KLEE_RUNTIME_BUILD="Debug+Asserts" -KLEE_RUNTIME_BUILD="Release" # "Debug+Asserts" +KLEE_RUNTIME_BUILD="Release" COVERAGE=0 ENABLE_DOXYGEN=0 @@ -25,7 +25,6 @@ USE_LIBCXX=1 # Also required despite not being mentioned in the guide SQLITE_VERSION="3400100" - ## LLVM Required options LLVM_VERSION=14 ENABLE_OPTIMIZED=1 @@ -43,6 +42,9 @@ GTEST_VERSION=1.11.0 ## json options JSON_VERSION=v3.11.3 +## immer options +IMMER_VERSION=v0.8.1 + ## UClibC Required options UCLIBC_VERSION=klee_uclibc_v1.3 # LLVM_VERSION is also required for UClibC @@ -55,4 +57,17 @@ MINISAT_VERSION=master BITWUZLA_VERSION=0.3.1 -BASE="$BASE" KLEE_RUNTIME_BUILD=$KLEE_RUNTIME_BUILD COVERAGE=$COVERAGE ENABLE_DOXYGEN=$ENABLE_DOXYGEN USE_TCMALLOC=$USE_TCMALLOC USE_LIBCXX=$USE_LIBCXX LLVM_VERSION=$LLVM_VERSION ENABLE_OPTIMIZED=$ENABLE_OPTIMIZED ENABLE_DEBUG=$ENABLE_DEBUG DISABLE_ASSERTIONS=$DISABLE_ASSERTIONS REQUIRES_RTTI=$REQUIRES_RTTI SOLVERS=$SOLVERS GTEST_VERSION=$GTEST_VERSION UCLIBC_VERSION=$UCLIBC_VERSION STP_VERSION=$STP_VERSION MINISAT_VERSION=$MINISAT_VERSION Z3_VERSION=$Z3_VERSION BITWUZLA_VERSION=$BITWUZLA_VERSION SQLITE_VERSION=$SQLITE_VERSION JSON_VERSION=$JSON_VERSION ./scripts/build/build.sh klee --install-system-deps +KEEP_PARSE="true" +while [ $KEEP_PARSE = "true" ]; do +if [ "$1" = "--debug" ] || [ "$1" = "-g" ]; then + BUILD_SUFFIX="Debug" + ENABLE_OPTIMIZED=0 + ENABLE_DEBUG=1 + KLEE_RUNTIME_BUILD="Debug+Asserts" + shift 1 +else + KEEP_PARSE="false" +fi +done + +BASE="$BASE" BUILD_SUFFIX="$BUILD_SUFFIX" KLEE_RUNTIME_BUILD=$KLEE_RUNTIME_BUILD COVERAGE=$COVERAGE ENABLE_DOXYGEN=$ENABLE_DOXYGEN USE_TCMALLOC=$USE_TCMALLOC USE_LIBCXX=$USE_LIBCXX LLVM_VERSION=$LLVM_VERSION ENABLE_OPTIMIZED=$ENABLE_OPTIMIZED ENABLE_DEBUG=$ENABLE_DEBUG DISABLE_ASSERTIONS=$DISABLE_ASSERTIONS REQUIRES_RTTI=$REQUIRES_RTTI SOLVERS=$SOLVERS GTEST_VERSION=$GTEST_VERSION UCLIBC_VERSION=$UCLIBC_VERSION STP_VERSION=$STP_VERSION MINISAT_VERSION=$MINISAT_VERSION Z3_VERSION=$Z3_VERSION BITWUZLA_VERSION=$BITWUZLA_VERSION SQLITE_VERSION=$SQLITE_VERSION JSON_VERSION=$JSON_VERSION IMMER_VERSION=$IMMER_VERSION SANITIZER_BUILD=$SANITIZER_BUILD SANITIZER_LLVM_VERSION=$SANITIZER_LLVM_VERSION ./scripts/build/build.sh klee --install-system-deps diff --git a/configs/options.json b/configs/options.json index e89988448a..3c48664ba9 100644 --- a/configs/options.json +++ b/configs/options.json @@ -29,7 +29,7 @@ "--output-istats=false", "--output-stats=false", "--max-time=${maxTime}s", - "--max-sym-alloc=${maxSymAlloc}", + "--max-sym-size-alloc=${maxSymAlloc}", "--max-forks=${maxForks}", "--max-solver-time=${maxSolverTime}s", "--smart-resolve-entry-function", diff --git a/include/klee/ADT/DisjointSetUnion.h b/include/klee/ADT/DisjointSetUnion.h index 9a3673af64..eb7a363576 100644 --- a/include/klee/ADT/DisjointSetUnion.h +++ b/include/klee/ADT/DisjointSetUnion.h @@ -32,7 +32,7 @@ class DisjointSetUnion { using internal_storage_ty = std::unordered_set; using disjoint_sets_ty = std::unordered_map, HASH, PRED>; - using iterator = typename internal_storage_ty::iterator; + using iterator = typename internal_storage_ty::const_iterator; protected: std::unordered_map parent; diff --git a/include/klee/ADT/FixedSizeStorageAdapter.h b/include/klee/ADT/FixedSizeStorageAdapter.h new file mode 100644 index 0000000000..82b512fda6 --- /dev/null +++ b/include/klee/ADT/FixedSizeStorageAdapter.h @@ -0,0 +1,312 @@ +#ifndef KLEE_FIXEDSIZESTORAGEADAPTER_H +#define KLEE_FIXEDSIZESTORAGEADAPTER_H + +#ifndef IMMER_NO_EXCEPTIONS +#define IMMER_NO_EXCEPTIONS +#endif /* IMMER_NO_EXCEPTIONS */ + +#include +#include + +#include +#include + +namespace llvm { +class raw_ostream; +}; + +namespace klee { + +enum class FixedSizeStorageIteratorKind { Array, Vector, PersistentVector }; + +template struct VectorAdapterIterator { + using storage_ty = std::vector; + using value_ty = ValueType; + typename storage_ty::const_iterator it; + VectorAdapterIterator(typename storage_ty::const_iterator it) : it(it) {} + VectorAdapterIterator &operator++() { + ++it; + return *this; + } + value_ty operator*() { return *it; } + bool operator!=(const VectorAdapterIterator &other) const { + return other.it != it; + } +}; + +template struct PersistentVectorAdapterIterator { + using storage_ty = immer::vector_transient; + using value_ty = ValueType; + typename storage_ty::iterator it; + PersistentVectorAdapterIterator(typename storage_ty::iterator it) : it(it) {} + PersistentVectorAdapterIterator &operator++() { + ++it; + return *this; + } + value_ty operator*() { return *it; } + bool operator!=(const PersistentVectorAdapterIterator &other) const { + return other.it != it; + } +}; + +template struct ArrayAdapterIterator { + using storage_ty = ValueType *; + using value_ty = ValueType; + storage_ty it; + +public: + ArrayAdapterIterator(storage_ty it) : it(it) {} + ArrayAdapterIterator &operator++() { + ++it; + return *this; + } + value_ty operator*() { return *it; } + bool operator!=(const ArrayAdapterIterator &other) const { + return other.it != it; + } +}; + +template union FixedSizeStorageIterator { + VectorAdapterIterator vaIt; + PersistentVectorAdapterIterator pvaIt; + ArrayAdapterIterator aaIt; + ~FixedSizeStorageIterator() {} + FixedSizeStorageIterator(const VectorAdapterIterator &other) + : vaIt(other) {} + FixedSizeStorageIterator( + const PersistentVectorAdapterIterator &other) + : pvaIt(other) {} + FixedSizeStorageIterator(const ArrayAdapterIterator &other) + : aaIt(other) {} +}; + +template struct FixedSizeStorageAdapter { + using value_ty = ValueType; + class iterator { + FixedSizeStorageIteratorKind kind; + FixedSizeStorageIterator impl; + + public: + iterator(const VectorAdapterIterator &impl) + : kind(FixedSizeStorageIteratorKind::Vector), impl(impl) {} + iterator(const PersistentVectorAdapterIterator &impl) + : kind(FixedSizeStorageIteratorKind::PersistentVector), impl(impl) {} + iterator(const ArrayAdapterIterator &impl) + : kind(FixedSizeStorageIteratorKind::Array), impl(impl) {} + iterator(iterator const &right) : kind(right.kind) { + switch (kind) { + case klee::FixedSizeStorageIteratorKind::Vector: { + impl.vaIt = right.impl.vaIt; + break; + } + case klee::FixedSizeStorageIteratorKind::PersistentVector: { + impl.pvaIt = right.impl.pvaIt; + break; + } + case klee::FixedSizeStorageIteratorKind::Array: { + impl.aaIt = right.impl.aaIt; + break; + } + default: + assert(0 && "unhandled iterator kind"); + } + } + ~iterator() { + switch (kind) { + case klee::FixedSizeStorageIteratorKind::Vector: { + impl.vaIt.~VectorAdapterIterator(); + break; + } + case klee::FixedSizeStorageIteratorKind::PersistentVector: { + impl.pvaIt.~PersistentVectorAdapterIterator(); + break; + } + case klee::FixedSizeStorageIteratorKind::Array: { + impl.aaIt.~ArrayAdapterIterator(); + break; + } + default: + assert(0 && "unhandled iterator kind"); + } + } + + // forward operators to virtual calls through impl. + iterator &operator++() { + switch (kind) { + case klee::FixedSizeStorageIteratorKind::Vector: { + ++impl.vaIt; + break; + } + case klee::FixedSizeStorageIteratorKind::PersistentVector: { + ++impl.pvaIt; + break; + } + case klee::FixedSizeStorageIteratorKind::Array: { + ++impl.aaIt; + break; + } + default: + assert(0 && "unhandled iterator kind"); + } + return *this; + } + value_ty operator*() { + switch (kind) { + case klee::FixedSizeStorageIteratorKind::Vector: { + return *impl.vaIt; + } + case klee::FixedSizeStorageIteratorKind::PersistentVector: { + return *impl.pvaIt; + } + case klee::FixedSizeStorageIteratorKind::Array: { + return *impl.aaIt; + } + default: + assert(0 && "unhandled iterator kind"); + } + } + bool operator!=(const iterator &other) const { + switch (kind) { + case klee::FixedSizeStorageIteratorKind::Vector: { + return impl.vaIt != other.impl.vaIt; + } + case klee::FixedSizeStorageIteratorKind::PersistentVector: { + return impl.pvaIt != other.impl.pvaIt; + } + case klee::FixedSizeStorageIteratorKind::Array: { + return impl.aaIt != other.impl.aaIt; + } + default: + assert(0 && "unhandled iterator kind"); + } + } + }; + + virtual ~FixedSizeStorageAdapter() = default; + virtual iterator begin() const = 0; + virtual iterator end() const = 0; + virtual bool empty() const = 0; + virtual void set(size_t key, const ValueType &value) = 0; + virtual const value_ty &at(size_t key) const = 0; + virtual size_t size() const = 0; + virtual FixedSizeStorageAdapter *clone() const = 0; + const value_ty &operator[](const size_t &index) const { return at(index); } +}; + +template +struct VectorAdapter : public FixedSizeStorageAdapter { +public: + using storage_ty = std::vector; + using base_ty = FixedSizeStorageAdapter; + using iterator = typename base_ty::iterator; + + VectorAdapter(size_t storageSize) { storage = storage_ty(storageSize); } + VectorAdapter(const VectorAdapter &va) : storage(va.storage) {} + storage_ty storage; + iterator begin() const override { + return iterator(VectorAdapterIterator(storage.begin())); + } + iterator end() const override { + return iterator(VectorAdapterIterator(storage.end())); + } + bool empty() const override { return storage.empty(); } + void set(size_t key, const ValueType &value) override { + storage[key] = value; + } + const ValueType &at(size_t key) const override { return storage.at(key); } + size_t size() const override { return storage.size(); } + FixedSizeStorageAdapter *clone() const override { + return new VectorAdapter(*this); + } +}; + +template +struct PersistentVectorAdapter : public FixedSizeStorageAdapter { +public: + using storage_ty = immer::vector_transient; + using storage_persistent_ty = immer::vector; + using base_ty = FixedSizeStorageAdapter; + using iterator = typename base_ty::iterator; + + PersistentVectorAdapter(size_t storageSize) { + storage = storage_persistent_ty(storageSize).transient(); + } + PersistentVectorAdapter(const PersistentVectorAdapter &va) + : storage(va.storage.persistent().transient()) {} + PersistentVectorAdapter &operator=(const PersistentVectorAdapter &b) { + storage = b.storage.persistent().transient(); + return *this; + } + mutable storage_ty storage; + iterator begin() const override { + return iterator( + PersistentVectorAdapterIterator(storage.begin())); + } + iterator end() const override { + return iterator(PersistentVectorAdapterIterator(storage.end())); + } + bool empty() const override { return storage.empty(); } + void set(size_t key, const ValueType &value) override { + storage.set(key, value); + } + const ValueType &at(size_t key) const override { return storage.at(key); } + size_t size() const override { return storage.size(); } + FixedSizeStorageAdapter *clone() const override { + return new PersistentVectorAdapter(*this); + } +}; + +template +struct ArrayAdapter : public FixedSizeStorageAdapter { + using storage_ty = ValueType *; + using base_ty = FixedSizeStorageAdapter; + using iterator = typename base_ty::iterator; + + storage_ty storage; + size_t storageSize; + ArrayAdapter(size_t storageSize) : storageSize(storageSize) { + storage = new ValueType[storageSize]; + clear(); + } + ArrayAdapter(const ArrayAdapter &pa) + : storageSize(pa.storageSize) { + storage = new ValueType[storageSize]; + for (size_t i = 0; i < storageSize; ++i) { + set(i, pa.at(i)); + } + } + ArrayAdapter &operator=(const ArrayAdapter &pa) { + storageSize = pa.storageSize; + delete[] storage; + storage = new ValueType[storageSize]; + for (size_t i = 0; i < storageSize; ++i) { + set(i, pa.at(i)); + } + return *this; + } + ~ArrayAdapter() override { delete[] storage; } + iterator begin() const override { + return ArrayAdapterIterator(storage); + } + iterator end() const override { + return ArrayAdapterIterator(storage + storageSize); + } + bool empty() const override { return storageSize == 0; } + void set(size_t key, const ValueType &value) override { + storage[key] = value; + } + const ValueType &at(size_t key) const override { return storage[key]; } + void clear() { + for (size_t i = 0; i < storageSize; ++i) { + set(i, ValueType()); + } + } + size_t size() const override { return storageSize; } + FixedSizeStorageAdapter *clone() const override { + return new ArrayAdapter(*this); + } +}; + +} // namespace klee + +#endif diff --git a/include/klee/ADT/KTest.h b/include/klee/ADT/KTest.h index d4c08d640d..6c92e8b62b 100644 --- a/include/klee/ADT/KTest.h +++ b/include/klee/ADT/KTest.h @@ -18,9 +18,9 @@ extern "C" { typedef struct Pointer Pointer; struct Pointer { - unsigned offset; - unsigned index; - unsigned indexOffset; + uint64_t offset; + uint64_t index; + uint64_t indexOffset; }; typedef struct KTestObject KTestObject; diff --git a/include/klee/ADT/PersistentHashMap.h b/include/klee/ADT/PersistentHashMap.h new file mode 100644 index 0000000000..f0554e8953 --- /dev/null +++ b/include/klee/ADT/PersistentHashMap.h @@ -0,0 +1,73 @@ +//===-- PersistentHashMap.h -------------------------------------*- C++ -*-===// +// +// The KLEE Symbolic Virtual Machine +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +#ifndef KLEE_PRESISTENTHASHMAP_H +#define KLEE_PRESISTENTHASHMAP_H + +#ifndef IMMER_NO_EXCEPTIONS +#define IMMER_NO_EXCEPTIONS +#endif /* IMMER_NO_EXCEPTIONS */ + +#include +#include + +namespace klee { + +template , + class EQUAL = std::equal_to> +class PersistentHashMap { +public: + typedef immer::map_transient Map; + typedef typename Map::iterator iterator; + typedef K key_type; + typedef std::pair value_type; + +private: + mutable Map elts; + + PersistentHashMap(const Map &b) : elts(b.persistent().transient()) {} + +public: + PersistentHashMap() = default; + PersistentHashMap(const PersistentHashMap &b) { + elts = b.elts.persistent().transient(); + } + ~PersistentHashMap() = default; + + PersistentHashMap &operator=(const PersistentHashMap &b) { + elts = b.elts.persistent().transient(); + return *this; + } + bool operator==(const PersistentHashMap &b) const { return elts == b.elts; } + bool operator<(const PersistentHashMap &b) const { return elts < b.elts; } + + bool empty() const { return elts.empty(); } + size_t count(const key_type &key) const { return elts.count(key); } + const D *lookup(const key_type &key) const { return elts.find(key); } + size_t size() const { return elts.size(); } + + void insert(const value_type &value) { + if (!lookup(value.first)) { + elts.insert(value); + } + } + void replace(const value_type &value) { elts.insert(value); } + void remove(const key_type &key) { elts.erase(key); } + + iterator begin() const { return elts.begin(); } + iterator end() const { return elts.end(); } + + const D &at(const key_type &key) const { return elts.at(key); } + const D &operator[](const key_type &key) { return at(key); } + + void clear() { elts = Map(); } +}; +} // namespace klee + +#endif /* KLEE_PRESISTENTHASHMAP_H */ diff --git a/include/klee/ADT/PersistentVector.h b/include/klee/ADT/PersistentVector.h new file mode 100644 index 0000000000..935b3fd6bb --- /dev/null +++ b/include/klee/ADT/PersistentVector.h @@ -0,0 +1,66 @@ +//===-- PersistentVector.h --------------------------------------*- C++ -*-===// +// +// The KLEE Symbolic Virtual Machine +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +#ifndef KLEE_PRESISTENTVECTOR_H +#define KLEE_PRESISTENTVECTOR_H + +#ifndef IMMER_NO_EXCEPTIONS +#define IMMER_NO_EXCEPTIONS +#endif /* IMMER_NO_EXCEPTIONS */ + +#include + +namespace klee { + +template class PersistentVector { +public: + using Vector = immer::vector; + using iterator = typename Vector::iterator; + using value_type = T; + +private: + Vector elts; + + PersistentVector(const Vector &b) : elts(b) {} + +public: + PersistentVector() = default; + PersistentVector(const PersistentVector &b) : elts(b.elts) {} + ~PersistentVector() = default; + + PersistentVector &operator=(const PersistentVector &b) { + elts = b.elts; + return *this; + } + + bool operator==(const PersistentVector &b) const { return elts == b.elts; } + bool operator!=(const PersistentVector &other) const { + return !(*this == other); + } + bool empty() const { return elts.empty(); } + size_t size() const { return elts.size(); } + + void set(size_t index, const value_type &value) { + elts = elts.set(index, value); + } + void reset(size_t n) { elts = Vector(n); } + void push_back(const value_type &value) { elts = elts.push_back(value); } + const value_type &back() const { return elts.back(); } + const value_type &front() const { return elts.front(); } + const value_type &operator[](const size_t &index) const { + return elts[index]; + } + const value_type &at(const size_t &index) const { return elts[index]; } + + iterator begin() const { return elts.begin(); } + iterator end() const { return elts.end(); } +}; +} // namespace klee + +#endif /* KLEE_PRESISTENTVECTOR_H */ diff --git a/include/klee/ADT/SparseStorage.h b/include/klee/ADT/SparseStorage.h index a78df85770..0ed61b69ea 100644 --- a/include/klee/ADT/SparseStorage.h +++ b/include/klee/ADT/SparseStorage.h @@ -1,10 +1,19 @@ #ifndef KLEE_SPARSESTORAGE_H #define KLEE_SPARSESTORAGE_H -#include +#include "klee/ADT/StorageAdapter.h" + +#ifndef IMMER_NO_EXCEPTIONS +#define IMMER_NO_EXCEPTIONS +#endif /* IMMER_NO_EXCEPTIONS */ + +#include +#include + +#include + #include #include -#include #include #include #include @@ -14,7 +23,6 @@ class raw_ostream; }; namespace klee { - enum class Density { Sparse, Dense, @@ -22,40 +30,16 @@ enum class Density { template > class SparseStorage { -private: - std::unordered_map internalStorage; +protected: ValueType defaultValue; - Eq eq; - bool contains(size_t key) const { return internalStorage.count(key) != 0; } - -public: SparseStorage(const ValueType &defaultValue = ValueType()) : defaultValue(defaultValue) {} - SparseStorage(const std::unordered_map &internalStorage, - const ValueType &defaultValue) - : defaultValue(defaultValue) { - for (auto &[index, value] : internalStorage) { - store(index, value); - } - } - - SparseStorage(const std::vector &values, - const ValueType &defaultValue = ValueType()) - : defaultValue(defaultValue) { - for (size_t idx = 0; idx < values.size(); ++idx) { - store(idx, values[idx]); - } - } +public: + virtual ~SparseStorage() = default; - void store(size_t idx, const ValueType &value) { - if (eq(value, defaultValue)) { - internalStorage.erase(idx); - } else { - internalStorage[idx] = value; - } - } + virtual void store(size_t idx, const ValueType &value) = 0; template void store(size_t idx, InputIterator iteratorBegin, @@ -65,24 +49,15 @@ class SparseStorage { } } - ValueType load(size_t idx) const { - auto it = internalStorage.find(idx); - return it != internalStorage.end() ? it->second : defaultValue; - } + virtual ValueType load(size_t idx) const = 0; - size_t sizeOfSetRange() const { - size_t sizeOfRange = 0; - for (auto i : internalStorage) { - sizeOfRange = std::max(i.first, sizeOfRange); - } - return internalStorage.empty() ? 0 : sizeOfRange + 1; - } + virtual size_t sizeOfSetRange() const = 0; - bool operator==(const SparseStorage &another) const { - return eq(defaultValue, another.defaultValue) && compare(another) == 0; + bool operator==(const SparseStorage &another) const { + return Eq()(defaultValue, another.defaultValue) && compare(another) == 0; } - bool operator!=(const SparseStorage &another) const { + bool operator!=(const SparseStorage &another) const { return !(*this == another); } @@ -94,7 +69,7 @@ class SparseStorage { return compare(another) == 1; } - int compare(const SparseStorage &other) const { + int compare(const SparseStorage &other) const { auto ordered = calculateOrderedStorage(); auto otherOrdered = other.calculateOrderedStorage(); @@ -105,7 +80,95 @@ class SparseStorage { } } - std::map calculateOrderedStorage() const { + virtual std::map calculateOrderedStorage() const = 0; + + virtual std::vector getFirstNIndexes(size_t n) const = 0; + + virtual const StorageAdapter &storage() const = 0; + + const ValueType &defaultV() const { return defaultValue; }; + + virtual void reset() = 0; + + void reset(ValueType newDefault) { + defaultValue = newDefault; + reset(); + } + + void print(llvm::raw_ostream &os, Density) const; + void dump() const { print(llvm::errs(), Density::Sparse); } + + virtual SparseStorage *clone() const = 0; +}; + +template , + typename InternalStorageAdapter = UnorderedMapAdapder, + typename Constructor = typename InternalStorageAdapter::constructor> +class SparseStorageImpl : public SparseStorage { +private: + Constructor alloc; + InternalStorageAdapter internalStorage; + +public: + SparseStorageImpl(const ValueType &defaultValue = ValueType(), + const Constructor &alloc = Constructor()) + : SparseStorage(defaultValue), alloc(alloc), + internalStorage(alloc(defaultValue)) { + static_assert( + std::is_base_of, + InternalStorageAdapter>::value, + "type parameter of this class must derive from StorageAdapter"); + } + + SparseStorageImpl( + const std::unordered_map &internalStorage, + const ValueType &defaultValue = ValueType(), + const Constructor &alloc = Constructor()) + : SparseStorageImpl(defaultValue, alloc) { + for (const auto &[index, value] : internalStorage) { + store(index, value); + } + } + + SparseStorageImpl(const std::vector &values, + const ValueType &defaultValue = ValueType(), + const Constructor &alloc = Constructor()) + : SparseStorageImpl(defaultValue, alloc) { + for (size_t idx = 0; idx < values.size(); ++idx) { + store(idx, values[idx]); + } + } + + void store(size_t idx, const ValueType &value) override { + if (Eq()(value, SparseStorage::defaultValue)) { + internalStorage.remove(idx); + } else { + internalStorage.set(idx, value); + } + } + + template + void store(size_t idx, InputIterator iteratorBegin, + InputIterator iteratorEnd) { + for (; iteratorBegin != iteratorEnd; ++iteratorBegin, ++idx) { + store(idx, *iteratorBegin); + } + } + + ValueType load(size_t idx) const override { + auto it = internalStorage.lookup(idx); + return it ? *it : SparseStorage::defaultValue; + } + + size_t sizeOfSetRange() const override { + size_t sizeOfRange = 0; + for (auto i : internalStorage) { + sizeOfRange = std::max(i.first, sizeOfRange); + } + return internalStorage.empty() ? 0 : sizeOfRange + 1; + } + + std::map calculateOrderedStorage() const override { std::map ordered; for (const auto &i : internalStorage) { ordered.insert(i); @@ -113,7 +176,7 @@ class SparseStorage { return ordered; } - std::vector getFirstNIndexes(size_t n) const { + std::vector getFirstNIndexes(size_t n) const override { std::vector vectorized(n); for (size_t i = 0; i < n; i++) { vectorized[i] = load(i); @@ -121,32 +184,26 @@ class SparseStorage { return vectorized; } - const std::unordered_map &storage() const { + const InternalStorageAdapter &storage() const override { return internalStorage; }; - const ValueType &defaultV() const { return defaultValue; }; - - void reset() { internalStorage.clear(); } + void reset() override { + internalStorage = alloc(SparseStorage::defaultValue); + } void reset(ValueType newDefault) { - defaultValue = newDefault; + SparseStorage::defaultValue = newDefault; reset(); } void print(llvm::raw_ostream &os, Density) const; + void dump() const { print(llvm::errs(), Density::Sparse); } + SparseStorage *clone() const override { + return new SparseStorageImpl(*this); + } }; -template -SparseStorage sparseBytesFromValue(const U &value) { - const unsigned char *valueUnsignedCharIterator = - reinterpret_cast(&value); - SparseStorage result; - result.store(0, valueUnsignedCharIterator, - valueUnsignedCharIterator + sizeof(value)); - return result; -} - } // namespace klee #endif diff --git a/include/klee/ADT/StorageAdapter.h b/include/klee/ADT/StorageAdapter.h new file mode 100644 index 0000000000..a1315af682 --- /dev/null +++ b/include/klee/ADT/StorageAdapter.h @@ -0,0 +1,400 @@ +#ifndef KLEE_STORAGEADAPTER_H +#define KLEE_STORAGEADAPTER_H + +#include "klee/ADT/PersistentHashMap.h" + +#ifndef IMMER_NO_EXCEPTIONS +#define IMMER_NO_EXCEPTIONS +#endif /* IMMER_NO_EXCEPTIONS */ + +#include +#include + +#include +#include +#include + +namespace llvm { +class raw_ostream; +}; + +namespace klee { +enum class StorageIteratorKind { UMap, PersistentUMap, SparseArray }; + +template struct UnorderedMapAdapterIterator { + using storage_ty = std::unordered_map; + using value_ty = std::pair; + typename storage_ty::const_iterator it; + UnorderedMapAdapterIterator(typename storage_ty::const_iterator it) + : it(it) {} + UnorderedMapAdapterIterator &operator++() { + ++it; + return *this; + } + value_ty operator*() { return *it; } + bool operator!=(const UnorderedMapAdapterIterator &other) const { + return other.it != it; + } +}; + +template struct PersistentMapAdapterIterator { + using storage_ty = PersistentHashMap; + using value_ty = std::pair; + typename storage_ty::iterator it; + PersistentMapAdapterIterator(typename storage_ty::iterator it) : it(it) {} + PersistentMapAdapterIterator &operator++() { + ++it; + return *this; + } + value_ty operator*() { return *it; } + bool operator!=(const PersistentMapAdapterIterator &other) const { + return other.it != it; + } +}; + +template > +struct SparseArrayAdapterIterator { + using storage_ty = ValueType *; + using value_ty = std::pair; + storage_ty it; + size_t index; + size_t size; + size_t nonDefaultValuesCount; + ValueType defaultValue; + +public: + SparseArrayAdapterIterator(storage_ty _it, size_t _index, size_t _size, + size_t _nonDefaultValuesCount, + const ValueType &_defaultValue) + : it(_it), index(_index), size(_size), + nonDefaultValuesCount(_nonDefaultValuesCount), + defaultValue(_defaultValue) { + if (nonDefaultValuesCount < size) { + while (index < size && Eq()(*it, defaultValue)) { + ++it; + ++index; + } + } + } + SparseArrayAdapterIterator &operator++() { + ++it; + ++index; + if (nonDefaultValuesCount < size) { + while (index < size && Eq()(*it, defaultValue)) { + ++it; + ++index; + } + } + return *this; + } + value_ty operator*() { return {index, *it}; } + bool operator!=(const SparseArrayAdapterIterator &other) const { + return other.it != it || other.index != index; + } + SparseArrayAdapterIterator(storage_ty it) : it(it) {} +}; + +template > +union StorageIterator { + UnorderedMapAdapterIterator umaIt; + PersistentMapAdapterIterator pumaIt; + SparseArrayAdapterIterator saaIt; + ~StorageIterator() {} + StorageIterator(const UnorderedMapAdapterIterator &other) + : umaIt(other) {} + StorageIterator(const PersistentMapAdapterIterator &other) + : pumaIt(other) {} + StorageIterator(const SparseArrayAdapterIterator &other) + : saaIt(other) {} +}; + +template > +struct StorageAdapter { + using value_ty = std::pair; + virtual ~StorageAdapter() = default; + class iterator { + StorageIteratorKind kind; + StorageIterator impl; + + public: + iterator(const UnorderedMapAdapterIterator &impl) + : kind(StorageIteratorKind::UMap), impl(impl) {} + iterator(const PersistentMapAdapterIterator &impl) + : kind(StorageIteratorKind::PersistentUMap), impl(impl) {} + iterator(const SparseArrayAdapterIterator &impl) + : kind(StorageIteratorKind::SparseArray), impl(impl) {} + iterator(iterator const &right) : kind(right.kind) { + switch (kind) { + case klee::StorageIteratorKind::UMap: { + impl.umaIt = right.impl.umaIt; + break; + } + case klee::StorageIteratorKind::PersistentUMap: { + impl.pumaIt = right.impl.pumaIt; + break; + } + case klee::StorageIteratorKind::SparseArray: { + impl.saaIt = right.impl.saaIt; + break; + } + default: + assert(0 && "unhandled iterator kind"); + } + } + ~iterator() { + switch (kind) { + case klee::StorageIteratorKind::UMap: { + impl.umaIt.~UnorderedMapAdapterIterator(); + break; + } + case klee::StorageIteratorKind::PersistentUMap: { + impl.pumaIt.~PersistentMapAdapterIterator(); + break; + } + case klee::StorageIteratorKind::SparseArray: { + impl.saaIt.~SparseArrayAdapterIterator(); + break; + } + default: + assert(0 && "unhandled iterator kind"); + } + } + + // forward operators to virtual calls through impl. + iterator &operator++() { + switch (kind) { + case klee::StorageIteratorKind::UMap: { + ++impl.umaIt; + break; + } + case klee::StorageIteratorKind::PersistentUMap: { + ++impl.pumaIt; + break; + } + case klee::StorageIteratorKind::SparseArray: { + ++impl.saaIt; + break; + } + default: + assert(0 && "unhandled iterator kind"); + } + return *this; + } + value_ty operator*() { + switch (kind) { + case klee::StorageIteratorKind::UMap: { + return *impl.umaIt; + } + case klee::StorageIteratorKind::PersistentUMap: { + return *impl.pumaIt; + } + case klee::StorageIteratorKind::SparseArray: { + return *impl.saaIt; + } + default: + assert(0 && "unhandled iterator kind"); + } + } + bool operator!=(const iterator &other) const { + switch (kind) { + case klee::StorageIteratorKind::UMap: { + return impl.umaIt != other.impl.umaIt; + } + case klee::StorageIteratorKind::PersistentUMap: { + return impl.pumaIt != other.impl.pumaIt; + } + case klee::StorageIteratorKind::SparseArray: { + return impl.saaIt != other.impl.saaIt; + } + default: + assert(0 && "unhandled iterator kind"); + } + } + }; + + virtual bool contains(size_t key) const = 0; + virtual iterator begin() const = 0; + virtual iterator end() const = 0; + virtual const ValueType *lookup(size_t key) const = 0; + virtual bool empty() const = 0; + virtual void set(size_t key, const ValueType &value) = 0; + virtual void remove(size_t key) = 0; + virtual const ValueType &at(size_t key) const = 0; + virtual void clear() = 0; + virtual size_t size() const = 0; +}; + +template > +struct UnorderedMapAdapder : public StorageAdapter { +public: + using storage_ty = std::unordered_map; + using base_ty = StorageAdapter; + using iterator = typename base_ty::iterator; + struct constructor { + UnorderedMapAdapder operator()(const ValueType &) const { + return UnorderedMapAdapder(); + } + }; + +private: + storage_ty storage; + +public: + UnorderedMapAdapder() = default; + bool contains(size_t key) const override { return storage.count(key) != 0; } + iterator begin() const override { + return iterator(UnorderedMapAdapterIterator(storage.begin())); + } + iterator end() const override { + return iterator(UnorderedMapAdapterIterator(storage.end())); + } + const ValueType *lookup(size_t key) const override { + auto it = storage.find(key); + if (it != storage.end()) { + return &it->second; + } + return nullptr; + } + bool empty() const override { return storage.empty(); } + void set(size_t key, const ValueType &value) override { + storage[key] = value; + } + void remove(size_t key) override { storage.erase(key); } + const ValueType &at(size_t key) const override { return storage.at(key); } + void clear() override { storage.clear(); } + size_t size() const override { return storage.size(); } +}; + +template > +struct PersistenUnorderedMapAdapder : public StorageAdapter { + using storage_ty = PersistentHashMap; + using base_ty = StorageAdapter; + using iterator = typename base_ty::iterator; + struct constructor { + PersistenUnorderedMapAdapder + operator()(const ValueType &) const { + return PersistenUnorderedMapAdapder(); + } + }; + +private: + storage_ty storage; + +public: + PersistenUnorderedMapAdapder() = default; + + bool contains(size_t key) const override { return storage.count(key) != 0; } + iterator begin() const override { + return iterator(PersistentMapAdapterIterator(storage.begin())); + } + iterator end() const override { + return iterator(PersistentMapAdapterIterator(storage.end())); + } + const ValueType *lookup(size_t key) const override { + return storage.lookup(key); + } + bool empty() const override { return storage.empty(); } + void set(size_t key, const ValueType &value) override { + storage.replace({key, value}); + } + void remove(size_t key) override { storage.remove(key); } + const ValueType &at(size_t key) const override { return storage.at(key); } + void clear() override { storage.clear(); } + size_t size() const override { return storage.size(); } +}; + +template > +struct SparseArrayAdapter : public StorageAdapter { + using storage_ty = ValueType *; + using base_ty = StorageAdapter; + using iterator = typename base_ty::iterator; + struct constructor { + size_t storageSize; + constructor(size_t storageSize) : storageSize(storageSize) {} + SparseArrayAdapter + operator()(const ValueType &defaultValue) const { + return SparseArrayAdapter(defaultValue, storageSize); + } + }; + +private: + storage_ty storage; + size_t storageSize; + ValueType defaultValue; + size_t nonDefaultValuesCount; + +public: + SparseArrayAdapter(const ValueType &defaultValue, size_t storageSize) + : storageSize(storageSize), defaultValue(defaultValue), + nonDefaultValuesCount(0) { + storage = new ValueType[storageSize]; + clear(); + } + SparseArrayAdapter(const SparseArrayAdapter &pa) + : storageSize(pa.storageSize), defaultValue(pa.defaultValue) { + storage = new ValueType[storageSize]; + clear(); + for (const auto &[key, val] : pa) { + set(key, val); + } + } + SparseArrayAdapter &operator=(const SparseArrayAdapter &pa) { + storageSize = pa.storageSize; + defaultValue = pa.defaultValue; + delete[] storage; + storage = new ValueType[storageSize]; + clear(); + for (const auto &[key, val] : pa) { + set(key, val); + } + return *this; + } + ~SparseArrayAdapter() { delete[] storage; } + bool contains(size_t key) const override { return storage[key] != 0; } + iterator begin() const override { + return iterator(SparseArrayAdapterIterator( + storage, 0, storageSize, nonDefaultValuesCount, defaultValue)); + } + iterator end() const override { + return iterator(SparseArrayAdapterIterator( + storage + storageSize, storageSize, storageSize, nonDefaultValuesCount, + defaultValue)); + } + const ValueType *lookup(size_t key) const override { + if (key >= storageSize) { + return nullptr; + } + auto val = storage[key]; + return Eq()(val, defaultValue) ? nullptr : &storage[key]; + } + bool empty() const override { return nonDefaultValuesCount == 0; } + void set(size_t key, const ValueType &value) override { + bool wasDefault = Eq()(storage[key], defaultValue); + bool newDefault = Eq()(value, defaultValue); + if (wasDefault && !newDefault) { + ++nonDefaultValuesCount; + } + if (!wasDefault && newDefault) { + --nonDefaultValuesCount; + } + storage[key] = value; + } + void remove(size_t key) override { + if (!Eq()(storage[key], defaultValue)) { + --nonDefaultValuesCount; + storage[key] = defaultValue; + } + } + const ValueType &at(size_t key) const override { return storage[key]; } + void clear() override { + for (size_t i = 0; i < storageSize; ++i) { + storage[i] = defaultValue; + } + nonDefaultValuesCount = 0; + } + size_t size() const override { return nonDefaultValuesCount; } +}; + +} // namespace klee + +#endif diff --git a/include/klee/Core/Interpreter.h b/include/klee/Core/Interpreter.h index 1d9cb96dab..aceb78dcfc 100644 --- a/include/klee/Core/Interpreter.h +++ b/include/klee/Core/Interpreter.h @@ -95,6 +95,12 @@ class Interpreter { // targets coverage }; + struct FunctionsByModule { + std::vector> modules; + std::vector> setModules; + std::unordered_map usesInModule; + }; + /// ModuleOptions - Module level options which can be set when /// registering a module with the interpreter. struct ModuleOptions { @@ -184,6 +190,8 @@ class Interpreter { const std::set &ignoredExternals, std::vector> redefinitions) = 0; + virtual void setFunctionsByModule(FunctionsByModule &&functionsByModule) = 0; + // supply a tree stream writer which the interpreter will use // to record the concrete path (as a stream of '0' and '1' bytes). virtual void setPathWriter(TreeStreamWriter *tsw) = 0; diff --git a/include/klee/Core/TerminationTypes.h b/include/klee/Core/TerminationTypes.h index a08b3585e7..9dc67be69a 100644 --- a/include/klee/Core/TerminationTypes.h +++ b/include/klee/Core/TerminationTypes.h @@ -71,7 +71,8 @@ enum class StateTerminationClass : std::uint8_t { TTMARK(EXECERR, 61U) \ TTYPE(Replay, 70U, "") \ TTYPE(MissedAllTargets, 71U, "miss_all_targets.early") \ - TTMARK(EARLYALGORITHM, 71U) \ + TTYPE(CoveredEntryPoint, 72U, "covered_entry_point.early") \ + TTMARK(EARLYALGORITHM, 72U) \ TTYPE(SilentExit, 80U, "") \ TTMARK(EARLYUSER, 80U) \ TTMARK(END, 80U) diff --git a/include/klee/Expr/AlphaBuilder.h b/include/klee/Expr/AlphaBuilder.h index cc481f8f69..288e531947 100644 --- a/include/klee/Expr/AlphaBuilder.h +++ b/include/klee/Expr/AlphaBuilder.h @@ -23,7 +23,6 @@ class AlphaBuilder final : public ExprVisitor { ArrayCache::ArrayHashMap alphaArrayMap; private: - ArrayCache &arrayCache; unsigned index = 0; bool reverse = false; @@ -33,7 +32,7 @@ class AlphaBuilder final : public ExprVisitor { using ExprVisitor::visitExpr; public: - AlphaBuilder(ArrayCache &_arrayCache); + AlphaBuilder(); constraints_ty visitConstraints(const constraints_ty &cs); ref build(ref v); const Array *buildArray(const Array *arr) { return visitArray(arr); } diff --git a/include/klee/Expr/ArrayCache.h b/include/klee/Expr/ArrayCache.h index 735b3d257b..9dd415ebae 100644 --- a/include/klee/Expr/ArrayCache.h +++ b/include/klee/Expr/ArrayCache.h @@ -11,14 +11,16 @@ #define KLEE_ARRAYCACHE_H #include "klee/Expr/ArrayExprHash.h" // For klee::ArrayHashFn -#include "klee/Expr/Expr.h" -#include "klee/Expr/SymbolicSource.h" #include #include #include namespace klee { +class Array; +class Expr; +class SymbolicSource; +template class ref; struct EquivArrayCmpFn { bool operator()(const Array *array1, const Array *array2) const { diff --git a/include/klee/Expr/ArrayExprVisitor.h b/include/klee/Expr/ArrayExprVisitor.h index c2e1de50de..124aa66387 100644 --- a/include/klee/Expr/ArrayExprVisitor.h +++ b/include/klee/Expr/ArrayExprVisitor.h @@ -24,10 +24,6 @@ namespace klee { //------------------------------ HELPER FUNCTIONS ---------------------------// class ArrayExprHelper { public: - static bool isReadExprAtOffset(ref e, const ReadExpr *base, - ref offset); - - static ReadExpr *hasOrderedReads(const ConcatExpr &ce); static void collectAlternatives(const SelectExpr &se, std::vector> &alternatives); }; diff --git a/include/klee/Expr/Assignment.h b/include/klee/Expr/Assignment.h index bb86172a60..583a7d4056 100644 --- a/include/klee/Expr/Assignment.h +++ b/include/klee/Expr/Assignment.h @@ -30,7 +30,7 @@ typedef std::function)> ExprPredicate; class Assignment { public: using bindings_ty = - PersistentMap>; + PersistentMap>; bindings_ty bindings; @@ -42,11 +42,11 @@ class Assignment { Assignment() {} Assignment(const bindings_ty &_bindings) : bindings(_bindings) {} Assignment(const std::vector &objects, - const std::vector> &values) { + const std::vector> &values) { assert(objects.size() == values.size()); for (unsigned i = 0; i < values.size(); ++i) { const Array *os = objects.at(i); - const SparseStorage &arr = values.at(i); + const SparseStorageImpl &arr = values.at(i); bindings.insert(std::make_pair(os, arr)); } } @@ -77,7 +77,7 @@ class Assignment { bool isEmpty() { return begin() == end(); } std::vector keys() const; - std::vector> values() const; + std::vector> values() const; }; class AssignmentEvaluator : public ExprEvaluator { diff --git a/include/klee/Expr/AssignmentGenerator.h b/include/klee/Expr/AssignmentGenerator.h index cf656d9146..b81ae53c0d 100644 --- a/include/klee/Expr/AssignmentGenerator.h +++ b/include/klee/Expr/AssignmentGenerator.h @@ -34,10 +34,6 @@ class AssignmentGenerator { Assignment *&a, Expr::Width width, bool sign); - static bool isReadExprAtOffset(ref e, const ReadExpr *base, - ref offset); - static ReadExpr *hasOrderedReads(ref e); - static ref createSubExpr(const ref &l, ref &r); static ref createAddExpr(const ref &l, ref &r); static ref createMulExpr(const ref &l, ref &r); diff --git a/include/klee/Expr/Constraints.h b/include/klee/Expr/Constraints.h index 3809238a1b..a09d06a205 100644 --- a/include/klee/Expr/Constraints.h +++ b/include/klee/Expr/Constraints.h @@ -34,24 +34,50 @@ struct KInstruction; /// Resembles a set of constraints that can be passed around /// class ConstraintSet { +private: + /// Epoch counter used to control ownership of objects. + mutable unsigned cowKey; + + constraints_ty _constraints; + symcretes_ty _symcretes; + mutable std::shared_ptr _concretization; + std::shared_ptr _independentElements; + unsigned copyOnWriteOwner; + + void checkCopyOnWriteOwner(); + public: ConstraintSet(constraints_ty cs, symcretes_ty symcretes, Assignment concretization); explicit ConstraintSet(ref ics); explicit ConstraintSet( - const std::vector> &ics); + const std::vector> &ics, + const ExprHashMap> &concretizedExprs); explicit ConstraintSet(constraints_ty cs); explicit ConstraintSet(); - void fork(); + ConstraintSet(const ConstraintSet &b) + : cowKey(++b.cowKey), _constraints(b._constraints), + _symcretes(b._symcretes), _concretization(b._concretization), + _independentElements(b._independentElements), + copyOnWriteOwner(b.copyOnWriteOwner) {} + ConstraintSet &operator=(const ConstraintSet &b) { + cowKey = ++b.cowKey; + _constraints = b._constraints; + _symcretes = b._symcretes; + _concretization = b._concretization; + _independentElements = b._independentElements; + copyOnWriteOwner = b.copyOnWriteOwner; + return *this; + } - void addConstraint(ref e, const Assignment &delta); - void addSymcrete(ref s, const Assignment &concretization); + void addConstraint(ref e); + void addSymcrete(ref s); bool isSymcretized(ref expr) const; - void rewriteConcretization(const Assignment &a); + void rewriteConcretization(const Assignment &a) const; ConstraintSet withExpr(ref e) const { ConstraintSet copy = ConstraintSet(*this); - copy.addConstraint(e, Assignment()); + copy.addConstraint(e); return copy; } @@ -85,12 +111,6 @@ class ConstraintSet { void getAllDependentConstraintsSets( ref queryExpr, std::vector> &result) const; - -private: - constraints_ty _constraints; - symcretes_ty _symcretes; - Assignment _concretization; - std::shared_ptr _independentElements; }; class PathConstraints { @@ -100,13 +120,11 @@ class PathConstraints { void advancePath(KInstruction *ki); void advancePath(const Path &path); - void fork(); - ExprHashSet addConstraint(ref e, const Assignment &delta, - Path::PathIndex currIndex); - ExprHashSet addConstraint(ref e, const Assignment &delta); + ExprHashSet addConstraint(ref e, Path::PathIndex currIndex); + ExprHashSet addConstraint(ref e); bool isSymcretized(ref expr) const; - void addSymcrete(ref s, const Assignment &concretization); + void addSymcrete(ref s); void rewriteConcretization(const Assignment &a); const constraints_ty &original() const; diff --git a/include/klee/Expr/Expr.h b/include/klee/Expr/Expr.h index c0cf039458..080c0f90a4 100644 --- a/include/klee/Expr/Expr.h +++ b/include/klee/Expr/Expr.h @@ -21,6 +21,7 @@ DISABLE_WARNING_DEPRECATED_DECLARATIONS #include "llvm/ADT/APInt.h" #include "llvm/ADT/APSInt.h" #include "llvm/ADT/DenseSet.h" +#include "llvm/ADT/Hashing.h" #include "llvm/ADT/SmallVector.h" #include "llvm/Support/CommandLine.h" #include "llvm/Support/raw_ostream.h" @@ -42,8 +43,11 @@ namespace klee { class Array; class ArrayCache; class ConstantExpr; +class ConstantPointerExpr; class Expr; +class ReadExpr; class ObjectState; +class PointerExpr; template class ref; @@ -101,6 +105,15 @@ Todo: Shouldn't bool \c Xor just be written as not equal? class Expr { public: static void splitAnds(ref e, std::vector> &exprs); + static unsigned count; + static const unsigned MAGIC_HASH_CONSTANT = 39; + + /// The type of an expression is simply its width, in bits. + typedef unsigned Width; + + /// Width of an expression in bytes. + /// ByteWidth = (Width + CHAR_BIT - 1) / CHAR_BIT + typedef unsigned ByteWidth; protected: struct ExprHash { @@ -126,22 +139,34 @@ class Expr { } }; + struct APIntHash { + unsigned operator()(const llvm::APInt &e) const { + Expr::Width w = e.getBitWidth(); + if (w <= 64) + return e.getLimitedValue() ^ (w * MAGIC_HASH_CONSTANT); + else + return hash_value(e) ^ (w * MAGIC_HASH_CONSTANT); + } + }; + + struct APIntEq { + bool operator()(const llvm::APInt &l, const llvm::APInt &r) const { + return l.getBitWidth() == r.getBitWidth() && l == r; + } + }; + + struct ConstantExprCacheSet { + std::unordered_map cache; + ~ConstantExprCacheSet(); + }; + static ExprCacheSet cachedExpressions; + static ConstantExprCacheSet cachedConstantExpressions; static ref createCachedExpr(ref e); bool isCached = false; bool toBeCleared = false; public: - static unsigned count; - static const unsigned MAGIC_HASH_CONSTANT = 39; - - /// The type of an expression is simply its width, in bits. - typedef unsigned Width; - - /// Width of an expression in bytes. - /// ByteWidth = (Width + CHAR_BIT - 1) / CHAR_BIT - typedef unsigned ByteWidth; - // NOTE: The prefix "Int" in no way implies the integer type of expression. // For example, Int64 can indicate i64, double or <2 * i32> in different // cases. @@ -256,7 +281,9 @@ class Expr { BinaryKindFirst = Add, BinaryKindLast = FOGe, CmpKindFirst = Eq, - CmpKindLast = FOGe + CmpKindLast = FOGe, + Pointer, + ConstantPointer }; /// @brief Required by klee::ref-managed objects @@ -356,6 +383,18 @@ class Expr { /// isFalse - Is this the false expression. bool isFalse() const; + /// hasOrderedReads: \arg this must be a ConcatExpr, \arg stride must + /// be true or false. + /// + /// If all children of this Concat are reads or concats of reads + /// with consecutive offsets according to the given \arg stride, it + /// returns the base ReadExpr according to \arg stride: first Read + /// for true (MSB), last Read for false (LSB). Otherwise, it returns + /// null. + ref hasOrderedReads(bool stride) const; + ref hasOrderedReads() const; + ref getValue() const; + /* Static utility methods */ static void printKind(llvm::raw_ostream &os, Kind k); @@ -371,13 +410,14 @@ class Expr { static ref createZExtToPointerWidth(ref e); static ref createImplies(ref hyp, ref conc); static ref createIsZero(ref e); - static ref createTrue(); - static ref createFalse(); + static ref createTrue(); + static ref createFalse(); /// Create a little endian read of the given type at offset 0 of the /// given object. static ref createTempRead(const Array *array, Expr::Width w, - unsigned off = 0); + ref off); + static ref createTempRead(const Array *array, Expr::Width w); static ref createPointer(uint64_t v); @@ -617,6 +657,8 @@ class Array { std::set dependency; private: + static ArrayCache cachedArrays; + unsigned hashValue; // FIXME: Make =delete when we switch to C++11 @@ -634,11 +676,15 @@ class Array { /// when printing expressions. When expressions are printed the output will /// not parse correctly since two arrays with the same name cannot be /// distinguished once printed. -public: Array(ref _size, const ref source, Expr::Width _domain = Expr::Int32, Expr::Width _range = Expr::Int8, unsigned _id = 0); +public: + static const Array *create(ref _size, const ref source, + Expr::Width _domain = Expr::Int32, + Expr::Width _range = Expr::Int8); + public: bool isSymbolicArray() const { return !isConstantArray(); } bool isConstantArray() const { return isa(source); } @@ -684,6 +730,8 @@ class UpdateList { int compare(const UpdateList &b) const; bool operator<(const UpdateList &rhs) const { return compare(rhs) < 0; } + bool operator==(const UpdateList &rhs) const { return compare(rhs) == 0; } + bool operator!=(const UpdateList &rhs) const { return compare(rhs) != 0; } unsigned hash() const; unsigned height() const; @@ -707,7 +755,8 @@ class ReadExpr : public NonConstantExpr { return createCachedExpr(r); } - static ref create(const UpdateList &updates, ref i); + static ref create(const UpdateList &updates, ref i, + bool safe = true); Width getWidth() const { assert(updates.root); @@ -1421,12 +1470,16 @@ class ConstantExpr : public Expr { bool mIsFloat; - ConstantExpr(const llvm::APInt &v) : value(v), mIsFloat(false) {} - ConstantExpr(const llvm::APFloat &v); + ConstantExpr(const llvm::APInt &v, bool isFloat = false) + : value(v), mIsFloat(isFloat) { + if (mIsFloat) { + assert(&(getAPFloatValue().getSemantics()) == &(getFloatSemantics()) && + "float semantics mismatch"); + } + } public: - ~ConstantExpr() {} - + ~ConstantExpr(); Width getWidth() const { return value.getBitWidth(); } Kind getKind() const { return Constant; } @@ -1490,17 +1543,24 @@ class ConstantExpr : public Expr { void toMemory(void *address); static ref alloc(const llvm::APInt &v) { - ref r(new ConstantExpr(v)); - r->computeHash(); - r->computeHeight(); - return r; + auto success = cachedConstantExpressions.cache.find(v); + if (success == cachedConstantExpressions.cache.end()) { + // Cache miss + ref r = new ConstantExpr(v); + r->computeHash(); + r->computeHeight(); + r->isCached = true; + cachedConstantExpressions.cache[v] = r.get(); + return r; + } + return success->second; } static ref alloc(const llvm::APFloat &f) { - ref r(new ConstantExpr(f)); + ref r(new ConstantExpr(f.bitcastToAPInt(), true)); r->computeHash(); r->computeHeight(); - return r; + return createCachedExpr(r); } static ref alloc(uint64_t v, Width w) { @@ -1613,6 +1673,119 @@ class ConstantExpr : public Expr { static ref GetNaN(Expr::Width w); }; +class PointerExpr : public NonConstantExpr { +public: + static const Kind kind = Expr::Pointer; + static const unsigned numKids = 2; + ref base; + ref value; + static ref alloc(const ref &b, const ref &v) { + ref r(new PointerExpr(b, v)); + r->computeHash(); + r->computeHeight(); + return r; + } + static ref create(const ref &b, const ref &o); + static ref create(const ref &v); + static ref createSymbolic(const ref &expr, + const ref &pointer, + const ref &off); + + Width getWidth() const { return value->getWidth(); } + Kind getKind() const { return Expr::Pointer; } + ref getBase() const { return base; } + ref getValue() const { return value; } + ref getOffset() const { + assert(value->getWidth() == base->getWidth() && + "Invalid getOffset() call!"); + return SubExpr::create(value, base); + } + + unsigned getNumKids() const { return numKids; } + ref getKid(unsigned i) const { + if (i == 0) + return base; + if (i == 1) + return value; + return 0; + } + + int compareContents(const Expr &b) const { return 0; } + virtual ref rebuild(ref kids[]) const { + return create(kids[0], kids[1]); + } + static bool classof(const Expr *E) { + return E->getKind() == Expr::Pointer || + E->getKind() == Expr::ConstantPointer; + } + static bool classof(const PointerExpr *) { return true; } + + bool isKnownValue() const { return getBase()->isZero(); } + + ref Add(const ref &RHS); + ref Sub(const ref &RHS); + ref Mul(const ref &RHS); + ref UDiv(const ref &RHS); + ref SDiv(const ref &RHS); + ref URem(const ref &RHS); + ref SRem(const ref &RHS); + ref And(const ref &RHS); + ref Or(const ref &RHS); + ref Xor(const ref &RHS); + ref Shl(const ref &RHS); + ref LShr(const ref &RHS); + ref AShr(const ref &RHS); + + ref Eq(const ref &RHS); + ref Ne(const ref &RHS); + ref Ult(const ref &RHS); + ref Ule(const ref &RHS); + ref Ugt(const ref &RHS); + ref Uge(const ref &RHS); + ref Slt(const ref &RHS); + ref Sle(const ref &RHS); + ref Sgt(const ref &RHS); + ref Sge(const ref &RHS); + + ref Not(); + +protected: + PointerExpr(const ref &b, const ref &v) : base(b), value(v) {} +}; + +class ConstantPointerExpr : public PointerExpr { +public: + static const Kind kind = Expr::ConstantPointer; + static const unsigned numKids = 2; + static ref alloc(const ref &b, + const ref &o) { + ref r = new ConstantPointerExpr(b, o); + r->computeHash(); + r->computeHeight(); + return r; + } + static ref create(const ref &b, + const ref &o); + + Kind getKind() const { return Expr::ConstantPointer; } + ref getConstantBase() const { return cast(base); } + ref getConstantOffset() const { + return getConstantValue()->Sub(getConstantBase()); + } + ref getConstantValue() const { + return cast(value); + } + + static bool classof(const Expr *E) { + return E->getKind() == Expr::ConstantPointer; + } + static bool classof(const ConstantPointerExpr *) { return true; } + +private: + ConstantPointerExpr(const ref &b, const ref &v) + : PointerExpr(b, v) {} +}; + // Implementations inline bool Expr::isZero() const { diff --git a/include/klee/Expr/ExprBuilder.h b/include/klee/Expr/ExprBuilder.h index eb3ec6807c..b2ed034cf2 100644 --- a/include/klee/Expr/ExprBuilder.h +++ b/include/klee/Expr/ExprBuilder.h @@ -57,6 +57,7 @@ class ExprBuilder { virtual ref Sle(const ref &LHS, const ref &RHS) = 0; virtual ref Sgt(const ref &LHS, const ref &RHS) = 0; virtual ref Sge(const ref &LHS, const ref &RHS) = 0; + virtual ref Pointer(const ref &LHS, const ref &RHS) = 0; // Utility functions diff --git a/include/klee/Expr/ExprUtil.h b/include/klee/Expr/ExprUtil.h index 0779b1234d..a1f4a0c2d7 100644 --- a/include/klee/Expr/ExprUtil.h +++ b/include/klee/Expr/ExprUtil.h @@ -11,6 +11,7 @@ #define KLEE_EXPRUTIL_H #include "klee/Expr/Expr.h" +#include "klee/Expr/ExprHashMap.h" #include "klee/Expr/ExprVisitor.h" #include @@ -30,6 +31,9 @@ template class ref; void findReads(ref e, bool visitUpdates, std::vector> &result); +void findSymbolicPointers(ref e, bool visitUpdates, ExprHashSet &result, + Expr::Width width); + /// Return a list of all unique symbolic objects referenced by the given /// expression. void findSymbolicObjects(ref e, std::vector &results); diff --git a/include/klee/Expr/ExprVisitor.h b/include/klee/Expr/ExprVisitor.h index 15c9741272..c349e46d68 100644 --- a/include/klee/Expr/ExprVisitor.h +++ b/include/klee/Expr/ExprVisitor.h @@ -35,7 +35,7 @@ class VisitorHash { } for (auto i = hash.rbegin(); i != hash.rend(); i++) { if ((*i).count(e)) { - return {(*i).at(e), false}; + return {(*i).at(e), true}; } } return {e, false}; @@ -137,9 +137,13 @@ class ExprVisitor { virtual Action visitFNeg(const FNegExpr &); virtual Action visitFRint(const FRintExpr &); -private: - typedef ExprHashMap> visited_ty; + virtual Action visitPointer(const PointerExpr &); + virtual Action visitConstantPointer(const ConstantPointerExpr &); + + typedef VisitorHash visited_ty; visited_ty visited; + +private: bool recursive; ref visitActual(const ref &e); diff --git a/include/klee/Expr/IndependentConstraintSetUnion.h b/include/klee/Expr/IndependentConstraintSetUnion.h index c4ce9a4559..6a80782442 100644 --- a/include/klee/Expr/IndependentConstraintSetUnion.h +++ b/include/klee/Expr/IndependentConstraintSetUnion.h @@ -22,8 +22,7 @@ class IndependentConstraintSetUnion public: void updateConcretization(const Assignment &delta); void removeConcretization(const Assignment &remove); - void calculateUpdateConcretizationQueue(); - void calculateRemoveConcretizationQueue(); + void flushConcretization(); void reEvaluateConcretization(const Assignment &newConcretization); IndependentConstraintSetUnion getConcretizedVersion(); @@ -45,7 +44,7 @@ class IndependentConstraintSetUnion void addExpr(ref e); void addSymcrete(ref s); - void calculateQueue(); + void flushConstraints(); }; } // namespace klee diff --git a/include/klee/Expr/IndependentSet.h b/include/klee/Expr/IndependentSet.h index af84a4dd8a..21d64cdadc 100644 --- a/include/klee/Expr/IndependentSet.h +++ b/include/klee/Expr/IndependentSet.h @@ -130,10 +130,10 @@ class IndependentConstraintSet { removeConcretization(const Assignment &delta, ExprHashMap> &changedExprs) const; - void - addValuesToAssignment(const std::vector &objects, - const std::vector> &values, - Assignment &assign) const; + void addValuesToAssignment( + const std::vector &objects, + const std::vector> &values, + Assignment &assign) const; IndependentConstraintSet(); explicit IndependentConstraintSet(ref v); diff --git a/include/klee/Expr/Parser/Parser.h b/include/klee/Expr/Parser/Parser.h index 5009125c85..477e430ce5 100644 --- a/include/klee/Expr/Parser/Parser.h +++ b/include/klee/Expr/Parser/Parser.h @@ -218,10 +218,8 @@ class Parser { ExprBuilder *Builder, bool ClearArrayAfterQuery); static Parser *Create(const std::string Name, const llvm::MemoryBuffer *MB, - ExprBuilder *Builder, ArrayCache *TheArrayCache, - KModule *km, bool ClearArrayAfterQuery); - - virtual ArrayCache &getArrayCache() = 0; + ExprBuilder *Builder, KModule *km, + bool ClearArrayAfterQuery); }; } // namespace expr } // namespace klee diff --git a/include/klee/Expr/Path.h b/include/klee/Expr/Path.h index a556a00213..456d4be906 100644 --- a/include/klee/Expr/Path.h +++ b/include/klee/Expr/Path.h @@ -24,6 +24,9 @@ class Path { struct PathIndex { unsigned long block; unsigned long instruction; + bool operator==(const PathIndex &rhs) const { + return block == rhs.block && instruction == rhs.instruction; + } }; struct PathIndexCompare { diff --git a/include/klee/Expr/SourceBuilder.h b/include/klee/Expr/SourceBuilder.h index 43cf6dd19b..0a56fcb1b2 100644 --- a/include/klee/Expr/SourceBuilder.h +++ b/include/klee/Expr/SourceBuilder.h @@ -4,11 +4,13 @@ #include "klee/Expr/SymbolicSource.h" namespace klee { +class KModule; struct KInstruction; struct KGlobalVariable; -template class SparseStorage; +template +class SparseStorageImpl; template class ref; class SourceBuilder { @@ -16,7 +18,7 @@ class SourceBuilder { SourceBuilder() = delete; static ref - constant(SparseStorage> constantValues); + constant(SparseStorage> *constantValues); static ref uninitialized(unsigned version, const KInstruction *allocSite); diff --git a/include/klee/Expr/SymbolicSource.h b/include/klee/Expr/SymbolicSource.h index 7bdea46962..99fe508b5f 100644 --- a/include/klee/Expr/SymbolicSource.h +++ b/include/klee/Expr/SymbolicSource.h @@ -5,6 +5,7 @@ #include "klee/ADT/SparseStorage.h" #include "klee/Support/CompilerWarning.h" +#include DISABLE_WARNING_PUSH DISABLE_WARNING_DEPRECATED_DECLARATIONS @@ -74,11 +75,11 @@ class SymbolicSource { class ConstantSource : public SymbolicSource { public: - const SparseStorage> constantValues; + const std::unique_ptr>> constantValues; - ConstantSource(SparseStorage> _constantValues) - : constantValues(std::move(_constantValues)) { - assert(constantValues.defaultV() && "Constant must be constant!"); + ConstantSource(SparseStorage> *_constantValues) + : constantValues(_constantValues) { + assert(constantValues->defaultV() && "Constant must be constant!"); } Kind getKind() const override { return Kind::Constant; } @@ -98,8 +99,8 @@ class ConstantSource : public SymbolicSource { return getKind() < b.getKind() ? -1 : 1; } const ConstantSource &cb = static_cast(b); - if (constantValues != cb.constantValues) { - return constantValues < cb.constantValues ? -1 : 1; + if (*constantValues.get() != *cb.constantValues.get()) { + return *constantValues.get() < *cb.constantValues.get() ? -1 : 1; } return 0; } diff --git a/include/klee/Expr/Symcrete.h b/include/klee/Expr/Symcrete.h index 65b70b20f7..91fc044622 100644 --- a/include/klee/Expr/Symcrete.h +++ b/include/klee/Expr/Symcrete.h @@ -90,10 +90,7 @@ typedef std::set, SymcreteLess> SymcreteOrderedSet; class AddressSymcrete : public Symcrete { public: - const Array *addressArray; - - AddressSymcrete(const Array *_addressArray, ref s, SymcreteKind kind) - : Symcrete(s, kind), addressArray(_addressArray) { + AddressSymcrete(ref s, SymcreteKind kind) : Symcrete(s, kind) { assert((kind == SymcreteKind::SK_ALLOC_ADDRESS || kind == SymcreteKind::SK_LI_ADDRESS) && "wrong kind"); @@ -107,8 +104,8 @@ class AddressSymcrete : public Symcrete { class AllocAddressSymcrete : public AddressSymcrete { public: - AllocAddressSymcrete(const Array *addressArray, ref s) - : AddressSymcrete(addressArray, s, SymcreteKind::SK_ALLOC_ADDRESS) {} + AllocAddressSymcrete(ref s) + : AddressSymcrete(s, SymcreteKind::SK_ALLOC_ADDRESS) {} static bool classof(const Symcrete *symcrete) { return symcrete->getKind() == SymcreteKind::SK_ALLOC_ADDRESS; @@ -117,8 +114,8 @@ class AllocAddressSymcrete : public AddressSymcrete { class LazyInitializedAddressSymcrete : public AddressSymcrete { public: - LazyInitializedAddressSymcrete(const Array *addressArray, ref s) - : AddressSymcrete(addressArray, s, SymcreteKind::SK_LI_ADDRESS) {} + LazyInitializedAddressSymcrete(ref s) + : AddressSymcrete(s, SymcreteKind::SK_LI_ADDRESS) {} static bool classof(const Symcrete *symcrete) { return symcrete->getKind() == SymcreteKind::SK_LI_ADDRESS; diff --git a/include/klee/Module/Annotation.h b/include/klee/Module/Annotation.h index d94c591091..20ee34f0a9 100644 --- a/include/klee/Module/Annotation.h +++ b/include/klee/Module/Annotation.h @@ -9,17 +9,12 @@ #ifndef KLEE_ANNOTATION_H #define KLEE_ANNOTATION_H -#include "map" -#include "set" -#include "string" -#include "vector" +#include "nlohmann/json_fwd.hpp" -#include "nlohmann/json.hpp" -#include - -#include "klee/Config/config.h" - -#include "llvm/IR/Module.h" +#include +#include +#include +#include using json = nlohmann::json; diff --git a/include/klee/Module/Cell.h b/include/klee/Module/Cell.h index a5d0b7732a..9c4a90a07e 100644 --- a/include/klee/Module/Cell.h +++ b/include/klee/Module/Cell.h @@ -17,6 +17,8 @@ class MemoryObject; struct Cell { ref value; + Cell() = default; + explicit Cell(ref value) : value(value) {} }; } // namespace klee diff --git a/include/klee/Module/CodeGraphInfo.h b/include/klee/Module/CodeGraphInfo.h index 549964287a..7a2ca26014 100644 --- a/include/klee/Module/CodeGraphInfo.h +++ b/include/klee/Module/CodeGraphInfo.h @@ -16,30 +16,28 @@ namespace klee { -using Block = llvm::BasicBlock; -using BlockDistanceMap = std::unordered_map; -using FunctionDistanceMap = std::unordered_map; -using SortedBlockDistances = std::vector>; -using SortedFunctionDistances = - std::vector>; +using BlockDistanceMap = std::unordered_map; +using FunctionDistanceMap = std::unordered_map; +using SortedBlockDistances = std::vector>; +using SortedFunctionDistances = std::vector>; class CodeGraphInfo { - using blockToDistanceMap = std::unordered_map; - using blockDistanceList = std::unordered_map; + using blockToDistanceMap = std::unordered_map; + using blockDistanceList = std::unordered_map; using functionToDistanceMap = - std::unordered_map; + std::unordered_map; using functionDistanceList = - std::unordered_map; + std::unordered_map; using functionBranchesSet = - std::unordered_map>>; + std::unordered_map>>; private: blockToDistanceMap blockDistance; blockToDistanceMap blockBackwardDistance; - std::set blockCycles; + KBlockSet blockCycles; blockDistanceList blockSortedDistance; blockDistanceList blockSortedBackwardDistance; @@ -53,8 +51,8 @@ class CodeGraphInfo { functionBranchesSet functionBlocks; private: - void calculateDistance(Block *bb); - void calculateBackwardDistance(Block *bb); + void calculateDistance(KBlock *bb); + void calculateBackwardDistance(KBlock *bb); void calculateDistance(KFunction *f); void calculateBackwardDistance(KFunction *f); @@ -64,8 +62,7 @@ class CodeGraphInfo { void calculateFunctionBlocks(KFunction *kf); public: - const BlockDistanceMap &getDistance(Block *b); - const BlockDistanceMap &getDistance(KBlock *kb); + const BlockDistanceMap &getDistance(KBlock *b); const BlockDistanceMap &getBackwardDistance(KBlock *kb); bool hasCycle(KBlock *kb); @@ -73,14 +70,13 @@ class CodeGraphInfo { const FunctionDistanceMap &getBackwardDistance(KFunction *kf); void getNearestPredicateSatisfying(KBlock *from, KBlockPredicate predicate, - std::set &result); + KBlockSet &result); - const std::map> & - getFunctionBranches(KFunction *kf); - const std::map> & + const KBlockMap> &getFunctionBranches(KFunction *kf); + + const KBlockMap> & getFunctionConditionalBranches(KFunction *kf); - const std::map> & - getFunctionBlocks(KFunction *kf); + const KBlockMap> &getFunctionBlocks(KFunction *kf); }; } // namespace klee diff --git a/include/klee/Module/KInstruction.h b/include/klee/Module/KInstruction.h index 872f433d63..ce3ca900b9 100644 --- a/include/klee/Module/KInstruction.h +++ b/include/klee/Module/KInstruction.h @@ -158,6 +158,12 @@ struct KGEPInstruction : KInstruction { KGEPInstruction() = delete; explicit KGEPInstruction(const KGEPInstruction &ki) = delete; }; + +struct KInstructionCompare { + bool operator()(const KInstruction *a, const KInstruction *b) const { + return a->getID() < b->getID(); + } +}; } // namespace klee #endif /* KLEE_KINSTRUCTION_H */ diff --git a/include/klee/Module/KModule.h b/include/klee/Module/KModule.h index de50a03d6b..aab05622ea 100644 --- a/include/klee/Module/KModule.h +++ b/include/klee/Module/KModule.h @@ -51,6 +51,7 @@ struct Cell; class Executor; class Expr; class InterpreterHandler; +struct KBlockCompare; struct KInstruction; class KModule; struct KFunction; @@ -59,6 +60,23 @@ template class ref; enum KBlockType { Base, Call, Return }; +struct KBlockCompare { + bool operator()(const KBlock *a, const KBlock *b) const; +}; + +template using KBlockMap = std::map; + +using KBlockSet = std::set; + +struct KFunctionCompare { + bool operator()(const KFunction *a, const KFunction *b) const; +}; + +template +using KFunctionMap = std::map; + +using KFunctionSet = std::set; + struct KBlock : public KValue { KFunction *parent; KInstruction **instructions; @@ -78,6 +96,9 @@ struct KBlock : public KValue { KBlock &operator=(const KBlock &) = delete; public: + KBlockSet successors(); + KBlockSet predecessors(); + unsigned getNumInstructions() const noexcept { return basicBlock()->size(); } KInstruction *getFirstInstruction() const noexcept { return instructions[0]; } KInstruction *getLastInstruction() const noexcept { @@ -127,13 +148,12 @@ struct KBasicBlock : public KBlock { struct KCallBlock : KBlock { KInstruction *kcallInstruction; - std::set calledFunctions; + KFunctionSet calledFunctions; public: KCallBlock(KFunction *, llvm::BasicBlock *, KModule *, const std::unordered_map &, - std::set, KInstruction **, - unsigned &globalIndexInc); + KInstruction **, unsigned &globalIndexInc); static bool classof(const KCallBlock *) { return true; } static bool classof(const KBlock *E) { return E->getKBlockType() == KBlockType::Call; @@ -229,20 +249,6 @@ struct KFunction : public KCallable { [[nodiscard]] inline unsigned getGlobalIndex() const { return globalIndex; } }; -struct KBlockCompare { - bool operator()(const KBlock *a, const KBlock *b) const { - return a->parent->getGlobalIndex() < b->parent->getGlobalIndex() || - (a->parent->getGlobalIndex() == b->parent->getGlobalIndex() && - a->getId() < b->getId()); - } -}; - -struct KFunctionCompare { - bool operator()(const KFunction *a, const KFunction *b) const { - return a->id < b->id; - } -}; - struct KConstant : public KValue { public: /// Actual LLVM constant this represents. @@ -303,13 +309,13 @@ class KModule { // Our shadow versions of LLVM structures. std::vector> functions; std::unordered_map functionMap; - std::unordered_map> callMap; + KFunctionMap callMap; std::unordered_map functionNameMap; [[nodiscard]] unsigned getFunctionId(const llvm::Function *) const; // Functions which escape (may be called indirectly) // XXX change to KFunction - std::set escapingFunctions; + KFunctionSet escapingFunctions; std::set mainModuleFunctions; std::set mainModuleGlobals; diff --git a/include/klee/Module/LocationInfo.h b/include/klee/Module/LocationInfo.h index 4c90713bb9..ae1db8f315 100644 --- a/include/klee/Module/LocationInfo.h +++ b/include/klee/Module/LocationInfo.h @@ -44,6 +44,10 @@ struct LocationInfo { /// @param location location info in source code. /// @return SARIFs representation of location. PhysicalLocationJson serialize() const; + + bool operator==(const LocationInfo &rhs) const { + return file == rhs.file && line == rhs.line && column == rhs.column; + } }; LocationInfo getLocationInfo(const llvm::Function *func); diff --git a/include/klee/Module/Target.h b/include/klee/Module/Target.h index 2475584259..eec1e8d302 100644 --- a/include/klee/Module/Target.h +++ b/include/klee/Module/Target.h @@ -64,7 +64,7 @@ class Target { } }; - typedef std::unordered_set CacheType; + using CacheType = std::unordered_set; struct TargetCacheSet { CacheType cache; diff --git a/include/klee/Module/TargetForest.h b/include/klee/Module/TargetForest.h index a729df7115..6ae8dd3bb5 100644 --- a/include/klee/Module/TargetForest.h +++ b/include/klee/Module/TargetForest.h @@ -29,6 +29,8 @@ namespace klee { struct TargetHash; struct TargetCmp; +using KBlockTrace = std::vector; + class TargetsHistory { private: unsigned hashValue; @@ -307,10 +309,10 @@ class TargetForest { return getConfidence(confidence::MaxConfidence); } - void addTrace( - const Result &result, - const std::unordered_map, std::unordered_set, - RefLocationHash, RefLocationCmp> &locToBlocks); + void + addTrace(const Result &result, + const std::unordered_map, KBlockSet, RefLocationHash, + RefLocationCmp> &locToBlocks); }; ref forest; @@ -324,10 +326,10 @@ class TargetForest { class ReferenceCounter _refCount; KFunction *getEntryFunction() { return entryFunction; } - void addTrace( - const Result &result, - const std::unordered_map, std::unordered_set, - RefLocationHash, RefLocationCmp> &locToBlocks) { + void + addTrace(const Result &result, + const std::unordered_map, KBlockSet, RefLocationHash, + RefLocationCmp> &locToBlocks) { forest->addTrace(result, locToBlocks); } diff --git a/include/klee/Solver/AddressGenerator.h b/include/klee/Solver/AddressGenerator.h deleted file mode 100644 index ca2fef90fe..0000000000 --- a/include/klee/Solver/AddressGenerator.h +++ /dev/null @@ -1,18 +0,0 @@ -#ifndef _ADDRESS_GENERATOR_H -#define _ADDRESS_GENERATOR_H - -#include "klee/ADT/Ref.h" - -#include - -namespace klee { -class Expr; - -class AddressGenerator { -public: - virtual void *allocate(ref, uint64_t size) = 0; - virtual ~AddressGenerator() = default; -}; -}; // namespace klee - -#endif diff --git a/include/klee/Solver/Common.h b/include/klee/Solver/Common.h index 2a43b9eb67..799c96ab23 100644 --- a/include/klee/Solver/Common.h +++ b/include/klee/Solver/Common.h @@ -14,7 +14,6 @@ #ifndef KLEE_COMMON_H #define KLEE_COMMON_H -#include "klee/Solver/AddressGenerator.h" #include "klee/Solver/Solver.h" #include @@ -28,8 +27,7 @@ const char SOLVER_QUERIES_KQUERY_FILE_NAME[] = "solver-queries.kquery"; std::unique_ptr constructSolverChain( std::unique_ptr coreSolver, std::string querySMT2LogPath, std::string baseSolverQuerySMT2LogPath, std::string queryKQueryLogPath, - std::string baseSolverQueryKQueryLogPath, - AddressGenerator *addressGenerator, ArrayCache &arrayCache); + std::string baseSolverQueryKQueryLogPath); } // namespace klee #endif /* KLEE_COMMON_H */ diff --git a/include/klee/Solver/IncompleteSolver.h b/include/klee/Solver/IncompleteSolver.h index 65dac30c4b..e977569fd1 100644 --- a/include/klee/Solver/IncompleteSolver.h +++ b/include/klee/Solver/IncompleteSolver.h @@ -51,7 +51,7 @@ class IncompleteSolver { /// is not found, then the values array must be unmodified. virtual bool computeInitialValues(const Query &, const std::vector &objects, - std::vector> &values, + std::vector> &values, bool &hasSolution) = 0; }; @@ -70,10 +70,10 @@ class StagedSolverImpl : public SolverImpl { bool computeTruth(const Query &, bool &isValid); bool computeValidity(const Query &, PartialValidity &result); bool computeValue(const Query &, ref &result); - bool computeInitialValues(const Query &, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool + computeInitialValues(const Query &, const std::vector &objects, + std::vector> &values, + bool &hasSolution); bool check(const Query &query, ref &result); bool computeValidityCore(const Query &query, ValidityCore &validityCore, bool &hasSolution); diff --git a/include/klee/Solver/Solver.h b/include/klee/Solver/Solver.h index 93fad34f54..12702c8937 100644 --- a/include/klee/Solver/Solver.h +++ b/include/klee/Solver/Solver.h @@ -23,7 +23,6 @@ namespace klee { class ConstraintSet; class Expr; class SolverImpl; -class AddressGenerator; /// Collection of meta data that a solver can have access to. This is /// independent of the actual constraints but can be used as a two-way @@ -142,7 +141,8 @@ class Solver { /// satisfying assignment. /// /// \return True on success. - bool getValue(const Query &, ref &result); + template + bool getValue(const Query &query, ref &result); /// getValue - Compute the minimal possible non-negative value for the given /// expression. @@ -170,7 +170,7 @@ class Solver { // they want. This also allows us to optimize the representation. bool getInitialValues(const Query &, const std::vector &objects, - std::vector> &result); + std::vector> &result); bool getValidityCore(const Query &, ValidityCore &validityCore, bool &result); @@ -248,9 +248,7 @@ std::unique_ptr createIndependentSolver(std::unique_ptr s); /// independent queries to their alpha-equvalent version /// /// \param s - The underlying solver to use. -/// \param arrayCache - Class to create new arrays. -std::unique_ptr createAlphaEquivalenceSolver(std::unique_ptr s, - ArrayCache &arrayCache); +std::unique_ptr createAlphaEquivalenceSolver(std::unique_ptr s); /// createKQueryLoggingSolver - Create a solver which will forward all queries /// after writing them to the given path in .kquery format. @@ -273,9 +271,7 @@ std::unique_ptr createDummySolver(); // Create a solver based on the supplied ``CoreSolverType``. std::unique_ptr createCoreSolver(CoreSolverType cst); -std::unique_ptr -createConcretizingSolver(std::unique_ptr s, - AddressGenerator *addressGenerator); +std::unique_ptr createConcretizingSolver(std::unique_ptr s); /// Return a list of all unique symbolic objects referenced by the /// given Query. diff --git a/include/klee/Solver/SolverImpl.h b/include/klee/Solver/SolverImpl.h index da8e510f22..1893b4b799 100644 --- a/include/klee/Solver/SolverImpl.h +++ b/include/klee/Solver/SolverImpl.h @@ -94,9 +94,11 @@ class SolverImpl { virtual bool computeValue(const Query &query, ref &result) = 0; /// \sa Solver::getInitialValues() - virtual bool computeInitialValues( - const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) = 0; + virtual bool + computeInitialValues(const Query &query, + const std::vector &objects, + std::vector> &values, + bool &hasSolution) = 0; virtual bool check(const Query &query, ref &result); diff --git a/include/klee/Solver/SolverUtil.h b/include/klee/Solver/SolverUtil.h index 9be7d0f2d2..f3f4965a89 100644 --- a/include/klee/Solver/SolverUtil.h +++ b/include/klee/Solver/SolverUtil.h @@ -166,7 +166,7 @@ class SolverResponse { virtual bool tryGetInitialValuesFor( const std::vector &objects, - std::vector> &values) const { + std::vector> &values) const { return false; } @@ -238,7 +238,7 @@ class InvalidResponse : public SolverResponse { public: InvalidResponse(const std::vector &objects, - std::vector> &values) + std::vector> &values) : result(Assignment(objects, values)) {} InvalidResponse(Assignment::bindings_ty &initialValues) @@ -248,13 +248,13 @@ class InvalidResponse : public SolverResponse { bool tryGetInitialValuesFor( const std::vector &objects, - std::vector> &values) const { + std::vector> &values) const { values.reserve(objects.size()); for (auto object : objects) { if (result.bindings.count(object)) { values.push_back(result.bindings.at(object)); } else { - values.push_back(SparseStorage(0)); + values.push_back(SparseStorageImpl(0)); } } return true; @@ -266,11 +266,17 @@ class InvalidResponse : public SolverResponse { } Assignment initialValuesFor(const std::vector objects) const { - std::vector> values; - tryGetInitialValuesFor(objects, values); + std::vector> values; + std::ignore = tryGetInitialValuesFor(objects, values); return Assignment(objects, values); } + void initialValuesFor( + const std::vector objects, + std::vector> &values) const { + std::ignore = tryGetInitialValuesFor(objects, values); + } + Assignment initialValues() const { Assignment::bindings_ty values; tryGetInitialValues(values); diff --git a/include/klee/Support/ModuleUtil.h b/include/klee/Support/ModuleUtil.h index 7ff0e36bd2..a066a106ce 100644 --- a/include/klee/Support/ModuleUtil.h +++ b/include/klee/Support/ModuleUtil.h @@ -10,8 +10,7 @@ #ifndef KLEE_MODULEUTIL_H #define KLEE_MODULEUTIL_H -#include "klee/Config/Version.h" - +#include "klee/Core/Interpreter.h" #include "klee/Support/CompilerWarning.h" DISABLE_WARNING_PUSH DISABLE_WARNING_DEPRECATED_DECLARATIONS @@ -118,6 +117,12 @@ bool loadFileAsOneModule(const std::string &libraryName, llvm::LLVMContext &context, std::vector> &modules, std::string &errorMsg); + +bool loadArchiveAsOneModule(const std::string &libraryName, + llvm::LLVMContext &context, + std::vector> &modules, + Interpreter::FunctionsByModule &functionsByModule, + std::string &errorMsg); } // namespace klee #endif /* KLEE_MODULEUTIL_H */ diff --git a/include/klee/klee.h b/include/klee/klee.h index 5995ff2e24..3323fb7151 100644 --- a/include/klee/klee.h +++ b/include/klee/klee.h @@ -23,7 +23,7 @@ extern "C" { * (obviously) not correctly interact with external function * calls. */ -void klee_define_fixed_object(void *addr, size_t nbytes); +void *klee_define_fixed_object(void *addr, size_t nbytes); /* klee_make_symbolic - Make the contents of the object pointer to by \arg * addr symbolic. @@ -111,6 +111,7 @@ void klee_warning_once(const char *message); void klee_prefer_cex(void *object, uintptr_t condition); void klee_posix_prefer_cex(void *object, uintptr_t condition); void klee_mark_global(void *object); +void klee_dump_constraints(); /* Return a possible constant value for the input expression. This allows programs to forcibly concretize values on their own. */ diff --git a/lib/ADT/SparseStorage.cpp b/lib/ADT/SparseStorage.cpp index 1cfe3319b4..f6da087d4c 100644 --- a/lib/ADT/SparseStorage.cpp +++ b/lib/ADT/SparseStorage.cpp @@ -1,10 +1,44 @@ #include "klee/ADT/SparseStorage.h" #include "klee/Expr/Expr.h" +#include "klee/Support/CompilerWarning.h" +DISABLE_WARNING_PUSH #include "llvm/ADT/StringExtras.h" #include "llvm/Support/raw_ostream.h" +DISABLE_WARNING_DEPRECATED_DECLARATIONS +DISABLE_WARNING_POP namespace klee { +template <> +void SparseStorage::print(llvm::raw_ostream &os, Density d) const { + if (d == Density::Sparse) { + // "Sparse representation" + os << "{"; + bool firstPrinted = false; + auto ordered = calculateOrderedStorage(); + for (const auto &element : ordered) { + if (firstPrinted) { + os << ", "; + } + os << element.first << ": " << llvm::utostr(element.second); + firstPrinted = true; + } + os << "} default: "; + } else { + // "Dense representation" + os << "["; + bool firstPrinted = false; + for (size_t i = 0; i < sizeOfSetRange(); i++) { + if (firstPrinted) { + os << ", "; + } + os << llvm::utostr(load(i)); + firstPrinted = true; + } + os << "] default: "; + } + os << llvm::utostr(defaultValue); +} template <> void SparseStorage::print(llvm::raw_ostream &os, @@ -83,4 +117,210 @@ void SparseStorage>::print(llvm::raw_ostream &os, os << "null"; } } + +template <> +void klee::SparseStorage< + klee::ref, + klee::OptionalRefEq>::print(llvm::raw_ostream &os, + Density d) const { + if (d == Density::Sparse) { + // "Sparse representation" + os << "{"; + bool firstPrinted = false; + auto ordered = calculateOrderedStorage(); + for (const auto &element : ordered) { + if (firstPrinted) { + os << ", "; + } + os << element.first << ": "; + if (element.second) { + os << element.second; + } else { + os << "null"; + } + firstPrinted = true; + } + os << "} default: "; + } else { + // "Dense representation" + os << "["; + bool firstPrinted = false; + for (size_t i = 0; i < sizeOfSetRange(); i++) { + if (firstPrinted) { + os << ", "; + } + auto expr = load(i); + if (expr) { + os << expr; + } else { + os << "null"; + } + firstPrinted = true; + } + os << "] default: "; + } + if (defaultValue) { + os << defaultValue; + } else { + os << "null"; + } +} + +template <> +void SparseStorageImpl::print(llvm::raw_ostream &os, Density d) const { + if (d == Density::Sparse) { + // "Sparse representation" + os << "{"; + bool firstPrinted = false; + auto ordered = calculateOrderedStorage(); + for (const auto &element : ordered) { + if (firstPrinted) { + os << ", "; + } + os << element.first << ": " << llvm::utostr(element.second); + firstPrinted = true; + } + os << "} default: "; + } else { + // "Dense representation" + os << "["; + bool firstPrinted = false; + for (size_t i = 0; i < sizeOfSetRange(); i++) { + if (firstPrinted) { + os << ", "; + } + os << llvm::utostr(load(i)); + firstPrinted = true; + } + os << "] default: "; + } + os << llvm::utostr(defaultValue); +} + +template <> +void SparseStorageImpl::print(llvm::raw_ostream &os, + Density d) const { + if (d == Density::Sparse) { + // "Sparse representation" + os << "{"; + bool firstPrinted = false; + auto ordered = calculateOrderedStorage(); + for (const auto &element : ordered) { + if (firstPrinted) { + os << ", "; + } + os << element.first << ": " << llvm::utostr(element.second); + firstPrinted = true; + } + os << "} default: "; + } else { + // "Dense representation" + os << "["; + bool firstPrinted = false; + for (size_t i = 0; i < sizeOfSetRange(); i++) { + if (firstPrinted) { + os << ", "; + } + os << llvm::utostr(load(i)); + firstPrinted = true; + } + os << "] default: "; + } + os << llvm::utostr(defaultValue); +} + +template <> +void SparseStorageImpl>::print(llvm::raw_ostream &os, + Density d) const { + if (d == Density::Sparse) { + // "Sparse representation" + os << "{"; + bool firstPrinted = false; + auto ordered = calculateOrderedStorage(); + for (const auto &element : ordered) { + if (firstPrinted) { + os << ", "; + } + os << element.first << ": "; + if (element.second) { + os << element.second; + } else { + os << "null"; + } + firstPrinted = true; + } + os << "} default: "; + } else { + // "Dense representation" + os << "["; + bool firstPrinted = false; + for (size_t i = 0; i < sizeOfSetRange(); i++) { + if (firstPrinted) { + os << ", "; + } + auto expr = load(i); + if (expr) { + os << expr; + } else { + os << "null"; + } + firstPrinted = true; + } + os << "] default: "; + } + if (defaultValue) { + os << defaultValue; + } else { + os << "null"; + } +} + +template <> +void klee::SparseStorageImpl< + klee::ref, + klee::OptionalRefEq>::print(llvm::raw_ostream &os, + Density d) const { + if (d == Density::Sparse) { + // "Sparse representation" + os << "{"; + bool firstPrinted = false; + auto ordered = calculateOrderedStorage(); + for (const auto &element : ordered) { + if (firstPrinted) { + os << ", "; + } + os << element.first << ": "; + if (element.second) { + os << element.second; + } else { + os << "null"; + } + firstPrinted = true; + } + os << "} default: "; + } else { + // "Dense representation" + os << "["; + bool firstPrinted = false; + for (size_t i = 0; i < sizeOfSetRange(); i++) { + if (firstPrinted) { + os << ", "; + } + auto expr = load(i); + if (expr) { + os << expr; + } else { + os << "null"; + } + firstPrinted = true; + } + os << "] default: "; + } + if (defaultValue) { + os << defaultValue; + } else { + os << "null"; + } +} + } // namespace klee diff --git a/lib/Basic/KTest.cpp b/lib/Basic/KTest.cpp index b56225d605..71aaf96c93 100644 --- a/lib/Basic/KTest.cpp +++ b/lib/Basic/KTest.cpp @@ -175,11 +175,11 @@ KTest *kTest_fromFile(const char *path) { goto error; for (j = 0; j < o->numPointers; j++) { Pointer *p = &o->pointers[j]; - if (!read_uint32(f, &p->offset)) + if (!read_uint64(f, &p->offset)) goto error; - if (!read_uint32(f, &p->index)) + if (!read_uint64(f, &p->index)) goto error; - if (!read_uint32(f, &p->indexOffset)) + if (!read_uint64(f, &p->indexOffset)) goto error; } } @@ -256,11 +256,11 @@ int kTest_toFile(const KTest *bo, const char *path) { goto error; for (j = 0; j < o->numPointers; j++) { Pointer *p = &o->pointers[j]; - if (!write_uint32(f, p->offset)) + if (!write_uint64(f, p->offset)) goto error; - if (!write_uint32(f, p->index)) + if (!write_uint64(f, p->index)) goto error; - if (!write_uint32(f, p->indexOffset)) + if (!write_uint64(f, p->indexOffset)) goto error; } } diff --git a/lib/Core/AddressManager.cpp b/lib/Core/AddressManager.cpp deleted file mode 100644 index b0219fb9ea..0000000000 --- a/lib/Core/AddressManager.cpp +++ /dev/null @@ -1,72 +0,0 @@ -#include "AddressManager.h" - -#include "MemoryManager.h" -#include "klee/Expr/Expr.h" - -namespace klee { - -void AddressManager::addAllocation(ref address, IDType id) { - assert(!bindingsAdressesToObjects.count(address)); - bindingsAdressesToObjects[address] = id; -} - -void *AddressManager::allocate(ref address, uint64_t size) { - IDType id = bindingsAdressesToObjects.at(address); - - auto &objects = memory->allocatedSizes.at(id); - auto sizeLocation = objects.lower_bound(size); - MemoryObject *newMO; - if (size > maxSize) { - if (sizeLocation != objects.end()) { - newMO = sizeLocation->second; - } else { - newMO = nullptr; - objects[size] = newMO; - } - } else { - if (sizeLocation == objects.end() || !sizeLocation->second) { - uint64_t newSize = std::max((uint64_t)1, size); - int clz = __builtin_clzll(std::max((uint64_t)1, newSize)); - int popcount = __builtin_popcountll(std::max((uint64_t)1, newSize)); - if (popcount > 1) { - newSize = (uint64_t)1 << (sizeof(newSize) * CHAR_BIT - clz); - } - if (newSize > maxSize) { - newSize = std::max((uint64_t)1, size); - } - assert(!objects.empty()); - MemoryObject *mo = objects.begin()->second; - newMO = memory->allocate(newSize, mo->isLocal, mo->isGlobal, - mo->isLazyInitialized, mo->allocSite, - mo->alignment, mo->addressExpr, mo->sizeExpr, - mo->timestamp, mo->id); - } else { - newMO = sizeLocation->second; - } - } - if (newMO) { - assert(size <= newMO->size); - return reinterpret_cast(newMO->address); - } else { - return nullptr; - } -} - -MemoryObject *AddressManager::allocateMemoryObject(ref address, - uint64_t size) { - IDType id = bindingsAdressesToObjects.at(address); - const auto &objects = memory->getAllocatedObjects(id); - auto resultIterator = objects.lower_bound(size); - if (resultIterator == objects.end()) { - allocate(address, size); - resultIterator = objects.lower_bound(size); - } - assert(resultIterator != objects.end()); - return resultIterator->second; -} - -bool AddressManager::isAllocated(ref address) { - return bindingsAdressesToObjects.count(address); -} - -} // namespace klee diff --git a/lib/Core/AddressManager.h b/lib/Core/AddressManager.h deleted file mode 100644 index 1164846357..0000000000 --- a/lib/Core/AddressManager.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef _ADDRESS_MANAGER_H -#define _ADDRESS_MANAGER_H - -#include "Memory.h" - -#include "klee/Expr/ExprHashMap.h" -#include "klee/Solver/AddressGenerator.h" - -#include -#include -#include - -namespace klee { -class MemoryManager; -class Array; - -class AddressManager : public AddressGenerator { - friend MemoryManager; - -private: - MemoryManager *memory; - ExprHashMap bindingsAdressesToObjects; - uint64_t maxSize; - -public: - AddressManager(MemoryManager *memory, uint64_t maxSize) - : memory(memory), maxSize(maxSize) {} - void addAllocation(ref address, IDType id); - void *allocate(ref address, uint64_t size) override; - MemoryObject *allocateMemoryObject(ref address, uint64_t size); - bool isAllocated(ref); -}; - -} // namespace klee - -#endif diff --git a/lib/Core/AddressSpace.cpp b/lib/Core/AddressSpace.cpp index 2e1b9593bc..d92c5bc094 100644 --- a/lib/Core/AddressSpace.cpp +++ b/lib/Core/AddressSpace.cpp @@ -37,9 +37,15 @@ llvm::cl::opt SkipNotLazyInitialized( llvm::cl::cat(PointerResolvingCat)); llvm::cl::opt SkipLocal( - "skip-local", llvm::cl::init(true), + "skip-local", llvm::cl::init(false), llvm::cl::desc( - "Do not set symbolic pointers on local objects (default=true)"), + "Do not set symbolic pointers on local objects (default=false)"), + llvm::cl::cat(PointerResolvingCat)); + +llvm::cl::opt SkipGlobal( + "skip-global", llvm::cl::init(false), + llvm::cl::desc( + "Do not set symbolic pointers on global objects (default=false)"), llvm::cl::cat(PointerResolvingCat)); llvm::cl::opt UseTimestamps( @@ -57,11 +63,14 @@ void AddressSpace::bindObject(const MemoryObject *mo, ObjectState *os) { assert(os->copyOnWriteOwner == 0 && "object already has owner"); os->copyOnWriteOwner = cowKey; objects = objects.replace(std::make_pair(mo, os)); - idToObjects = idToObjects.replace(std::make_pair(mo->id, mo)); +} + +void AddressSpace::bindObject(const MemoryObject *mo, const ObjectState *os) { + ref newObjectState(new ObjectState(*os)); + bindObject(mo, newObjectState.get()); } void AddressSpace::unbindObject(const MemoryObject *mo) { - idToObjects = idToObjects.remove(mo->id); objects = objects.remove(mo); } @@ -71,9 +80,21 @@ ObjectPair AddressSpace::findObject(const MemoryObject *mo) const { : ObjectPair(nullptr, nullptr); } -ObjectPair AddressSpace::findObject(IDType id) const { - const auto res = idToObjects.lookup(id); - return res ? findObject(res->second) : ObjectPair(nullptr, nullptr); +RefObjectPair AddressSpace::lazyInitializeObject(const MemoryObject *mo) const { + return RefObjectPair(mo, new ObjectState(mo, mo->content, mo->type)); +} + +RefObjectPair +AddressSpace::findOrLazyInitializeObject(const MemoryObject *mo) const { + ObjectPair op = findObject(mo); + if (op.first && op.second) { + return RefObjectPair(op.first, op.second); + } + assert(!op.first && !op.second); + if (mo->isLazyInitialized) { + return lazyInitializeObject(mo); + } + return RefObjectPair(nullptr, nullptr); } ObjectState *AddressSpace::getWriteable(const MemoryObject *mo, @@ -84,31 +105,34 @@ ObjectState *AddressSpace::getWriteable(const MemoryObject *mo, // Add a copy of this object state that can be updated ref newObjectState(new ObjectState(*os)); - newObjectState->copyOnWriteOwner = cowKey; - objects = objects.replace(std::make_pair(mo, newObjectState)); - idToObjects = idToObjects.replace(std::make_pair(mo->id, mo)); + bindObject(mo, newObjectState.get()); return newObjectState.get(); } /// -bool AddressSpace::resolveOne(const ref &addr, KType *objectType, - IDType &result) const { - uint64_t address = addr->getZExtValue(); - MemoryObject hack(address); +bool AddressSpace::resolveOne(ref address, + KType *objectType, ObjectPair &result) const { + uint64_t baseConst = address->getConstantBase()->getZExtValue(); + uint64_t addressConst = address->getConstantValue()->getZExtValue(); + MemoryObject hack(baseConst); if (const auto res = objects.lookup_previous(&hack)) { const auto &mo = res->first; - if (ref arrayConstantSize = - dyn_cast(mo->getSizeExpr())) { - // Check if the provided address is between start and end of the object - // [mo->address, mo->address + mo->size) or the object is a 0-sized - // object. - uint64_t size = arrayConstantSize->getZExtValue(); - if ((size == 0 && address == mo->address) || - (address - mo->address < size)) { - result = mo->id; - return true; + if (ref arrayConstantAddress = + dyn_cast(mo->getBaseExpr())) { + if (ref arrayConstantSize = + dyn_cast(mo->getSizeExpr())) { + // Check if the provided address is between start and end of the object + // [mo->address, mo->address + mo->size) or the object is a 0-sized + // object. + uint64_t moSize = arrayConstantSize->getZExtValue(); + uint64_t moAddress = arrayConstantAddress->getZExtValue(); + if ((moSize == 0 && addressConst == moAddress) || + (addressConst - moAddress < moSize)) { + result = findObject(mo); + return true; + } } } } @@ -117,13 +141,12 @@ bool AddressSpace::resolveOne(const ref &addr, KType *objectType, } bool AddressSpace::resolveOneIfUnique(ExecutionState &state, - TimingSolver *solver, ref address, - KType *objectType, IDType &result, + TimingSolver *solver, + ref address, + KType *objectType, ObjectPair &result, bool &success) const { - ref base = - state.isGEPExpr(address) ? state.gepExprBases.at(address).first : address; - ref uniqueAddress = - state.constraints.cs().concretization().evaluate(base); + ref base = address->getBase(); + ref uniqueAddress = base; if (!isa(uniqueAddress) && !solver->tryGetUnique(state.constraints.cs(), base, uniqueAddress, state.queryMetaData)) { @@ -142,7 +165,7 @@ bool AddressSpace::resolveOneIfUnique(ExecutionState &state, return false; } if (success) { - result = mo->id; + result = findObject(mo); } } } @@ -155,18 +178,22 @@ class ResolvePredicate { bool skipNotSymbolicObjects; bool skipNotLazyInitialized; bool skipLocal; + bool skipGlobal; unsigned timestamp; ExecutionState *state; + KType *objectType; + bool complete; public: - explicit ResolvePredicate(ExecutionState &state, ref address) + explicit ResolvePredicate(ExecutionState &state, ref address, + KType *objectType, bool complete) : useTimestamps(UseTimestamps), skipNotSymbolicObjects(SkipNotSymbolicObjects), skipNotLazyInitialized(SkipNotLazyInitialized), skipLocal(SkipLocal), - timestamp(UINT_MAX), state(&state) { - auto base = - state.isGEPExpr(address) ? state.gepExprBases[address].first : address; - if (!isa(address)) { + skipGlobal(SkipGlobal), timestamp(UINT_MAX), state(&state), + objectType(objectType), complete(complete) { + ref base = address->getBase(); + if (!isa(base)) { std::pair, ref> moBasePair; if (state.getBase(base, moBasePair)) { timestamp = moBasePair.first->timestamp; @@ -174,22 +201,26 @@ class ResolvePredicate { } } - bool operator()(const MemoryObject *mo) const { + bool operator()(const MemoryObject *mo, const ObjectState *os) const { bool result = !useTimestamps || mo->timestamp <= timestamp; result = result && (!skipNotSymbolicObjects || state->inSymbolics(mo)); result = result && (!skipNotLazyInitialized || mo->isLazyInitialized); result = result && (!skipLocal || !mo->isLocal); + result = result && (!skipGlobal || !mo->isGlobal); + result = result && os->isAccessableFrom(objectType); + result = result && (!complete || os->wasWritten); return result; } }; bool AddressSpace::resolveOne(ExecutionState &state, TimingSolver *solver, - ref address, KType *objectType, - IDType &result, bool &success, + ref address, KType *objectType, + ObjectPair &result, bool &success, const std::atomic_bool &haltExecution) const { - ResolvePredicate predicate(state, address); - if (ref CE = dyn_cast(address)) { - if (resolveOne(CE, objectType, result)) { + ResolvePredicate predicate(state, address, objectType, complete); + ref addressExpr = address->getValue(); + if (ref CP = dyn_cast(address)) { + if (resolveOne(CP, objectType, result)) { success = true; return true; } @@ -197,35 +228,16 @@ bool AddressSpace::resolveOne(ExecutionState &state, TimingSolver *solver, TimerStatIncrementer timer(stats::resolveTime); - if (!resolveOneIfUnique(state, solver, address, objectType, result, - success)) { - return false; - } - if (success) { - return true; - } - // try cheap search, will succeed for any inbounds pointer - ref cex; - if (!solver->getValue(state.constraints.cs(), address, cex, + ref addressCex; + if (!solver->getValue(state.constraints.cs(), address, addressCex, state.queryMetaData)) return false; - uint64_t example = cex->getZExtValue(); - MemoryObject hack(example); - const auto res = objects.lookup_previous(&hack); - if (res && predicate(res->first)) { - const MemoryObject *mo = res->first; - if (ref arrayConstantSize = - dyn_cast(mo->getSizeExpr())) { - if (example - mo->address < arrayConstantSize->getZExtValue() && - res->second->isAccessableFrom(objectType)) { - result = mo->id; - success = true; - return true; - } - } + if (resolveOne(addressCex, objectType, result)) { + success = true; + return true; } // didn't work, now we have to search @@ -233,10 +245,7 @@ bool AddressSpace::resolveOne(ExecutionState &state, TimingSolver *solver, for (MemoryMap::iterator oi = objects.begin(), oe = objects.end(); oi != oe; ++oi) { const auto &mo = oi->first; - if (!predicate(mo)) - continue; - - if (!oi->second->isAccessableFrom(objectType)) { + if (!predicate(mo, oi->second.get())) { continue; } @@ -250,7 +259,7 @@ bool AddressSpace::resolveOne(ExecutionState &state, TimingSolver *solver, state.queryMetaData)) return false; if (mayBeTrue) { - result = oi->first->id; + result = {oi->first, oi->second.get()}; success = true; return true; } @@ -261,7 +270,7 @@ bool AddressSpace::resolveOne(ExecutionState &state, TimingSolver *solver, } int AddressSpace::checkPointerInObject(ExecutionState &state, - TimingSolver *solver, ref p, + TimingSolver *solver, ref p, const ObjectPair &op, ResolutionList &rl, unsigned maxResolutions) const { // XXX in the common case we can save one query if we ask @@ -277,7 +286,7 @@ int AddressSpace::checkPointerInObject(ExecutionState &state, } if (mayBeTrue) { - rl.push_back(mo->id); + rl.push_back(op); // fast path check auto size = rl.size(); @@ -296,20 +305,20 @@ int AddressSpace::checkPointerInObject(ExecutionState &state, } bool AddressSpace::resolve(ExecutionState &state, TimingSolver *solver, - ref p, KType *objectType, ResolutionList &rl, - ResolutionList &rlSkipped, unsigned maxResolutions, - time::Span timeout) const { - ResolvePredicate predicate(state, p); - if (ConstantExpr *CE = dyn_cast(p)) { - IDType res; - if (resolveOne(CE, objectType, res)) { + ref p, KType *objectType, + ResolutionList &rl, ResolutionList &rlSkipped, + unsigned maxResolutions, time::Span timeout) const { + ResolvePredicate predicate(state, p, objectType, complete); + if (ref CP = dyn_cast(p)) { + ObjectPair res; + if (resolveOne(CP, objectType, res)) { rl.push_back(res); return false; } } TimerStatIncrementer timer(stats::resolveTime); - IDType fastPathObjectID; + ObjectPair fastPathObjectID; bool fastPathSuccess; if (!resolveOneIfUnique(state, solver, p, objectType, fastPathObjectID, fastPathSuccess)) { @@ -338,10 +347,7 @@ bool AddressSpace::resolve(ExecutionState &state, TimingSolver *solver, for (MemoryMap::iterator oi = objects.begin(), oe = objects.end(); oi != oe; ++oi) { const MemoryObject *mo = oi->first; - if (!predicate(mo)) - continue; - if (!oi->second->isAccessableFrom(objectType)) { - rlSkipped.push_back(mo->id); + if (!predicate(mo, oi->second.get())) { continue; } @@ -368,23 +374,43 @@ void AddressSpace::copyOutConcretes(const Assignment &assignment) { for (const auto &object : objects) { auto &mo = object.first; auto &os = object.second; - if (!mo->isUserSpecified && !os->readOnly && mo->size != 0) { - copyOutConcrete(mo, os.get(), assignment); + if (ref sizeExpr = + dyn_cast(mo->getSizeExpr())) { + if (!mo->isUserSpecified && !os->readOnly && + sizeExpr->getZExtValue() != 0) { + copyOutConcrete(mo, os.get(), assignment); + } } } } +ref toConstantExpr(ref expr) { + if (ref pointer = dyn_cast(expr)) { + return pointer->getConstantValue(); + } else { + return cast(expr); + } +} + void AddressSpace::copyOutConcrete(const MemoryObject *mo, const ObjectState *os, const Assignment &assignment) const { - auto address = reinterpret_cast(mo->address); - AssignmentEvaluator ae(assignment, false); - std::vector concreteStore(mo->size); - for (size_t i = 0; i < mo->size; i++) { - auto byte = ae.visit(os->read8(i)); - concreteStore[i] = cast(byte)->getZExtValue(8); + if (ref addressExpr = + dyn_cast(mo->getBaseExpr())) { + auto address = + reinterpret_cast(addressExpr->getZExtValue()); + AssignmentEvaluator evaluator(assignment, false); + if (ref sizeExpr = + dyn_cast(mo->getSizeExpr())) { + size_t moSize = sizeExpr->getZExtValue(); + std::vector concreteStore(moSize); + for (size_t i = 0; i < moSize; i++) { + auto byte = evaluator.visit(os->readValue8(i)); + concreteStore[i] = cast(byte)->getZExtValue(Expr::Int8); + } + std::memcpy(address, concreteStore.data(), moSize); + } } - std::memcpy(address, concreteStore.data(), mo->size); } bool AddressSpace::copyInConcretes(const Assignment &assignment) { @@ -394,8 +420,12 @@ bool AddressSpace::copyInConcretes(const Assignment &assignment) { if (!mo->isUserSpecified) { const auto &os = obj.second; - if (!copyInConcrete(mo, os.get(), mo->address, assignment)) - return false; + if (ref arrayConstantAddress = + dyn_cast(mo->getBaseExpr())) { + if (!copyInConcrete(mo, os.get(), arrayConstantAddress->getZExtValue(), + assignment)) + return false; + } } } @@ -405,19 +435,21 @@ bool AddressSpace::copyInConcretes(const Assignment &assignment) { bool AddressSpace::copyInConcrete(const MemoryObject *mo, const ObjectState *os, uint64_t src_address, const Assignment &assignment) { + AssignmentEvaluator evaluator(assignment, false); auto address = reinterpret_cast(src_address); - AssignmentEvaluator ae(assignment, false); - std::vector concreteStore(mo->size); - for (size_t i = 0; i < mo->size; i++) { - auto byte = ae.visit(os->read8(i)); + size_t moSize = + cast(evaluator.visit(mo->getSizeExpr()))->getZExtValue(); + std::vector concreteStore(moSize); + for (size_t i = 0; i < moSize; i++) { + auto byte = evaluator.visit(os->readValue8(i)); concreteStore[i] = cast(byte)->getZExtValue(8); } - if (memcmp(address, concreteStore.data(), mo->size) != 0) { + if (memcmp(address, concreteStore.data(), moSize) != 0) { if (os->readOnly) { return false; } else { ObjectState *wos = getWriteable(mo, os); - for (size_t i = 0; i < mo->size; i++) { + for (size_t i = 0; i < moSize; i++) { wos->write(i, ConstantExpr::create(address[i], Expr::Int8)); } } @@ -429,5 +461,12 @@ bool AddressSpace::copyInConcrete(const MemoryObject *mo, const ObjectState *os, bool MemoryObjectLT::operator()(const MemoryObject *a, const MemoryObject *b) const { - return a->address < b->address; + if (a->address.has_value() && b->address.has_value()) { + return a->address < b->address; + } else if (a->address.has_value()) { + return true; + } else if (b->address.has_value()) { + return false; + } + return a->getBaseExpr() < b->getBaseExpr(); } diff --git a/lib/Core/AddressSpace.h b/lib/Core/AddressSpace.h index 11d2de8130..6374950814 100644 --- a/lib/Core/AddressSpace.h +++ b/lib/Core/AddressSpace.h @@ -27,7 +27,8 @@ class TimingSolver; template class ref; typedef std::pair ObjectPair; -typedef std::vector ResolutionList; +typedef std::pair> RefObjectPair; +typedef std::vector ResolutionList; typedef std::function MOPredicate; @@ -56,7 +57,7 @@ class AddressSpace { /// the resolution is complete (`p` can only point to the given /// memory object), and 2 otherwise. int checkPointerInObject(ExecutionState &state, TimingSolver *solver, - ref p, const ObjectPair &op, + ref p, const ObjectPair &op, ResolutionList &rl, unsigned maxResolutions) const; public: @@ -73,17 +74,18 @@ class AddressSpace { // // The mapping from ids to objects to safely update the underlying objects // if required (e.g. useful for symbolic sizes). - IDMap idToObjects; + + mutable bool complete = false; AddressSpace() : cowKey(1) {} AddressSpace(const AddressSpace &b) - : cowKey(++b.cowKey), objects(b.objects), idToObjects(b.idToObjects) {} + : cowKey(++b.cowKey), objects(b.objects), complete(b.complete) {} ~AddressSpace() {} /// Resolve address to an ObjectPair in result. /// \return true iff an object was found. - bool resolveOne(const ref &address, KType *objectType, - IDType &result) const; + bool resolveOne(ref address, KType *objectType, + ObjectPair &result) const; /// Resolve address to an ObjectPair in result. /// @@ -95,8 +97,9 @@ class AddressSpace { /// (when returning true). /// \return true iff an object was found at \a address. bool resolveOne(ExecutionState &state, TimingSolver *solver, - ref address, KType *objectType, IDType &result, - bool &success, const std::atomic_bool &haltExecution) const; + ref address, KType *objectType, + ObjectPair &result, bool &success, + const std::atomic_bool &haltExecution) const; /// @brief Tries to resolve the pointer in the concrete object /// if it value is unique. @@ -108,8 +111,8 @@ class AddressSpace { /// @param success True iff object was found. /// @return false iff the resolution is incomplete (query timed out). bool resolveOneIfUnique(ExecutionState &state, TimingSolver *solver, - ref address, KType *objectType, IDType &result, - bool &success) const; + ref address, KType *objectType, + ObjectPair &result, bool &success) const; /// Resolve pointer `p` to a list of `ObjectPairs` it can point /// to. If `maxResolutions` is non-zero then no more than that many @@ -117,7 +120,7 @@ class AddressSpace { /// /// \return true iff the resolution is incomplete (`maxResolutions` /// is non-zero and it was reached, or a query timed out). - bool resolve(ExecutionState &state, TimingSolver *solver, ref p, + bool resolve(ExecutionState &state, TimingSolver *solver, ref p, KType *objectType, ResolutionList &rl, ResolutionList &rlSkipped, unsigned maxResolutions = 0, time::Span timeout = time::Span()) const; @@ -126,13 +129,15 @@ class AddressSpace { /// Add a binding to the address space. void bindObject(const MemoryObject *mo, ObjectState *os); + void bindObject(const MemoryObject *mo, const ObjectState *os); /// Remove a binding from the address space. void unbindObject(const MemoryObject *mo); /// Lookup a binding from a MemoryObject. ObjectPair findObject(const MemoryObject *mo) const; - ObjectPair findObject(IDType id) const; + RefObjectPair lazyInitializeObject(const MemoryObject *mo) const; + RefObjectPair findOrLazyInitializeObject(const MemoryObject *mo) const; /// Copy the concrete values of all managed ObjectStates into the /// actual system memory location they were allocated at. diff --git a/lib/Core/CMakeLists.txt b/lib/Core/CMakeLists.txt index 715bfbbf3d..c7606d7c7b 100644 --- a/lib/Core/CMakeLists.txt +++ b/lib/Core/CMakeLists.txt @@ -7,7 +7,6 @@ # #===------------------------------------------------------------------------===# add_library(kleeCore - AddressManager.cpp AddressSpace.cpp BidirectionalSearcher.cpp CallPathManager.cpp diff --git a/lib/Core/CXXTypeSystem/CXXTypeManager.cpp b/lib/Core/CXXTypeSystem/CXXTypeManager.cpp index 1df8091e9c..8b2cfd4a0c 100644 --- a/lib/Core/CXXTypeSystem/CXXTypeManager.cpp +++ b/lib/Core/CXXTypeSystem/CXXTypeManager.cpp @@ -198,7 +198,7 @@ static ref getComplexPointerRestrictions( if (innerAlignmentRequirement.isNull()) { continue; } - restrictions.addConstraint(innerAlignmentRequirement, {}); + restrictions.addConstraint(innerAlignmentRequirement); } auto simplified = Simplificator::simplify(restrictions.cs()); diff --git a/lib/Core/CodeLocation.cpp b/lib/Core/CodeLocation.cpp index ad67cc0622..ee62003580 100644 --- a/lib/Core/CodeLocation.cpp +++ b/lib/Core/CodeLocation.cpp @@ -9,6 +9,7 @@ #include "CodeLocation.h" #include "klee/ADT/Ref.h" +#include "klee/Module/KValue.h" #include "klee/Module/LocationInfo.h" #include "klee/Module/SarifReport.h" @@ -45,3 +46,8 @@ CodeLocation::create(const KValue *source, const std::string &sourceFilename, PhysicalLocationJson CodeLocation::serialize() const { return location.serialize(); } + +bool CodeLocation::equals(const CodeLocation &b) const { + return pathIndex == b.pathIndex && source == b.source && + location == b.location; +} diff --git a/lib/Core/CodeLocation.h b/lib/Core/CodeLocation.h index 77676abfa6..2e46ca8755 100644 --- a/lib/Core/CodeLocation.h +++ b/lib/Core/CodeLocation.h @@ -75,6 +75,10 @@ struct CodeLocation { /// @param location location info in source code. /// @return SARIFs representation of location. PhysicalLocationJson serialize() const; + + /// @brief Equals code locations. + /// @param b Code location to equal. + bool equals(const CodeLocation &b) const; }; }; // namespace klee diff --git a/lib/Core/ConstructStorage.h b/lib/Core/ConstructStorage.h new file mode 100644 index 0000000000..758d02dd6c --- /dev/null +++ b/lib/Core/ConstructStorage.h @@ -0,0 +1,97 @@ +//===-- ConstructStorage.h --------------------------------------*- C++ -*-===// +// +// The KLEE Symbolic Virtual Machine +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +#ifndef KLEE_CONSTRUCT_STORAGE_H +#define KLEE_CONSTRUCT_STORAGE_H + +#include "klee/ADT/FixedSizeStorageAdapter.h" +#include "klee/ADT/SparseStorage.h" +#include "klee/Expr/Expr.h" + +#include +#include + +namespace klee { +enum class MemoryType { Fixed, Dynamic, Persistent, Mixed }; + +extern llvm::cl::opt MemoryBackend; +extern llvm::cl::opt MaxFixedSizeStructureSize; + +template > +SparseStorage * +constructStorage(ref size, const ValueType &defaultValue, + size_t treshold = MaxFixedSizeStructureSize) { + switch (MemoryBackend) { + case klee::MemoryType::Mixed: { + if (auto constSize = dyn_cast(size); + constSize && constSize->getZExtValue() <= treshold) { + return new SparseStorageImpl>( + defaultValue, typename SparseArrayAdapter::constructor( + constSize->getZExtValue())); + } else { + return new SparseStorageImpl>( + defaultValue); + } + } + case klee::MemoryType::Fixed: { + if (auto constSize = dyn_cast(size); constSize) { + return new SparseStorageImpl>( + defaultValue, typename SparseArrayAdapter::constructor( + constSize->getZExtValue())); + } else { + return new SparseStorageImpl>( + defaultValue); + } + } + case klee::MemoryType::Dynamic: { + return new SparseStorageImpl>( + defaultValue); + } + case klee::MemoryType::Persistent: { + return new SparseStorageImpl>( + defaultValue); + } + default: + assert(0 && "unhandled memory type"); + } +} + +template +FixedSizeStorageAdapter * +constructStorage(size_t size, size_t treshold = MaxFixedSizeStructureSize) { + switch (MemoryBackend) { + case klee::MemoryType::Mixed: { + if (size <= treshold) { + return new ArrayAdapter(size); + } else { + return new PersistentVectorAdapter(size); + } + } + case klee::MemoryType::Fixed: { + return new ArrayAdapter(size); + } + case klee::MemoryType::Dynamic: { + return new VectorAdapter(size); + } + case klee::MemoryType::Persistent: { + return new PersistentVectorAdapter(size); + } + default: + assert(0 && "unhandled memory type"); + } +} +} // namespace klee + +#endif /* KLEE_CONSTRUCT_STORAGE_H */ diff --git a/lib/Core/DistanceCalculator.cpp b/lib/Core/DistanceCalculator.cpp index c5877bb09a..86aefdcb88 100644 --- a/lib/Core/DistanceCalculator.cpp +++ b/lib/Core/DistanceCalculator.cpp @@ -140,8 +140,8 @@ bool DistanceCalculator::distanceInCallGraph( KFunction *kf, KBlock *origKB, unsigned int &distance, const FunctionDistanceMap &distanceToTargetFunction, KBlock *targetKB, bool strictlyAfterKB) const { - auto &dist = codeGraphInfo.getDistance(origKB->basicBlock()); - if (kf == targetKB->parent && dist.count(targetKB->basicBlock())) { + auto &dist = codeGraphInfo.getDistance(origKB); + if (kf == targetKB->parent && dist.count(targetKB)) { distance = 0; return true; } @@ -149,8 +149,7 @@ bool DistanceCalculator::distanceInCallGraph( distance = UINT_MAX; bool cannotReachItself = strictlyAfterKB && !codeGraphInfo.hasCycle(origKB); for (auto kCallBlock : kf->kCallBlocks) { - if (!dist.count(kCallBlock->basicBlock()) || - (cannotReachItself && origKB == kCallBlock)) + if (!dist.count(kCallBlock) || (cannotReachItself && origKB == kCallBlock)) continue; for (auto calledFunction : kCallBlock->calledFunctions) { auto it = distanceToTargetFunction.find(calledFunction); @@ -167,7 +166,7 @@ WeightResult DistanceCalculator::tryGetLocalWeight( const auto &dist = codeGraphInfo.getDistance(kb); weight = UINT_MAX; for (auto end : localTargets) { - auto it = dist.find(end->basicBlock()); + auto it = dist.find(end); if (it != dist.end()) weight = std::min(it->second, weight); } diff --git a/lib/Core/DistanceCalculator.h b/lib/Core/DistanceCalculator.h index ed6b5170f8..c4b1e10657 100644 --- a/lib/Core/DistanceCalculator.h +++ b/lib/Core/DistanceCalculator.h @@ -96,7 +96,7 @@ class DistanceCalculator { using TargetToSpeculativeStateToDistanceResultMap = std::unordered_map; - using StatesSet = std::unordered_set; + using StatesSet = states_ty; CodeGraphInfo &codeGraphInfo; TargetToSpeculativeStateToDistanceResultMap distanceResultCache; diff --git a/lib/Core/ExecutionState.cpp b/lib/Core/ExecutionState.cpp index 78d2f6a546..8995736214 100644 --- a/lib/Core/ExecutionState.cpp +++ b/lib/Core/ExecutionState.cpp @@ -9,6 +9,7 @@ #include "ExecutionState.h" +#include "ConstructStorage.h" #include "Memory.h" #include "klee/Expr/ArrayExprVisitor.h" @@ -102,17 +103,15 @@ bool CallStackFrame::equals(const CallStackFrame &other) const { } StackFrame::StackFrame(KFunction *kf) : kf(kf), varargs(nullptr) { - locals = new Cell[kf->getNumRegisters()]; + locals.reset(constructStorage(kf->getNumRegisters())); } StackFrame::StackFrame(const StackFrame &s) : kf(s.kf), allocas(s.allocas), varargs(s.varargs) { - locals = new Cell[kf->getNumRegisters()]; - for (unsigned i = 0; i < kf->getNumRegisters(); i++) - locals[i] = s.locals[i]; + locals.reset(s.locals->clone()); } -StackFrame::~StackFrame() { delete[] locals; } +StackFrame::~StackFrame() {} InfoStackFrame::InfoStackFrame(KFunction *kf) : kf(kf) {} @@ -176,10 +175,10 @@ ExecutionState::ExecutionState(const ExecutionState &state) : nullptr), coveredNew(state.coveredNew), coveredNewError(state.coveredNewError), forkDisabled(state.forkDisabled), returnValue(state.returnValue), - gepExprBases(state.gepExprBases), prevTargets_(state.prevTargets_), - targets_(state.targets_), prevHistory_(state.prevHistory_), - history_(state.history_), isTargeted_(state.isTargeted_) { - constraints.fork(); + gepExprBases(state.gepExprBases), multiplexKF(state.multiplexKF), + prevTargets_(state.prevTargets_), targets_(state.targets_), + prevHistory_(state.prevHistory_), history_(state.history_), + isTargeted_(state.isTargeted_) { queryMetaData.id = state.id; } @@ -246,11 +245,10 @@ void ExecutionState::pushFrame(KInstIterator caller, KFunction *kf) { void ExecutionState::popFrame() { const StackFrame &sf = stack.valueStack().back(); - for (const auto id : sf.allocas) { - const MemoryObject *memoryObject = addressSpace.findObject(id).first; + for (auto &memoryObject : sf.allocas) { assert(memoryObject); - removePointerResolutions(memoryObject); - addressSpace.unbindObject(memoryObject); + removePointerResolutions(memoryObject.get()); + addressSpace.unbindObject(memoryObject.get()); } stack.popFrame(); } @@ -273,52 +271,27 @@ ExecutionState::findMemoryObject(const Array *array) const { bool ExecutionState::getBase( ref expr, std::pair, ref> &resolution) const { - switch (expr->getKind()) { - case Expr::Read: { - ref base = dyn_cast(expr); - auto parent = findMemoryObject(base->updates.root); - if (!parent) { - return false; - } - resolution = std::make_pair(parent, base->index); - return true; - } - case Expr::Concat: { - ref base = - ArrayExprHelper::hasOrderedReads(*dyn_cast(expr)); - if (!base) { - return false; - } - auto parent = findMemoryObject(base->updates.root); - if (!parent) { - return false; - } - resolution = std::make_pair(parent, base->index); - return true; + ref base = expr->hasOrderedReads(); + if (!base) { + return false; } - default: { - if (isGEPExpr(expr)) { - ref gepBase = gepExprBases.at(expr).first; - std::pair, ref> gepResolved; - if (expr != gepBase && getBase(gepBase, gepResolved)) { - auto parent = gepResolved.first; - auto index = gepResolved.second; - resolution = std::make_pair(parent, index); - return true; - } else { - return false; - } - } else { - return false; - } + if (ref liaSource = + dyn_cast( + base->updates.root->source)) { + return getBase(liaSource->pointer, resolution); } + auto parent = findMemoryObject(base->updates.root); + if (!parent) { + return false; } + resolution = std::make_pair(parent, base->index); + return true; } void ExecutionState::removePointerResolutions(const MemoryObject *mo) { for (auto resolution = begin(resolvedPointers); resolution != end(resolvedPointers);) { - resolution->second.erase(mo->id); + resolution->second.erase(mo); if (resolution->second.size() == 0) { resolution = resolvedPointers.erase(resolution); } else { @@ -328,7 +301,7 @@ void ExecutionState::removePointerResolutions(const MemoryObject *mo) { for (auto resolution = begin(resolvedSubobjects); resolution != end(resolvedSubobjects);) { - resolution->second.erase(mo->id); + resolution->second.erase(mo); if (resolution->second.size() == 0) { resolution = resolvedSubobjects.erase(resolution); } else { @@ -337,31 +310,34 @@ void ExecutionState::removePointerResolutions(const MemoryObject *mo) { } } -void ExecutionState::removePointerResolutions(ref address, +void ExecutionState::removePointerResolutions(ref address, unsigned size) { - if (!isa(address)) { - resolvedPointers[address].clear(); + ref base = address->getBase(); + if (!isa(base)) { + resolvedPointers[base].clear(); resolvedSubobjects[MemorySubobject(address, size)].clear(); } } // base address mo and ignore non pure reads in setinitializationgraph -void ExecutionState::addPointerResolution(ref address, +void ExecutionState::addPointerResolution(ref address, const MemoryObject *mo, unsigned size) { - if (!isa(address)) { - resolvedPointers[address].insert(mo->id); - resolvedSubobjects[MemorySubobject(address, size)].insert(mo->id); + ref base = address->getBase(); + if (!isa(base)) { + resolvedPointers[base].insert(mo); + resolvedSubobjects[MemorySubobject(address, size)].insert(mo); } } -void ExecutionState::addUniquePointerResolution(ref address, +void ExecutionState::addUniquePointerResolution(ref address, const MemoryObject *mo, unsigned size) { - if (!isa(address)) { + ref base = address->getBase(); + if (!isa(base)) { removePointerResolutions(address, size); - resolvedPointers[address].insert(mo->id); - resolvedSubobjects[MemorySubobject(address, size)].insert(mo->id); + resolvedPointers[base].insert(mo); + resolvedSubobjects[MemorySubobject(address, size)].insert(mo); } } @@ -407,9 +383,11 @@ void ExecutionState::dumpStack(llvm::raw_ostream &out) const { if (ai->hasName()) out << ai->getName().str() << "="; - ref value = sf.locals[csf.kf->getArgRegister(index++)].value; + ref value = sf.locals->at(csf.kf->getArgRegister(index++)).value; if (isa_and_nonnull(value)) { out << value; + } else if (isa_and_nonnull(value)) { + out << value; } else { out << "symbolic"; } @@ -423,8 +401,8 @@ void ExecutionState::dumpStack(llvm::raw_ostream &out) const { } } -void ExecutionState::addConstraint(ref e, const Assignment &delta) { - constraints.addConstraint(e, delta); +void ExecutionState::addConstraint(ref e) { + constraints.addConstraint(e); } void ExecutionState::addCexPreference(const ref &cond) { @@ -453,6 +431,12 @@ void ExecutionState::increaseLevel() { kmodule->inMainModule(*kf->function())) { auto srcLevel = stack.infoStack().back().multilevel[srcbb].second; stack.infoStack().back().multilevel.replace({srcbb, srcLevel + 1}); + if (afterFork) { + auto symSrcLevel = + stack.infoStack().back().symbolicMultilevel[srcbb].second; + stack.infoStack().back().symbolicMultilevel.replace( + {srcbb, symSrcLevel + 1}); + } level.insert(prevPC->parent); } } diff --git a/lib/Core/ExecutionState.h b/lib/Core/ExecutionState.h index 3dc0b3bff7..613c376762 100644 --- a/lib/Core/ExecutionState.h +++ b/lib/Core/ExecutionState.h @@ -12,16 +12,19 @@ #include "AddressSpace.h" +#include "klee/ADT/FixedSizeStorageAdapter.h" #include "klee/ADT/ImmutableList.h" #include "klee/ADT/ImmutableSet.h" #include "klee/ADT/PersistentMap.h" #include "klee/ADT/PersistentSet.h" +#include "klee/ADT/SparseStorage.h" #include "klee/ADT/TreeStream.h" #include "klee/Core/TerminationTypes.h" #include "klee/Expr/Assignment.h" #include "klee/Expr/Constraints.h" #include "klee/Expr/Expr.h" #include "klee/Expr/ExprHashMap.h" +#include "klee/Module/Cell.h" #include "klee/Module/KInstIterator.h" #include "klee/Module/KInstruction.h" #include "klee/Module/Target.h" @@ -41,6 +44,7 @@ DISABLE_WARNING_DEPRECATED_DECLARATIONS #include "llvm/IR/Function.h" DISABLE_WARNING_POP +#include #include #include #include @@ -89,8 +93,8 @@ struct CallStackFrame { struct StackFrame { KFunction *kf; - std::vector allocas; - Cell *locals; + std::vector> allocas; + std::unique_ptr> locals; // For vararg functions: arguments not passed via parameter are // stored (packed tightly) in a local (alloca) memory object. This @@ -108,6 +112,7 @@ struct InfoStackFrame { KFunction *kf; CallPathNode *callPathNode = nullptr; PersistentMap multilevel; + PersistentMap symbolicMultilevel; /// Minimum distance to an uncovered instruction once the function /// returns. This is not a good place for this but is used to @@ -181,11 +186,12 @@ class UnwindingInformation { public: // _Unwind_Exception* of the thrown exception, used in both phases - ref exceptionObject; + ref exceptionObject; Kind getKind() const { return kind; } - explicit UnwindingInformation(ref exceptionObject, Kind k) + explicit UnwindingInformation(ref exceptionObject, + Kind k) : kind(k), exceptionObject(exceptionObject) {} virtual ~UnwindingInformation() = default; @@ -200,7 +206,7 @@ struct SearchPhaseUnwindingInformation : public UnwindingInformation { // landingpad, so we can clean it up after the personality fn returns. MemoryObject *serializedLandingpad = nullptr; - SearchPhaseUnwindingInformation(ref exceptionObject, + SearchPhaseUnwindingInformation(ref exceptionObject, std::size_t const unwindingProgress) : UnwindingInformation(exceptionObject, UnwindingInformation::Kind::SearchPhase), @@ -229,7 +235,7 @@ struct CleanupPhaseUnwindingInformation : public UnwindingInformation { // we first found a handler in the search phase. const std::size_t catchingStackIndex; - CleanupPhaseUnwindingInformation(ref exceptionObject, + CleanupPhaseUnwindingInformation(ref exceptionObject, ref selectorValue, const std::size_t catchingStackIndex) : UnwindingInformation(exceptionObject, @@ -365,9 +371,9 @@ class ExecutionState { ImmutableList symbolics; /// @brief map from memory accesses to accessed objects and access offsets. - ExprHashMap> resolvedPointers; - std::unordered_map, MemorySubobjectHash, - MemorySubobjectCompare> + ExprHashMap>> resolvedPointers; + std::unordered_map>, + MemorySubobjectHash, MemorySubobjectCompare> resolvedSubobjects; /// @brief A set of boolean expressions @@ -408,15 +414,20 @@ class ExecutionState { /// @brief Disables forking for this state. Set by user code bool forkDisabled = false; + bool afterFork = false; + /// Needed for composition ref returnValue; - ExprHashMap, llvm::Type *>> gepExprBases; + ExprHashMap gepExprBases; mutable ReachWithError error = ReachWithError::None; std::atomic terminationReasonType{ HaltExecution::NotHalt}; + // Temp: to know which multiplex path this state has taken + KFunction *multiplexKF = nullptr; + private: PersistentSet> prevTargets_; PersistentSet> targets_; @@ -460,13 +471,13 @@ class ExecutionState { std::pair, ref> &resolution) const; void removePointerResolutions(const MemoryObject *mo); - void removePointerResolutions(ref address, unsigned size); - void addPointerResolution(ref address, const MemoryObject *mo, + void removePointerResolutions(ref address, unsigned size); + void addPointerResolution(ref address, const MemoryObject *mo, unsigned size = 0); - void addUniquePointerResolution(ref address, const MemoryObject *mo, - unsigned size = 0); + void addUniquePointerResolution(ref address, + const MemoryObject *mo, unsigned size = 0); - void addConstraint(ref e, const Assignment &c); + void addConstraint(ref e); void addCexPreference(const ref &cond); Query toQuery(ref head) const; @@ -544,10 +555,26 @@ class ExecutionState { return false; } + inline bool isSymbolicCycled(unsigned long long bound) const { + if (bound == 0) + return false; + if (prevPC->inst()->isTerminator() && stack.size() > 0) { + auto &ml = stack.infoStack().back().symbolicMultilevel; + auto level = ml.find(getPCBlock()); + return level != ml.end() && level->second > bound; + } + if (pc == pc->parent->getFirstInstruction() && + pc->parent == pc->parent->parent->entryKBlock) { + auto level = stack.multilevel.at(stack.callStack().back().kf); + return level > bound; + } + return false; + } + inline bool isStuck(unsigned long long bound) const { if (depth == 0) return false; - return isCycled(bound) && klee::util::ulog2(depth) > bound; + return isSymbolicCycled(bound) && klee::util::ulog2(depth) > bound; } bool isCoveredNew() const { diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index 7a6dd217bd..c6a395731c 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -9,9 +9,9 @@ #include "Executor.h" -#include "AddressManager.h" #include "AddressSpace.h" #include "CXXTypeSystem/CXXTypeManager.h" +#include "ConstructStorage.h" #include "CoreStats.h" #include "DistanceCalculator.h" #include "ExecutionState.h" @@ -40,16 +40,19 @@ #include "klee/Config/config.h" #include "klee/Core/Interpreter.h" #include "klee/Core/MockBuilder.h" +#include "klee/Core/TerminationTypes.h" #include "klee/Expr/ArrayExprOptimizer.h" #include "klee/Expr/ArrayExprVisitor.h" #include "klee/Expr/Assignment.h" #include "klee/Expr/Constraints.h" #include "klee/Expr/Expr.h" +#include "klee/Expr/ExprHashMap.h" #include "klee/Expr/ExprPPrinter.h" #include "klee/Expr/ExprSMTLIBPrinter.h" #include "klee/Expr/ExprUtil.h" #include "klee/Expr/IndependentConstraintSetUnion.h" #include "klee/Expr/IndependentSet.h" +#include "klee/Expr/SymbolicSource.h" #include "klee/Expr/Symcrete.h" #include "klee/Module/Cell.h" #include "klee/Module/CodeGraphInfo.h" @@ -178,12 +181,12 @@ cl::opt cl::cat(ExecCat)); cl::opt OSCopySizeMemoryCheckThreshold( - "os-copy-size-mem-check-threshold", cl::init(10000), + "os-copy-size-mem-check-threshold", cl::init(30000), cl::desc("Check memory usage when this amount of bytes dense OS is copied"), cl::cat(ExecCat)); cl::opt StackCopySizeMemoryCheckThreshold( - "stack-copy-size-mem-check-threshold", cl::init(10000), + "stack-copy-size-mem-check-threshold", cl::init(30000), cl::desc("Check memory usage when state with stack this big (in bytes) is " "copied"), cl::cat(ExecCat)); @@ -214,6 +217,12 @@ llvm::cl::opt UseSymbolicSizeLazyInit( "Allows lazy initialize symbolic size objects (default false)"), llvm::cl::init(false), llvm::cl::cat(LazyInitCat)); +llvm::cl::opt MinElementSizeLazyInit( + "min-element-size-li", + llvm::cl::desc("Minimum size of an element of array for one lazy " + "initialization (default 4)"), + llvm::cl::init(4), llvm::cl::cat(LazyInitCat)); + llvm::cl::opt MinNumberElementsLazyInit( "min-number-elements-li", llvm::cl::desc("Minimum number of array elements for one lazy " @@ -306,6 +315,12 @@ cl::opt "querying the solver (default=true)"), cl::cat(SolvingCat)); +cl::opt OnlyOutputMakeSymbolicArrays( + "only-output-make-symbolic-arrays", cl::init(false), + cl::desc( + "Only output test data with klee_make_symbolic source (default=false)"), + cl::cat(TestGenCat)); + /*** External call policy options ***/ enum class ExternalCallPolicy { @@ -441,6 +456,10 @@ bool allLeafsAreConstant(const ref &expr) { return true; } + if (isa(expr)) { + return true; + } + if (!isa(expr)) { return false; } @@ -461,8 +480,8 @@ bool allLeafsAreConstant(const ref &expr) { } // namespace -extern llvm::cl::opt MaxConstantAllocationSize; -extern llvm::cl::opt MaxSymbolicAllocationSize; +extern llvm::cl::opt MaxConstantAllocationSize; +extern llvm::cl::opt MaxSymbolicAllocationSize; extern llvm::cl::opt UseSymbolicSizeAllocation; extern llvm::cl::opt TrackCoverage; @@ -542,18 +561,14 @@ Executor::Executor(LLVMContext &ctx, const InterpreterOptions &opts, klee_error("Failed to create core solver\n"); } - memory = std::make_unique(&arrayCache); - addressManager.reset( - new AddressManager(memory.get(), MaxSymbolicAllocationSize)); - memory->am = addressManager.get(); + memory = std::make_unique(); std::unique_ptr solver = constructSolverChain( std::move(coreSolver), interpreterHandler->getOutputFilename(ALL_QUERIES_SMT2_FILE_NAME), interpreterHandler->getOutputFilename(SOLVER_QUERIES_SMT2_FILE_NAME), interpreterHandler->getOutputFilename(ALL_QUERIES_KQUERY_FILE_NAME), - interpreterHandler->getOutputFilename(SOLVER_QUERIES_KQUERY_FILE_NAME), - addressManager.get(), arrayCache); + interpreterHandler->getOutputFilename(SOLVER_QUERIES_KQUERY_FILE_NAME)); this->solver = std::make_unique(std::move(solver), optimizer, EqualitySubstitution); @@ -656,10 +671,6 @@ llvm::Module *Executor::setModule( preservedFunctions.push_back("memcmp"); preservedFunctions.push_back("memmove"); - for (const auto &p : klee::floatReplacements) { - preservedFunctions.push_back(p.second.c_str()); - } - if (FunctionCallReproduce != "") { preservedFunctions.push_back(FunctionCallReproduce.c_str()); } @@ -705,6 +716,10 @@ llvm::Module *Executor::setModule( return kmodule->module.get(); } +void Executor::setFunctionsByModule(FunctionsByModule &&fnsByModule) { + functionsByModule = std::forward(fnsByModule); +} + Executor::~Executor() { delete typeSystemManager; delete externalDispatcher; @@ -758,8 +773,12 @@ void Executor::initializeGlobalObject(ExecutionState &state, ObjectState *os, offset + i * elementSize); } else if (isa(c)) { unsigned i, size = targetData->getTypeStoreSize(c->getType()); - for (i = 0; i < size; i++) - os->write8(offset + i, (uint8_t)0); + if (offset) { + for (i = 0; i < size; i++) + os->write8(offset + i, (uint8_t)0); + } else { + os->initializeToZero(); + } } else if (const ConstantArray *ca = dyn_cast(c)) { unsigned elementSize = targetData->getTypeStoreSize(ca->getType()->getElementType()); @@ -801,10 +820,14 @@ MemoryObject *Executor::addExternalObject(ExecutionState &state, void *addr, KType *type, unsigned size, bool isReadOnly) { auto mo = memory->allocateFixed(reinterpret_cast(addr), size, - nullptr); + nullptr, type); ObjectState *os = bindObjectInState(state, mo, type, false); - for (unsigned i = 0; i < size; i++) - os->write8(i, ((uint8_t *)addr)[i]); + ref seg = + Expr::createPointer(reinterpret_cast(addr)); + for (unsigned i = 0; i < size; i++) { + ref byte = ConstantExpr::create(((uint8_t *)addr)[i], Expr::Int8); + os->write(i, PointerExpr::create(seg, byte)); + } if (isReadOnly) os->setReadOnly(true); return mo; @@ -837,14 +860,15 @@ void Executor::allocateGlobalObjects(ExecutionState &state) { // ensures that we won't conflict. we don't need to allocate a memory object // since reading/writing via a function pointer is unsupported anyway. for (Function &f : *m) { - ref addr; + ref addr; // If the symbol has external weak linkage then it is implicitly // not defined in this module; if it isn't resolvable then it // should be null. if (f.hasExternalWeakLinkage() && !externalDispatcher->resolveSymbol(f.getName().str())) { - addr = Expr::createPointer(0); + addr = ConstantPointerExpr::create(Expr::createPointer(0), + Expr::createPointer(0)); } else { // We allocate an object to represent each function, // its address can be used for function pointers. @@ -853,11 +877,12 @@ void Executor::allocateGlobalObjects(ExecutionState &state) { const KFunction *kf = kmodule->functionMap.at(&f); ref fCodeLocation = CodeLocation::create( kf, kf->getSourceFilepath(), kf->getLine(), std::nullopt); - auto mo = allocate(state, Expr::createPointer(8), false, true, - fCodeLocation, 8); - addr = Expr::createPointer(mo->address); - legalFunctions.emplace(mo->address, &f); + auto mo = allocate(state, Expr::createPointer(8), false, true, + fCodeLocation, 8, typeSystemManager->getUnknownType()); + auto baseExpr = cast(mo->getBaseExpr()); + addr = ConstantPointerExpr::create(baseExpr, baseExpr); + legalFunctions.emplace(baseExpr->getZExtValue(), &f); } globalAddresses.emplace(&f, addr); @@ -872,13 +897,15 @@ void Executor::allocateGlobalObjects(ExecutionState &state) { if (Context::get().getPointerWidth() == 32) { errnoObj = allocate(state, Expr::createPointer(sizeof(*errno_addr)), false, - true, nullptr, 8); + true, nullptr, 8, + typeSystemManager->getWrappedType(pointerErrnoAddr)); errnoObj->isFixed = true; bindObjectInState(state, errnoObj, typeSystemManager->getWrappedType(pointerErrnoAddr), false); - errno_addr = reinterpret_cast(errnoObj->address); + errno_addr = reinterpret_cast( + cast(errnoObj->getBaseExpr())->getZExtValue()); } else { errno_addr = getErrnoLocation(state); errnoObj = @@ -989,12 +1016,14 @@ void Executor::allocateGlobalObjects(ExecutionState &state) { MemoryObject *mo = allocate(state, size, /*isLocal=*/false, /*isGlobal=*/true, /*allocSite=*/vCodeLocation, - /*alignment=*/globalObjectAlignment); + /*alignment=*/globalObjectAlignment, + typeSystemManager->getWrappedType(ty)); if (!mo) klee_error("out of memory"); globalObjects.emplace(&v, mo); - globalAddresses.emplace(&v, mo->getBaseExpr()); + globalAddresses.emplace( + &v, PointerExpr::create(mo->getBaseExpr(), mo->getBaseExpr())); } } @@ -1049,6 +1078,9 @@ void Executor::initializeGlobalObjects(ExecutionState &state) { if (v.isDeclaration()) { if (isa(mo->getSizeExpr())) { + ref sizeExpr = dyn_cast(mo->getSizeExpr()); + assert(sizeExpr); + size_t moSize = sizeExpr->getZExtValue(); // Program already running -> object already initialized. // Read concrete value and write it to our copy. void *addr; @@ -1061,7 +1093,7 @@ void Executor::initializeGlobalObjects(ExecutionState &state) { klee_error("Unable to load symbol(%.*s) while initializing globals", static_cast(v.getName().size()), v.getName().data()); } else { - for (unsigned offset = 0; offset < mo->size; offset++) { + for (unsigned offset = 0; offset < moSize; offset++) { os->write8(offset, static_cast(addr)[offset]); } } @@ -1187,8 +1219,10 @@ void Executor::branch(ExecutionState &state, } for (unsigned i = 0; i < N; ++i) - if (result[i]) + if (result[i]) { + result[i]->afterFork = true; addConstraint(*result[i], conditions[i]); + } } ref Executor::maxStaticPctChecks(ExecutionState ¤t, @@ -1329,11 +1363,12 @@ Executor::StatePair Executor::fork(ExecutionState ¤t, ref condition, StateTerminationType::MissedAllTargets); return StatePair(nullptr, nullptr); } - if (res != PartialValidity::None) + if (res != PartialValidity::None) { success = true; - else + } else { success = solver->evaluate(current.constraints.cs(), condition, res, current.queryMetaData); + } solver->setTimeout(time::Span()); if (!success) { current.pc = current.prevPC; @@ -1504,6 +1539,8 @@ Executor::StatePair Executor::fork(ExecutionState ¤t, ref condition, } } + trueState->afterFork = true; + falseState->afterFork = true; addConstraint(*trueState, condition); addConstraint(*falseState, Expr::createIsZero(condition)); @@ -1560,18 +1597,7 @@ void Executor::addConstraint(ExecutionState &state, ref condition) { klee_warning("seeds patched for violating constraint"); } - Assignment concretization = computeConcretization( - state.constraints.cs(), condition, state.queryMetaData); - - if (!concretization.isEmpty()) { - // Update memory objects if arrays have affected them. - updateStateWithSymcretes(state, concretization); - Assignment delta = - state.constraints.cs().concretization().diffWith(concretization); - state.addConstraint(condition, delta); - } else { - state.addConstraint(condition, {}); - } + state.addConstraint(condition); if (ivcEnabled) doImpliedValueConcretization(state, condition, @@ -1593,11 +1619,11 @@ const Cell &Executor::eval(const KInstruction *ki, unsigned index, return kmodule->constantTable[index]; } else { unsigned index = vnumber; - ref reg = sf.locals[index].value; + ref reg = sf.locals->at(index).value; if (isSymbolic && reg.isNull()) { prepareSymbolicRegister(state, sf, index); } - return sf.locals[index]; + return sf.locals->at(index); } } @@ -1608,25 +1634,25 @@ const Cell &Executor::eval(const KInstruction *ki, unsigned index, void Executor::bindLocal(const KInstruction *target, StackFrame &frame, ref value) { - getDestCell(frame, target).value = value; + setDestCell(frame, target, value); } void Executor::bindArgument(KFunction *kf, unsigned index, StackFrame &frame, ref value) { - getArgumentCell(frame, kf, index).value = value; + setArgumentCell(frame, kf, index, value); } void Executor::bindLocal(const KInstruction *target, ExecutionState &state, ref value) { - getDestCell(state, target).value = value; + setDestCell(state, target, value); } void Executor::bindArgument(KFunction *kf, unsigned index, ExecutionState &state, ref value) { - getArgumentCell(state, kf, index).value = value; + setArgumentCell(state, kf, index, value); } -ref Executor::toUnique(const ExecutionState &state, ref &e) { +ref Executor::toUnique(const ExecutionState &state, ref e) { ref result = e; solver->setTimeout(coreSolverTimeout); solver->tryGetUnique(state.constraints.cs(), e, result, state.queryMetaData); @@ -1665,13 +1691,43 @@ ref Executor::toConstant(ExecutionState &state, ref e, return value; } +ref +Executor::toConstantPointer(ExecutionState &state, ref e, + const char *reason) { + e = Simplificator::simplifyExpr(state.constraints.cs(), e).simplified; + if (ConstantPointerExpr *CE = dyn_cast(e)) + return CE; + + ref pointer; + bool success = + solver->getValue(state.constraints.cs(), e, pointer, state.queryMetaData); + assert(success && "FIXME: Unhandled solver failure"); + (void)success; + + std::string str; + llvm::raw_string_ostream os(str); + os << "silently concretizing (reason: " << reason << ") expression " << e + << " to value " << pointer << " (" << state.pc->getSourceFilepath() << ":" + << state.pc->getLine() << ")"; + + if (AllExternalWarnings) + klee_warning("%s", os.str().c_str()); + else + klee_warning_once(reason, "%s", os.str().c_str()); + + addConstraint(state, EqExpr::create(e, pointer)); + + return pointer; +} + void Executor::executeGetValue(ExecutionState &state, ref e, KInstruction *target) { e = Simplificator::simplifyExpr(state.constraints.cs(), e).simplified; std::map>::iterator it = seedMap->find(&state); - if (it == seedMap->end() || isa(e)) { - ref value; + if (it == seedMap->end() || isa(e) || + isa(e)) { + ref value; e = optimizer.optimizeExpr(e, true); bool success = solver->getValue(state.constraints.cs(), e, value, state.queryMetaData); @@ -1776,6 +1832,7 @@ void Executor::stepInstruction(ExecutionState &state) { state.prevPC = state.pc; state.constraints.advancePath(state.pc); ++state.pc; + state.afterFork = false; if (stats::instructions == MaxInstructions) haltExecution = HaltExecution::MaxInstructions; @@ -1804,6 +1861,7 @@ MemoryObject *Executor::serializeLandingpad(ExecutionState &state, stateTerminated = false; std::vector serialized; + std::vector pointerMask; for (unsigned current_clause_id = 0; current_clause_id < lpi.getNumClauses(); ++current_clause_id) { @@ -1811,6 +1869,7 @@ MemoryObject *Executor::serializeLandingpad(ExecutionState &state, if (lpi.isCatch(current_clause_id)) { // catch-clause serialized.push_back(0); + pointerMask.push_back(0); std::uint64_t ti_addr = 0; @@ -1823,8 +1882,8 @@ MemoryObject *Executor::serializeLandingpad(ExecutionState &state, // Since global variable may have symbolic address, // here we must guarantee that the address of clause is // constant (which seems to be true). - ti_addr = - cast(globalAddresses[clause_type])->getZExtValue(); + ti_addr = cast(globalAddresses[clause_type]->getValue()) + ->getZExtValue(); } else if (current_clause->isNullValue()) { ti_addr = 0; } else { @@ -1835,14 +1894,20 @@ MemoryObject *Executor::serializeLandingpad(ExecutionState &state, } const std::size_t old_size = serialized.size(); serialized.resize(old_size + 8); + pointerMask.resize(old_size + 8); memcpy(serialized.data() + old_size, &ti_addr, sizeof(ti_addr)); + for (size_t i = 0; i < sizeof(ti_addr); ++i) { + pointerMask[old_size + i] = ti_addr; + } } else if (lpi.isFilter(current_clause_id)) { if (current_clause->isNullValue()) { // special handling for a catch-all filter clause, i.e., "[0 x i8*]" // for this case we serialize 1 element.. serialized.push_back(1); + pointerMask.push_back(0); // which is a 64bit-wide 0. serialized.resize(serialized.size() + 8, 0); + pointerMask.resize(pointerMask.size() + 8, 0); } else { llvm::ConstantArray const *ca = cast(current_clause); @@ -1861,6 +1926,7 @@ MemoryObject *Executor::serializeLandingpad(ExecutionState &state, serialized_num_elements = num_elements; serialized.push_back(serialized_num_elements + 1); + pointerMask.push_back(0); // serialize the exception-types occurring in this filter-clause for (llvm::Value const *v : ca->operands()) { @@ -1887,22 +1953,34 @@ MemoryObject *Executor::serializeLandingpad(ExecutionState &state, // We assume again that the clause_value is a // constant global. std::uint64_t const ti_addr = - cast(globalAddresses[clause_value])->getZExtValue(); + cast(globalAddresses[clause_value]->getValue()) + ->getZExtValue(); const std::size_t old_size = serialized.size(); serialized.resize(old_size + 8); + pointerMask.resize(old_size + 8); memcpy(serialized.data() + old_size, &ti_addr, sizeof(ti_addr)); + for (size_t i = 0; i < sizeof(ti_addr); ++i) { + pointerMask[old_size + i] = ti_addr; + } } } } } - MemoryObject *mo = allocate(state, Expr::createPointer(serialized.size()), - true, false, nullptr, 1); + MemoryObject *mo = + allocate(state, Expr::createPointer(serialized.size()), true, false, + nullptr, 1, typeSystemManager->getUnknownType()); ObjectState *os = bindObjectInState(state, mo, typeSystemManager->getUnknownType(), false); for (unsigned i = 0; i < serialized.size(); i++) { - os->write8(i, serialized[i]); + ref sec = ConstantExpr::create(serialized[i], Expr::Int8); + if (pointerMask.at(i)) { + ref seg = Expr::createPointer(pointerMask.at(i)); + os->write(i, PointerExpr::create(seg, sec)); + } else { + os->write(i, sec); + } } return mo; @@ -1980,7 +2058,9 @@ void Executor::unwindToNextLandingpad(ExecutionState &state) { state.increaseLevel(); bindArgument(kf, 0, state, sui->exceptionObject); bindArgument(kf, 1, state, clauses_mo->getSizeExpr()); - bindArgument(kf, 2, state, clauses_mo->getBaseExpr()); + bindArgument(kf, 2, state, + PointerExpr::create(clauses_mo->getBaseExpr(), + clauses_mo->getBaseExpr())); if (statsTracker) { statsTracker->framePushed( @@ -2036,6 +2116,7 @@ ref Executor::getEhTypeidFor(ref type_info) { void Executor::executeCall(ExecutionState &state, KInstruction *ki, Function *f, std::vector> &arguments) { + Instruction *i = ki->inst(); if (isa_and_nonnull(i)) return; @@ -2288,7 +2369,10 @@ void Executor::executeCall(ExecutionState &state, KInstruction *ki, Function *f, Expr::Width WordSize = Context::get().getPointerWidth(); if (WordSize == Expr::Int32) { executeMemoryOperation(state, true, typeSystemManager->getUnknownType(), - arguments[0], sf.varargs->getBaseExpr(), 0); + makePointer(arguments[0]), + PointerExpr::create(sf.varargs->getBaseExpr(), + sf.varargs->getBaseExpr()), + 0); } else { assert(WordSize == Expr::Int64 && "Unknown word size!"); @@ -2296,20 +2380,23 @@ void Executor::executeCall(ExecutionState &state, KInstruction *ki, Function *f, // instead of implementing it, we can do a simple hack: just // make a function believe that all varargs are on stack. executeMemoryOperation(state, true, typeSystemManager->getUnknownType(), - arguments[0], ConstantExpr::create(48, 32), + makePointer(arguments[0]), + ConstantExpr::create(48, 32), 0); // gp_offset - executeMemoryOperation( - state, true, typeSystemManager->getUnknownType(), - AddExpr::create(arguments[0], ConstantExpr::create(4, 64)), - ConstantExpr::create(304, 32), 0); // fp_offset - executeMemoryOperation( - state, true, typeSystemManager->getUnknownType(), - AddExpr::create(arguments[0], ConstantExpr::create(8, 64)), - sf.varargs->getBaseExpr(), 0); // overflow_arg_area - executeMemoryOperation( - state, true, typeSystemManager->getUnknownType(), - AddExpr::create(arguments[0], ConstantExpr::create(16, 64)), - ConstantExpr::create(0, 64), 0); // reg_save_area + executeMemoryOperation(state, true, typeSystemManager->getUnknownType(), + AddExpr::create(makePointer(arguments[0]), + ConstantExpr::create(4, 64)), + ConstantExpr::create(304, 32), 0); // fp_offset + executeMemoryOperation(state, true, typeSystemManager->getUnknownType(), + AddExpr::create(makePointer(arguments[0]), + ConstantExpr::create(8, 64)), + PointerExpr::create(sf.varargs->getBaseExpr(), + sf.varargs->getBaseExpr()), + 0); // overflow_arg_area + executeMemoryOperation(state, true, typeSystemManager->getUnknownType(), + AddExpr::create(makePointer(arguments[0]), + ConstantExpr::create(16, 64)), + ConstantExpr::create(0, 64), 0); // reg_save_area } break; } @@ -2447,16 +2534,18 @@ void Executor::executeCall(ExecutionState &state, KInstruction *ki, Function *f, } StackFrame &sf = state.stack.valueStack().back(); - MemoryObject *mo = sf.varargs = - memory->allocate(size, true, false, false, locationOf(state), - (requires16ByteAlignment ? 16 : 8)); + MemoryObject *mo = sf.varargs = memory->allocate( + Expr::createPointer(size), true, false, false, locationOf(state), + (requires16ByteAlignment ? 16 : 8), + typeSystemManager->getUnknownType()); if (!mo && size) { terminateStateOnExecError(state, "out of memory (varargs)"); return; } if (mo) { - if ((WordSize == Expr::Int64) && (mo->address & 15) && + if ((WordSize == Expr::Int64) && + (cast(mo->getBaseExpr())->getZExtValue() & 15) && requires16ByteAlignment) { // Both 64bit Linux/Glibc and 64bit MacOSX should align to 16 bytes. klee_warning_once( @@ -2473,16 +2562,20 @@ void Executor::executeCall(ExecutionState &state, KInstruction *ki, Function *f, if (!cb.isByValArgument(k)) { os->write(offsets[k], arguments[k]); } else { - ConstantExpr *CE = dyn_cast(arguments[k]); - assert(CE); // byval argument needs to be a concrete pointer + ref pointer = makePointer(arguments[k]); + ConstantPointerExpr *CP = dyn_cast(pointer); + assert(CP); // byval argument needs to be a concrete pointer - IDType idObject; + ObjectPair idObject; state.addressSpace.resolveOne( - CE, typeSystemManager->getWrappedType(argType), idObject); - const ObjectState *osarg = - state.addressSpace.findObject(idObject).second; + CP, typeSystemManager->getWrappedType(argType), idObject); + const ObjectState *osarg = idObject.second; assert(osarg); - for (unsigned i = 0; i < osarg->getObject()->size; i++) + ref sizeExpr = + dyn_cast(idObject.first->getSizeExpr()); + assert(sizeExpr); + size_t moSize = sizeExpr->getZExtValue(); + for (unsigned i = 0; i < moSize; i++) os->write(offsets[k] + i, osarg->read8(i)); } if (ati != f->arg_end()) { @@ -2496,6 +2589,12 @@ void Executor::executeCall(ExecutionState &state, KInstruction *ki, Function *f, for (unsigned k = 0; k < numFormals; k++) bindArgument(kf, k, state, arguments[k]); } + + if (!state.multiplexKF && !f->isIntrinsic() && !f->isDeclaration() && + kmodule->mainModuleFunctions.count(std::string(f->getName()))) { + state.multiplexKF = ki->getKModule()->functionMap.at(f); + multiplexReached++; + } } void Executor::increaseProgressVelocity(ExecutionState &state, KBlock *block) { @@ -2545,29 +2644,35 @@ void Executor::transferToBasicBlock(BasicBlock *dst, BasicBlock *src, transferToBasicBlock(kdst, src, state); } -void Executor::checkNullCheckAfterDeref(ref cond, ExecutionState &state, - ExecutionState *fstate, - ExecutionState *sstate) { +void Executor::checkNullCheckAfterDeref(ref cond, ExecutionState &state) { + std::vector> conditions; + Expr::splitAnds(cond, conditions); ref eqPointerCheck = nullptr; - if (isa(cond) && cast(cond)->left->getWidth() == - Context::get().getPointerWidth()) { - eqPointerCheck = cast(cond); - } - if (isa(Expr::createIsZero(cond)) && - cast(Expr::createIsZero(cond))->left->getWidth() == - Context::get().getPointerWidth()) { - eqPointerCheck = cast(Expr::createIsZero(cond)); + for (auto &primitiveCond : conditions) { + if (isa(primitiveCond) && + cast(primitiveCond)->left->getWidth() == + Context::get().getPointerWidth()) { + eqPointerCheck = cast(primitiveCond); + } + if (isa(Expr::createIsZero(primitiveCond)) && + cast(Expr::createIsZero(primitiveCond))->left->getWidth() == + Context::get().getPointerWidth()) { + eqPointerCheck = cast(Expr::createIsZero(primitiveCond)); + } + if (eqPointerCheck && eqPointerCheck->left->isZero()) { + llvm::errs(); + } + if (eqPointerCheck && eqPointerCheck->left->isZero() && + state.resolvedPointers.count( + makePointer(eqPointerCheck->right)->getBase())) { + break; + } } if (eqPointerCheck && eqPointerCheck->left->isZero() && - state.resolvedPointers.count(eqPointerCheck->right)) { - if (isa(cond) && !fstate && sstate) { - reportStateOnTargetError(*sstate, - ReachWithError::NullCheckAfterDerefException); - } - if (isa(Expr::createIsZero(cond)) && !sstate && fstate) { - reportStateOnTargetError(*fstate, - ReachWithError::NullCheckAfterDerefException); - } + state.resolvedPointers.count( + makePointer(eqPointerCheck->right)->getBase())) { + reportStateOnTargetError(state, + ReachWithError::NullCheckAfterDerefException); } } @@ -2580,6 +2685,7 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { if (target->shouldFailOnThisTarget() && cast(target)->isThatError( ReachWithError::Reachable) && + target->getBlock() == ki->parent && cast(target)->isTheSameAsIn(ki)) { terminateStateOnTargetError(state, ReachWithError::Reachable); return; @@ -2677,10 +2783,8 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { if (X86FPAsX87FP80 && t->isFloatingPointTy() && Context::get().getPointerWidth() == 32) { - to = Expr::Fl80; - } - - if (from != to) { + result = FPToX87FP80Ext(result); + } else if (from != to) { const CallBase &cb = cast(*caller); // XXX need to check other param attrs ? @@ -2766,7 +2870,7 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { } } if (guidanceKind == GuidanceKind::ErrorGuidance) { - checkNullCheckAfterDeref(cond, state, branches.first, branches.second); + checkNullCheckAfterDeref(cond, state); } } break; @@ -2881,14 +2985,12 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { // Iterate through all non-default cases and order them by expressions for (auto i : si->cases()) { ref value = evalConstant(i.getCaseValue(), state.roundingMode); - assert(constantGepExprBases.empty()); BasicBlock *caseSuccessor = i.getCaseSuccessor(); expressionOrder.insert(std::make_pair(value, caseSuccessor)); } - // Track default branch values - ref defaultValue = ConstantExpr::alloc(1, Expr::Bool); + std::vector> notMatches; KFunction *kf = state.stack.callStack().back().kf; @@ -2906,9 +3008,7 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { if (it->second == si->getDefaultDest()) continue; - // Make sure that the default value does not contain this target's - // value - defaultValue = AndExpr::create(defaultValue, Expr::createIsZero(match)); + notMatches.push_back(Expr::createIsZero(match)); if (!canReachSomeTargetFromBlock(state, kf->blockMap[caseSuccessor])) continue; @@ -2941,6 +3041,28 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { } auto defaultDest = si->getDefaultDest(); + + // Make sure that the default value does not contain this target's + // value + while (notMatches.size() > 1) { + std::vector> tmp; + std::swap(notMatches, tmp); + for (unsigned i = 0; i * 2 < tmp.size(); ++i) { + ref notMatch = tmp.at(i * 2); + if (i * 2 + 1 < tmp.size()) { + notMatch = AndExpr::create(notMatch, tmp.at(i * 2 + 1)); + } + notMatches.push_back(notMatch); + } + } + assert(notMatches.size() <= 1); + + // Track default branch values + ref defaultValue = ConstantExpr::alloc(1, Expr::Bool); + if (notMatches.size() == 1) { + defaultValue = notMatches.back(); + } + if (canReachSomeTargetFromBlock(state, kf->blockMap[defaultDest])) { // Check if control could take the default case defaultValue = optimizer.optimizeExpr(defaultValue, false); @@ -3069,15 +3191,17 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { if (!first && interpreterOpts.Mock == MockPolicy::Failed) { free = nullptr; if (ki->inst()->getType()->isSized()) { - prepareMockValue(state, "mockExternResult", ki); + prepareMockValue(state, "mockExternResult", ki->inst()->getType(), + ki); } } else { v = optimizer.optimizeExpr(v, true); - ref value; - bool success = solver->getValue(free->constraints.cs(), v, value, - free->queryMetaData); + ref possiblePointer; + bool success = solver->getValue(free->constraints.cs(), v, + possiblePointer, free->queryMetaData); assert(success && "FIXME: Unhandled solver failure"); (void)success; + ref value = possiblePointer->getValue(); StatePair res = forkInternal(*free, EqExpr::create(v, value), BranchType::Call); if (res.first) { @@ -3358,7 +3482,7 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { state, false, typeSystemManager->getWrappedType( cast(ki->inst())->getPointerOperandType()), - base, 0, ki); + makePointer(base), 0, ki); break; } case Instruction::Store: { @@ -3368,7 +3492,7 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { state, true, typeSystemManager->getWrappedType( cast(ki->inst())->getPointerOperandType()), - base, value, ki); + makePointer(base), value, ki); break; } @@ -3376,8 +3500,12 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { KGEPInstruction *kgepi = static_cast(ki); GetElementPtrInst *gepInst = static_cast(kgepi->inst()); + Expr::Width pointerWidthInBits = Context::get().getPointerWidth(); + ref base = eval(ki, 0, state).value; - ref offset = ConstantExpr::create(0, base->getWidth()); + ref pointer = makePointer(base); + base = pointer->getBase(); + ref offset = pointer->getOffset(); for (std::vector>::iterator it = kgepi->indices.begin(), @@ -3391,25 +3519,16 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { } if (kgepi->offset) offset = AddExpr::create(offset, Expr::createPointer(kgepi->offset)); - ref address = AddExpr::create(base, offset); - - if (state.isGEPExpr(base)) { - if (ref addressConstant = - llvm::dyn_cast(address)) { - IDType addressConstantResolution; - if (!state.addressSpace.resolveOne(addressConstant, - typeSystemManager->getWrappedType( - state.gepExprBases[base].second), - addressConstantResolution)) { - state.gepExprBases[address] = state.gepExprBases[base]; - } - } else { - state.gepExprBases[address] = state.gepExprBases[base]; - } + ref address; + if (ref pointerOffset = dyn_cast(offset)) { + address = cast(PointerExpr::create(base, base)) + ->Add(pointerOffset); } else { - state.gepExprBases[address] = {base, gepInst->getSourceElementType()}; + address = PointerExpr::create(base, AddExpr::create(base, offset)); } + state.gepExprBases[base] = {gepInst->getSourceElementType()}; + bindLocal(ki, state, address); break; } @@ -3441,7 +3560,7 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { CastInst *ci = cast(i); Expr::Width pType = getWidthForLLVMType(ci->getType()); ref arg = eval(ki, 0, state).value; - bindLocal(ki, state, ZExtExpr::create(arg, pType)); + bindLocal(ki, state, PointerExpr::create(ZExtExpr::create(arg, pType))); break; } case Instruction::PtrToInt: { @@ -3473,11 +3592,12 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { if (castToType->isPointerTy()) { castToType = castToType->getPointerElementType(); - } - - if (state.isGEPExpr(result)) { - state.gepExprBases[result] = {state.gepExprBases[result].first, - castToType}; + if (ref pointer = cast(makePointer(result))) { + ref base = pointer->getBase(); + if (state.isGEPExpr(base)) { + state.gepExprBases[base] = castToType; + } + } } bindLocal(ki, state, result); @@ -3880,6 +4000,11 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { FPToUIInst *fi = cast(i); Expr::Width resultType = getWidthForLLVMType(fi->getType()); ref arg = eval(ki, 0, state).value; + if (X86FPAsX87FP80 && Context::get().getPointerWidth() == 32) { + arg = X87FP80ToFPTrunc(arg, + getWidthForLLVMType(fi->getOperand(0)->getType()), + state.roundingMode); + } if (!fpWidthToSemantics(arg->getWidth())) return terminateStateOnExecError(state, "Unsupported FPToUI operation"); // LLVM IR Ref manual says that it rounds toward zero @@ -3893,6 +4018,11 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { FPToSIInst *fi = cast(i); Expr::Width resultType = getWidthForLLVMType(fi->getType()); ref arg = eval(ki, 0, state).value; + if (X86FPAsX87FP80 && Context::get().getPointerWidth() == 32) { + arg = X87FP80ToFPTrunc(arg, + getWidthForLLVMType(fi->getOperand(0)->getType()), + state.roundingMode); + } if (!fpWidthToSemantics(arg->getWidth())) return terminateStateOnExecError(state, "Unsupported FPToSI operation"); // LLVM IR Ref manual says that it rounds toward zero @@ -4086,9 +4216,9 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { ref arg = eval(ki, 0, state).value; ref exceptionPointer = ExtractExpr::create(arg, 0, Expr::Int64); ref selectorValue = - ExtractExpr::create(arg, Expr::Int64, Expr::Int32); + ExtractExpr::create(arg, Expr::Int64, Expr::Int32)->getValue(); - if (!dyn_cast(exceptionPointer) || + if (!dyn_cast(exceptionPointer) || !dyn_cast(selectorValue)) { terminateStateOnExecError( state, "resume-instruction called with non constant expression"); @@ -4119,7 +4249,7 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { break; } - ref exceptionPointer = cui->exceptionObject; + ref exceptionPointer = cui->exceptionObject; ref selectorValue; // check on which frame we are currently @@ -4252,6 +4382,7 @@ bool Executor::checkMemoryUsage() { // every 65536 instructions if ((stats::instructions & 0xFFFFU) != 0 && maxNewWriteableOSSize < OSCopySizeMemoryCheckThreshold && + maxNewStateStackSize < StackCopySizeMemoryCheckThreshold) return true; @@ -4539,25 +4670,6 @@ void Executor::run(ExecutionState *initialState) { haltExecution = HaltExecution::NotHalt; } -void Executor::runWithTarget(ExecutionState &state, KFunction *kf, - KBlock *target) { - if (pathWriter) - state.pathOS = pathWriter->open(); - if (symPathWriter) - state.symPathOS = symPathWriter->open(); - - if (statsTracker) - statsTracker->framePushed(state, 0); - - processForest = std::make_unique(); - processForest->addRoot(&state); - targetedRun(state, target); - processForest = nullptr; - - if (statsTracker) - statsTracker->done(); -} - void Executor::initializeTypeManager() { if (UseAdvancedTypeSystem) { typeSystemManager = new CXXTypeManager(kmodule.get()); @@ -4613,33 +4725,42 @@ void Executor::executeAction(ref action) { void Executor::goForward(ref action) { ref fa = cast(action); objectManager->setCurrentState(fa->state); + ExecutionState &state = *fa->state; - if (coverOnTheFly && shouldWriteTest(*fa->state)) { + if (coverOnTheFly && shouldWriteTest(state)) { fa->state->clearCoveredNew(); interpreterHandler->processTestCase( - *fa->state, nullptr, + state, nullptr, terminationTypeFileExtension(StateTerminationType::CoverOnTheFly) .c_str()); } if (targetManager) { - targetManager->pullGlobal(*fa->state); + targetManager->pullGlobal(state); } - if (targetManager && targetManager->isTargeted(*fa->state) && - fa->state->targets().empty()) { - terminateStateEarlyAlgorithm(*fa->state, "State missed all it's targets.", + if (targetCalculator && TrackCoverage != TrackCoverageBy::None && + state.multiplexKF && functionsByModule.modules.size() > 1 && + targetCalculator->isCovered(state.multiplexKF)) { + terminateStateEarly(state, "Multiplex function has been covered.", + StateTerminationType::CoveredEntryPoint); + } else if (targetManager && targetManager->isTargeted(state) && + state.targets().empty()) { + terminateStateEarlyAlgorithm(state, "State missed all it's targets.", StateTerminationType::MissedAllTargets); - } else if (fa->state->isCycled(MaxCycles)) { - terminateStateEarly(*fa->state, "max-cycles exceeded.", + } else if (state.isCycled(MaxCycles)) { + terminateStateEarly(state, "max-cycles exceeded.", + StateTerminationType::MaxCycles); + } else if (state.isSymbolicCycled(MaxSymbolicCycles)) { + terminateStateEarly(state, "max-sym-cycles exceeded.", StateTerminationType::MaxCycles); } else { maxNewWriteableOSSize = 0; maxNewStateStackSize = 0; - KInstruction *ki = fa->state->pc; - stepInstruction(*fa->state); - executeInstruction(*fa->state, ki); + KInstruction *ki = state.pc; + stepInstruction(state); + executeInstruction(state, ki); } timers.invoke(); @@ -4649,83 +4770,33 @@ void Executor::goForward(ref action) { dumpPForest(); if (targetCalculator && TrackCoverage != TrackCoverageBy::None && - targetCalculator->isCovered(fa->state->initPC->parent->parent)) { + targetCalculator->isCovered(state.initPC->parent->parent)) { haltExecution = HaltExecution::CovCheck; } } -void Executor::targetedRun(ExecutionState &initialState, KBlock *target, - ExecutionState **resultState) { - // Delay init till now so that ticks don't accrue during optimization and - // such. - if (guidanceKind != GuidanceKind::ErrorGuidance) - timers.reset(); - - // TODO: Inconsistent init, sort things out later - objectManager->addProcessForest(processForest.get()); - objectManager->addInitialState(&initialState); - - TargetedSearcher *targetedSearcher = new TargetedSearcher( - ReachBlockTarget::create(target), *distanceCalculator); - - searcher = std::make_unique(targetedSearcher); - - // main interpreter loop - KInstruction *terminator = - target != nullptr ? target->getFirstInstruction() : nullptr; - while (!searcher->empty() && !haltExecution) { - auto action = searcher->selectAction(); - auto forward = cast(action); - - KInstruction *ki = forward->state->pc; - - if (ki == terminator) { - *resultState = forward->state->copy(); - terminateStateEarly(*forward->state, "", - StateTerminationType::SilentExit); - objectManager->updateSubscribers(); - haltExecution = HaltExecution::ReachedTarget; - break; - } - - executeAction(action); - objectManager->updateSubscribers(); - - if (!checkMemoryUsage()) { - objectManager->updateSubscribers(); - } - } - - searcher = nullptr; - - doDumpStates(); - if (*resultState) - haltExecution = HaltExecution::NotHalt; -} - -std::string Executor::getAddressInfo(ExecutionState &state, ref address, - unsigned size, +std::string Executor::getAddressInfo(ExecutionState &state, + ref address, unsigned size, const MemoryObject *mo) const { std::string Str; llvm::raw_string_ostream info(Str); address = Simplificator::simplifyExpr(state.constraints.cs(), address).simplified; - info << "\taddress: " << address << "\n"; - if (state.isGEPExpr(address)) { - ref base = state.gepExprBases[address].first; - info << "\tbase: " << base << "\n"; - } + ref base = address->getBase(); + ref offset = address->getOffset(); + info << "\tbase: " << base << "\n"; + info << "\toffset: " << offset << "\n"; if (size) { info << "\tsize: " << size << "\n"; } uint64_t example; - if (ConstantExpr *CE = dyn_cast(address)) { + if (ref CE = dyn_cast(address->getValue())) { example = CE->getZExtValue(); } else { ref value; - bool success = solver->getValue(state.constraints.cs(), address, value, - state.queryMetaData); + bool success = solver->getValue(state.constraints.cs(), address->getValue(), + value, state.queryMetaData); assert(success && "FIXME: Unhandled solver failure"); (void)success; example = value->getZExtValue(); @@ -4746,7 +4817,11 @@ std::string Executor::getAddressInfo(ExecutionState &state, ref address, } else { const MemoryObject *mo = lower->first; std::string alloc_info = mo->getAllocInfo(); - info << "object at " << mo->address << " of size " << mo->size << "\n" + info << "object at "; + mo->getBaseExpr()->print(info); + info << " of size "; + mo->getSizeExpr()->print(info); + info << "\n" << "\t\t" << alloc_info << "\n"; } if (lower != state.addressSpace.objects.begin()) { @@ -4757,7 +4832,11 @@ std::string Executor::getAddressInfo(ExecutionState &state, ref address, } else { const MemoryObject *mo = lower->first; std::string alloc_info = mo->getAllocInfo(); - info << "object at " << mo->address << " of size " << mo->size << "\n" + info << "object at "; + mo->getBaseExpr()->print(info); + info << " of size "; + mo->getSizeExpr()->print(info); + info << "\n" << "\t\t" << alloc_info << "\n"; } } @@ -5047,12 +5126,6 @@ void Executor::terminateStateOnUserError(ExecutionState &state, terminateStateOnError(state, message, StateTerminationType::User, ""); } -// XXX shoot me -static const char *okExternalsList[] = {"printf", "fprintf", "puts", "getpid"}; -static std::set okExternals( - okExternalsList, - okExternalsList + (sizeof(okExternalsList) / sizeof(okExternalsList[0]))); - void Executor::callExternalFunction(ExecutionState &state, KInstruction *target, KCallable *callable, std::vector> &arguments) { @@ -5086,53 +5159,70 @@ void Executor::callExternalFunction(ExecutionState &state, KInstruction *target, as function can have variadic arguments. */ llvm::FunctionType *functionType = callable->getFunctionType(); - llvm::FunctionType::param_iterator ati = functionType->param_begin(); - for (std::vector>::iterator ai = arguments.begin(), - ae = arguments.end(); - ai != ae; ++ai) { - if (ExternalCalls == - ExternalCallPolicy::All) { // don't bother checking uniqueness - *ai = optimizer.optimizeExpr(*ai, true); - ref ce; - bool success = solver->getValue(state.constraints.cs(), *ai, ce, - state.queryMetaData); - assert(success && "FIXME: Unhandled solver failure"); - (void)success; - ce->toMemory(&args[wordIndex]); - addConstraint(state, EqExpr::create(ce, *ai)); - wordIndex += (ce->getWidth() + 63) / 64; - } else { - ref arg = toUnique(state, *ai); - if (ConstantExpr *ce = dyn_cast(arg)) { - // fp80 must be aligned to 16 according to the System V AMD 64 ABI - if (ce->getWidth() == Expr::Fl80 && wordIndex & 0x01) - wordIndex++; - - // XXX kick toMemory functions from here + if (arguments.size() > 0) { + ref response; + bool success = + solver->getResponse(state.constraints.cs(), Expr::createFalse(), + response, state.queryMetaData); + assert(success && isa(response) && + "FIXME: Unhandled solver failure"); + (void)success; + Assignment model = cast(response)->initialValues(); + AssignmentEvaluator evaluator(model, false); + llvm::FunctionType::param_iterator ati = functionType->param_begin(); + for (std::vector>::iterator ai = arguments.begin(), + ae = arguments.end(); + ai != ae; ++ai) { + if (ExternalCalls == + ExternalCallPolicy::All) { // don't bother checking uniqueness + ref arg = *ai; + if (auto pointer = dyn_cast(arg)) { + arg = pointer->getValue(); + } + arg = optimizer.optimizeExpr(arg, true); + ref ce = evaluator.visit(arg); ce->toMemory(&args[wordIndex]); + addConstraint(state, EqExpr::create(ce, arg)); wordIndex += (ce->getWidth() + 63) / 64; } else { - terminateStateOnExecError(state, - "external call with symbolic argument: " + - callable->getName()); - return; + ref arg = toUnique(state, *ai); + if (ConstantExpr *ce = dyn_cast(arg)) { + // fp80 must be aligned to 16 according to the System V AMD 64 ABI + if (ce->getWidth() == Expr::Fl80 && wordIndex & 0x01) + wordIndex++; + + // XXX kick toMemory functions from here + ce->toMemory(&args[wordIndex]); + wordIndex += (ce->getWidth() + 63) / 64; + } else if (ConstantPointerExpr *cpe = + dyn_cast(arg)) { + ref ce = cpe->getConstantValue(); + // XXX kick toMemory functions from here + ce->toMemory(&args[wordIndex]); + wordIndex += (ce->getWidth() + 63) / 64; + } else { + terminateStateOnExecError(state, + "external call with symbolic argument: " + + callable->getName()); + return; + } + } + if (ati != functionType->param_end()) { + ++ati; } - } - if (ati != functionType->param_end()) { - ++ati; } } // Prepare external memory for invoking the function auto arrays = state.constraints.cs().gatherArrays(); - std::vector> values; + std::vector> values; solver->getInitialValues(state.constraints.cs(), arrays, values, state.queryMetaData); Assignment assignment(arrays, values); state.addressSpace.copyOutConcretes(assignment); #ifndef WINDOWS // Update external errno state with local state value - IDType idResult; + ObjectPair result; llvm::Type *pointerErrnoAddr = llvm::PointerType::get( llvm::IntegerType::get(kmodule->module->getContext(), @@ -5140,14 +5230,15 @@ void Executor::callExternalFunction(ExecutionState &state, KInstruction *target, kmodule->targetData->getAllocaAddrSpace()); bool resolved = state.addressSpace.resolveOne( - Expr::createPointer((uint64_t)errno_addr), - typeSystemManager->getWrappedType(pointerErrnoAddr), idResult); + ConstantPointerExpr::create(Expr::createPointer((uint64_t)errno_addr), + Expr::createPointer((uint64_t)errno_addr)), + typeSystemManager->getWrappedType(pointerErrnoAddr), result); if (!resolved) klee_error("Could not resolve memory object for errno"); - ObjectPair result = state.addressSpace.findObject(idResult); ref errValueExpr = result.second->read(0, sizeof(*errno_addr) * 8); errValueExpr = toUnique(state, errValueExpr); - ConstantExpr *errnoValue = dyn_cast(errValueExpr); + ConstantExpr *errnoValue = + dyn_cast(makePointer(errValueExpr)->getValue()); if (!errnoValue) { terminateStateOnExecError(state, "external call with errno value symbolic: " + @@ -5191,7 +5282,8 @@ void Executor::callExternalFunction(ExecutionState &state, KInstruction *target, if (!success) { if (interpreterOpts.Mock == MockPolicy::Failed) { if (target->inst()->getType()->isSized()) { - prepareMockValue(state, "mockExternResult", target); + prepareMockValue(state, "mockExternResult", target->inst()->getType(), + target); } } else { terminateStateOnExecError(state, @@ -5218,13 +5310,19 @@ void Executor::callExternalFunction(ExecutionState &state, KInstruction *target, if (resultType != Type::getVoidTy(kmodule->module->getContext())) { ref e = ConstantExpr::fromMemory((void *)args, getWidthForLLVMType(resultType)); + if (e->getWidth() == Context::get().getPointerWidth() && + resultType->isPointerTy()) { + e = PointerExpr::create(e, e); + } if (ExternCallsCanReturnNull && - e->getWidth() == Context::get().getPointerWidth()) { + e->getWidth() == Context::get().getPointerWidth() && + resultType->isPointerTy()) { ref symExternCallsCanReturnNullExpr = makeMockValue(state, "symExternCallsCanReturnNull", Expr::Bool); e = SelectExpr::create( symExternCallsCanReturnNullExpr, - ConstantExpr::alloc(0, Context::get().getPointerWidth()), e); + PointerExpr::create(Expr::createPointer(0), Expr::createPointer(0)), + e); } bindLocal(target, state, e); } @@ -5280,8 +5378,8 @@ ObjectState *Executor::bindObjectInState(ExecutionState &state, // will put multiple copies on this list, but it doesn't really // matter because all we use this list for is to unbind the object // on function return. - if (isLocal && !state.stack.empty()) { - state.stack.valueStack().back().allocas.push_back(mo->id); + if (isLocal && state.stack.size() > 0) { + state.stack.valueStack().back().allocas.push_back(mo); } return os; } @@ -5302,7 +5400,7 @@ void Executor::executeAlloc(ExecutionState &state, ref size, bool isLocal, } ref upperBoundSizeConstraint = Expr::createTrue(); - if (!isa(size)) { + if (!isa(size) && MaxSymbolicAllocationSize) { upperBoundSizeConstraint = UleExpr::create( ZExtExpr::create(size, Context::get().getPointerWidth()), Expr::createPointer(MaxSymbolicAllocationSize)); @@ -5322,19 +5420,23 @@ void Executor::executeAlloc(ExecutionState &state, ref size, bool isLocal, } if (inBounds != PValidity::MustBeFalse && inBounds != PValidity::MayBeFalse) { + ref conditionExpr = Expr::createTrue(); if (inBounds != PValidity::MustBeTrue) { addConstraint(state, upperBoundSizeConstraint); } - MemoryObject *mo = allocate(state, size, isLocal, /*isGlobal=*/false, - locationOf(state), allocationAlignment); + MemoryObject *mo = + allocate(state, size, isLocal, /*isGlobal=*/false, locationOf(state), + allocationAlignment, type, conditionExpr); if (!mo) { - bindLocal(target, state, Expr::createPointer(0)); + bindLocal( + target, state, + PointerExpr::create(Expr::createPointer(0), Expr::createPointer(0))); } else { ref source = nullptr; if (zeroMemory) { source = SourceBuilder::constant( - SparseStorage(ConstantExpr::create(0, Expr::Int8))); + constructStorage(size, ConstantExpr::create(0, Expr::Int8))); } else { source = SourceBuilder::uninitialized(allocations++, target); } @@ -5342,15 +5444,21 @@ void Executor::executeAlloc(ExecutionState &state, ref size, bool isLocal, ObjectState *os = bindObjectInState(state, mo, type, isLocal, array); ref address = mo->getBaseExpr(); - if (checkOutOfMemory) { + + if (isLocal) { + addConstraint(state, Expr::createIsZero(EqExpr::create( + address, Expr::createPointer(0)))); + } + + if (checkOutOfMemory && !isLocal) { ref symCheckOutOfMemoryExpr = makeMockValue(state, "symCheckOutOfMemory", Expr::Bool); address = SelectExpr::create(symCheckOutOfMemoryExpr, Expr::createPointer(0), address); } - // state.addPointerResolution(address, mo); - bindLocal(target, state, address); + state.addPointerResolution(PointerExpr::create(address, address), mo); + bindLocal(target, state, PointerExpr::create(address, address)); if (reallocFrom) { os->write(reallocFrom); @@ -5363,14 +5471,16 @@ void Executor::executeAlloc(ExecutionState &state, ref size, bool isLocal, } } -void Executor::executeFree(ExecutionState &state, ref address, +void Executor::executeFree(ExecutionState &state, ref address, KInstruction *target) { address = optimizer.optimizeExpr(address, true); - StatePair zeroPointer = - forkInternal(state, Expr::createIsZero(address), BranchType::Free); + ref isNullPointer = Expr::createIsZero(address->getValue()); + StatePair zeroPointer = forkInternal(state, isNullPointer, BranchType::Free); if (zeroPointer.first) { if (target) - bindLocal(target, *zeroPointer.first, Expr::createPointer(0)); + bindLocal( + target, *zeroPointer.first, + PointerExpr::create(Expr::createPointer(0), Expr::createPointer(0))); } if (zeroPointer.second) { // address != 0 ExactResolutionList rl; @@ -5384,8 +5494,7 @@ void Executor::executeFree(ExecutionState &state, ref address, for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); it != ie; ++it) { - const MemoryObject *mo = - zeroPointer.second->addressSpace.findObject(it->first).first; + const MemoryObject *mo = it->first; if (mo->isLocal) { terminateStateOnProgramError( @@ -5405,7 +5514,9 @@ void Executor::executeFree(ExecutionState &state, ref address, it->second->removePointerResolutions(mo); it->second->addressSpace.unbindObject(mo); if (target) - bindLocal(target, *it->second, Expr::createPointer(0)); + bindLocal(target, *it->second, + PointerExpr::create(Expr::createPointer(0), + Expr::createPointer(0))); } } } @@ -5414,11 +5525,12 @@ void Executor::executeFree(ExecutionState &state, ref address, bool Executor::resolveExact(ExecutionState &estate, ref address, KType *type, ExactResolutionList &results, const std::string &name) { - ref base = address; - - if (estate.isGEPExpr(address)) { - base = estate.gepExprBases[address].first; - } + ref pointer = + PointerExpr::create(address->getValue(), address->getValue()); + address = pointer->getValue(); + ref base = pointer->getBase(); + ref basePointer = PointerExpr::create(base, base); + ref zeroPointer = PointerExpr::create(Expr::createPointer(0)); if (SimplifySymIndices) { if (!isa(address)) @@ -5436,8 +5548,8 @@ bool Executor::resolveExact(ExecutionState &estate, ref address, Simplificator::simplifyExpr(estate.constraints.cs(), base).simplified; uniqueBase = toUnique(estate, uniqueBase); - StatePair branches = - forkInternal(estate, Expr::createIsZero(base), BranchType::MemOp); + ref isNullPointer = Expr::createIsZero(base); + StatePair branches = forkInternal(estate, isNullPointer, BranchType::MemOp); ExecutionState *bound = branches.first; if (bound) { auto error = isReadFromSymbolicArray(uniqueBase) @@ -5446,37 +5558,35 @@ bool Executor::resolveExact(ExecutionState &estate, ref address, terminateStateOnTargetError(*bound, error); } if (!branches.second) { - address = Expr::createPointer(0); + address = + PointerExpr::create(Expr::createPointer(0), Expr::createPointer(0)); + return true; } ExecutionState &state = *branches.second; - ResolutionList rl; + ObjectResolutionList rl; bool mayBeOutOfBound = true; bool hasLazyInitialized = false; bool incomplete = false; /* We do not need this variable here, just a placeholder for resolve */ bool success = resolveMemoryObjects( - state, address, type, state.prevPC, 0, rl, mayBeOutOfBound, + state, pointer, type, state.prevPC, 0, rl, mayBeOutOfBound, hasLazyInitialized, incomplete, LazyInitialization == LazyInitializationPolicy::Only); assert(success); ExecutionState *unbound = &state; for (unsigned i = 0; i < rl.size(); ++i) { - const MemoryObject *mo = unbound->addressSpace.findObject(rl.at(i)).first; + const MemoryObject *mo = rl.at(i).get(); ref inBounds; - if (i + 1 == rl.size() && hasLazyInitialized) { - inBounds = Expr::createTrue(); - } else { - inBounds = EqExpr::create(address, mo->getBaseExpr()); - } + inBounds = EqExpr::create(pointer->getValue(), mo->getBaseExpr()); StatePair branches = forkInternal(*unbound, inBounds, BranchType::ResolvePointer); if (branches.first) - results.push_back(std::make_pair(rl.at(i), branches.first)); + results.push_back(std::make_pair(rl.at(i).get(), branches.first)); unbound = branches.second; if (!unbound) // Fork failure @@ -5495,7 +5605,7 @@ bool Executor::resolveExact(ExecutionState &estate, ref address, *unbound, new ErrorEvent(locationOf(*unbound), StateTerminationType::Ptr, "memory error: invalid pointer: " + name), - getAddressInfo(*unbound, address)); + getAddressInfo(*unbound, pointer)); } } return true; @@ -5570,7 +5680,8 @@ void Executor::concretizeSize(ExecutionState &state, ref size, if (hugeSize.first) { klee_message("NOTE: found huge malloc, returning 0"); bindLocal(target, *hugeSize.first, - ConstantExpr::alloc(0, Context::get().getPointerWidth())); + PointerExpr::create(Expr::createPointer(0), + Expr::createPointer(0))); } if (hugeSize.second) { @@ -5594,32 +5705,32 @@ void Executor::concretizeSize(ExecutionState &state, ref size, reallocFrom, allocationAlignment, checkOutOfMemory); } -bool Executor::computeSizes(ExecutionState &state, ref size, - ref symbolicSizesSum, - std::vector &objects, - std::vector> &values) { +bool Executor::computeSizes( + const ConstraintSet &constraints, ref symbolicSizesSum, + std::vector &objects, + std::vector> &values, + SolverQueryMetaData &metaData) { ref minimalSumValue; ref response; /* Compute assignment for symcretes. */ - objects = state.constraints.cs().gatherSymcretizedArrays(); - findObjects(size, objects); + objects = constraints.gatherSymcretizedArrays(); + findObjects(symbolicSizesSum, objects); solver->setTimeout(coreSolverTimeout); bool success = solver->getResponse( - state.constraints.cs(), + constraints, UgtExpr::create(symbolicSizesSum, ConstantExpr::create(SymbolicAllocationThreshold, symbolicSizesSum->getWidth())), - response, state.queryMetaData); + response, metaData); solver->setTimeout(time::Span()); if (!response->tryGetInitialValuesFor(objects, values)) { /* Receive model with a smallest sum as possible. */ solver->setTimeout(coreSolverTimeout); - success = solver->getMinimalUnsignedValue(state.constraints.cs(), - symbolicSizesSum, minimalSumValue, - state.queryMetaData); + success = solver->getMinimalUnsignedValue(constraints, symbolicSizesSum, + minimalSumValue, metaData); solver->setTimeout(time::Span()); assert(success); @@ -5627,13 +5738,11 @@ bool Executor::computeSizes(ExecutionState &state, ref size, to optimize the number of queries we will ask it one time with assignment for symcretes. */ - ConstraintSet minimized = state.constraints.cs(); - minimized.addConstraint(EqExpr::create(symbolicSizesSum, minimalSumValue), - {}); + ConstraintSet minimized = constraints; + minimized.addConstraint(EqExpr::create(symbolicSizesSum, minimalSumValue)); solver->setTimeout(coreSolverTimeout); - success = solver->getInitialValues(minimized, objects, values, - state.queryMetaData); + success = solver->getInitialValues(minimized, objects, values, metaData); solver->setTimeout(time::Span()); } return success; @@ -5642,9 +5751,13 @@ bool Executor::computeSizes(ExecutionState &state, ref size, MemoryObject *Executor::allocate(ExecutionState &state, ref size, bool isLocal, bool isGlobal, ref allocSite, - size_t allocationAlignment, + size_t allocationAlignment, KType *type, + ref conditionExpr, ref lazyInitializationSource, - unsigned timestamp) { + unsigned timestamp, bool isSymbolic) { + + size = ZExtExpr::create(size, Context::get().getPointerWidth()); + /* Try to find existing solution. */ ref uniqueSize = toUnique(state, size); @@ -5654,8 +5767,8 @@ MemoryObject *Executor::allocate(ExecutionState &state, ref size, /* Constant solution exists. Just return it. */ if (arrayConstantSize && lazyInitializationSource.isNull()) { MemoryObject *mo = - memory->allocate(arrayConstantSize->getZExtValue(), isLocal, isGlobal, - false, allocSite, allocationAlignment); + memory->allocate(arrayConstantSize, isLocal, isGlobal, false, allocSite, + allocationAlignment, type); if (mo && state.isGEPExpr(mo->getBaseExpr())) { state.gepExprBases.erase(mo->getBaseExpr()); } @@ -5683,22 +5796,34 @@ MemoryObject *Executor::allocate(ExecutionState &state, ref size, } } else { sourceAddressArray = - SourceBuilder::lazyInitializationAddress(lazyInitializationSource); + lazyInitializationSource->hasOrderedReads()->updates.root->source; + } + + if (lazyInitializationSource) { + lazyInitializationSource = + Simplificator::simplifyExpr(state.constraints.cs(), + lazyInitializationSource) + .simplified; } - /* Create symbol for array */ const Array *addressArray = makeArray( Expr::createPointer(pointerWidthInBits / CHAR_BIT), sourceAddressArray); ref addressExpr = Expr::createTempRead(addressArray, pointerWidthInBits); + if (lazyInitializationSource && isLocal) { + conditionExpr = AndExpr::create( + conditionExpr, NotExpr::create(Expr::createIsZero(addressExpr))); + conditionExpr = AndExpr::create( + conditionExpr, EqExpr::create(addressExpr, lazyInitializationSource)); + } + /* Create symcretes for array and size */ ref addressSymcrete = lazyInitializationSource ? cast( - new LazyInitializedAddressSymcrete(addressArray, addressExpr)) - : cast( - new AllocAddressSymcrete(addressArray, addressExpr)); + new LazyInitializedAddressSymcrete(addressExpr)) + : cast(new AllocAddressSymcrete(addressExpr)); ref sizeSymcrete = lazyInitializationSource ? cast(new LazyInitializedSizeSymcrete( @@ -5709,107 +5834,63 @@ MemoryObject *Executor::allocate(ExecutionState &state, ref size, sizeSymcrete->addDependentSymcrete(addressSymcrete); addressSymcrete->addDependentSymcrete(sizeSymcrete); - /* In order to minimize memory consumption, we will try to - optimize entire sum of symbolic sizes. Hence, compute the sum - (maybe we can memoize the sum to prevent summing) every time - we meet new symbolic allocation and query the solver for the model. */ - std::vector> symbolicSizesTerms = { - ZExtExpr::create(size, pointerWidthInBits)}; - - std::vector> factors; - state.toQuery(ZExtExpr::create(size, pointerWidthInBits)) - .getAllDependentConstraintsSets(factors); - - /* Collect dependent size symcretes. */ - for (ref ics : factors) { - for (ref symcrete : ics->symcretes) { - if (isa(symcrete)) { - symbolicSizesTerms.push_back( - ZExtExpr::create(symcrete->symcretized, pointerWidthInBits)); - } - } - } - ref symbolicSizesSum = createNonOverflowingSumExpr(symbolicSizesTerms); - - std::vector objects; - std::vector> values; - bool success = computeSizes(state, size, symbolicSizesSum, objects, values); - - if (!success) { - return nullptr; - } - - Assignment assignment(objects, values); - uint64_t sizeMemoryObject = - cast(assignment.evaluate(size))->getZExtValue(); - - MemoryObject *mo = nullptr; - - if (addressManager->isAllocated(addressExpr)) { - addressManager->allocate(addressExpr, sizeMemoryObject); - mo = addressManager->allocateMemoryObject(addressExpr, sizeMemoryObject); - } else { - - /* Allocate corresponding memory object. */ - mo = memory->allocate( - sizeMemoryObject, isLocal, isGlobal, !lazyInitializationSource.isNull(), - allocSite, allocationAlignment, addressExpr, - ZExtExpr::create(size, pointerWidthInBits), timestamp); + const Array *contentArray = + lazyInitializationSource + ? makeArray(size, SourceBuilder::lazyInitializationContent( + lazyInitializationSource)) + : nullptr; - if (mo) { - addressManager->addAllocation(addressExpr, mo->id); - } - } + /* Allocate corresponding memory object. */ + MemoryObject *mo = memory->allocate( + size, isLocal, isGlobal, !lazyInitializationSource.isNull(), allocSite, + allocationAlignment, type, conditionExpr, addressExpr, timestamp, + contentArray); if (!mo) { return nullptr; } if (lazyInitializationSource.isNull()) { - state.addPointerResolution(addressExpr, mo); + state.addPointerResolution(PointerExpr::create(addressExpr, addressExpr), + mo); } - assignment.bindings.replace( - {addressArray, sparseBytesFromValue(mo->address)}); - - state.constraints.addSymcrete(sizeSymcrete, assignment); - state.constraints.addSymcrete(addressSymcrete, assignment); - state.constraints.rewriteConcretization(assignment); + state.constraints.addSymcrete(sizeSymcrete); + state.constraints.addSymcrete(addressSymcrete); + if (lazyInitializationSource) { + state.addSymbolic(mo, contentArray, type); + } return mo; } bool Executor::resolveMemoryObjects( - ExecutionState &state, ref address, KType *targetType, + ExecutionState &state, ref address, KType *targetType, KInstruction *target, unsigned bytes, - std::vector &mayBeResolvedMemoryObjects, bool &mayBeOutOfBound, + ObjectResolutionList &mayBeResolvedMemoryObjects, bool &mayBeOutOfBound, bool &mayLazyInitialize, bool &incomplete, bool onlyLazyInitialize) { mayLazyInitialize = false; mayBeOutOfBound = true; incomplete = false; - ref base = address; + ref base = address->getBase(); unsigned size = bytes; KType *baseTargetType = targetType; - if (state.isGEPExpr(address)) { - base = state.gepExprBases[address].first; - size = kmodule->targetData->getTypeStoreSize( - state.gepExprBases[address].second); - baseTargetType = typeSystemManager->getWrappedType( - llvm::PointerType::get(state.gepExprBases[address].second, - kmodule->targetData->getAllocaAddrSpace())); + if (state.isGEPExpr(base)) { + size = kmodule->targetData->getTypeStoreSize(state.gepExprBases[base]); + baseTargetType = typeSystemManager->getWrappedType(llvm::PointerType::get( + state.gepExprBases[base], kmodule->targetData->getAllocaAddrSpace())); } + base = Simplificator::simplifyExpr(state.constraints.cs(), base).simplified; + ref basePointer = PointerExpr::create(base, base); + auto mso = MemorySubobject(address, bytes); if (state.resolvedSubobjects.count(mso)) { for (auto resolution : state.resolvedSubobjects.at(mso)) { mayBeResolvedMemoryObjects.push_back(resolution); } mayBeOutOfBound = false; - } else if (state.resolvedPointers.count(address)) { - for (auto resolution : state.resolvedPointers.at(address)) { - mayBeResolvedMemoryObjects.push_back(resolution); - } } else if (state.resolvedPointers.count(base)) { for (auto resolution : state.resolvedPointers.at(base)) { mayBeResolvedMemoryObjects.push_back(resolution); @@ -5818,41 +5899,48 @@ bool Executor::resolveMemoryObjects( // we are on an error path (no resolution, multiple resolution, one // resolution with out of bounds) - address = optimizer.optimizeExpr(address, true); + base = optimizer.optimizeExpr(base, true); ref checkOutOfBounds = Expr::createTrue(); - bool checkAddress = - isa(address) || isa(address) || base != address; - if (!checkAddress && isa(address)) { + ref readBase = base->hasOrderedReads(); + bool checkAddress = readBase && readBase->updates.getSize() == 0 && + readBase->updates.root->isSymbolicArray(); + if (!checkAddress && isa(base)) { checkAddress = true; std::vector> alternatives; - ArrayExprHelper::collectAlternatives(*cast(address), + ArrayExprHelper::collectAlternatives(*cast(base), alternatives); for (auto alt : alternatives) { - checkAddress &= isa(alt) || isa(alt) || - isa(alt) || state.isGEPExpr(alt); + if (isa(alt)) { + continue; + } + readBase = alt->hasOrderedReads(); + checkAddress &= readBase && readBase->updates.getSize() == 0 && + readBase->updates.root->isSymbolicArray(); } } - mayLazyInitialize = LazyInitialization != LazyInitializationPolicy::None && - !isa(base); + mayLazyInitialize = + LazyInitialization != LazyInitializationPolicy::None && checkAddress; if (!onlyLazyInitialize || !mayLazyInitialize) { ResolutionList rl; ResolutionList rlSkipped; solver->setTimeout(coreSolverTimeout); - incomplete = - state.addressSpace.resolve(state, solver.get(), address, targetType, - rl, rlSkipped, 0, coreSolverTimeout); + incomplete = state.addressSpace.resolve(state, solver.get(), basePointer, + targetType, rl, rlSkipped, 0, + coreSolverTimeout); solver->setTimeout(time::Span()); for (ResolutionList::iterator i = rl.begin(), ie = rl.end(); i != ie; ++i) { - const MemoryObject *mo = state.addressSpace.findObject(*i).first; + const MemoryObject *mo = i->first; ref inBounds = mo->getBoundsCheckPointer(address, bytes); ref notInBounds = Expr::createIsZero(inBounds); - mayBeResolvedMemoryObjects.push_back(mo->id); + ref addressNotInBounds = + Expr::createIsZero(mo->getBoundsCheckAddress(address->getValue())); + mayBeResolvedMemoryObjects.push_back(mo); checkOutOfBounds = AndExpr::create(checkOutOfBounds, notInBounds); } } @@ -5865,22 +5953,22 @@ bool Executor::resolveMemoryObjects( if (!success) { return false; } else if (mayLazyInitialize) { - IDType idLazyInitialization; - uint64_t minObjectSize = MinNumberElementsLazyInit * size; - if (!lazyInitializeObject(state, base, target, baseTargetType, - minObjectSize, false, idLazyInitialization, - /*state.isolated || UseSymbolicSizeLazyInit*/ - UseSymbolicSizeLazyInit)) { - return false; - } - // Lazy initialization might fail if we've got unappropriate address - if (idLazyInitialization) { - ObjectPair pa = state.addressSpace.findObject(idLazyInitialization); - const MemoryObject *mo = pa.first; - mayBeResolvedMemoryObjects.push_back(mo->id); - } else { - mayLazyInitialize = false; - } + uint64_t minObjectSize = 0; + // minObjectSize = MinNumberElementsLazyInit * MinElementSizeLazyInit; + minObjectSize = MinNumberElementsLazyInit * size; + + const Array *lazyInstantiationSize = makeArray( + Expr::createPointer(Context::get().getPointerWidth() / CHAR_BIT), + SourceBuilder::lazyInitializationSize(base)); + auto sizeExpr = Expr::createTempRead(lazyInstantiationSize, + Context::get().getPointerWidth()); + ref idLazyInitialization = lazyInitializeObject( + state, basePointer, target, baseTargetType, minObjectSize, sizeExpr, + false, checkOutOfBounds, UseSymbolicSizeLazyInit); + RefObjectPair op = state.addressSpace.findOrLazyInitializeObject( + idLazyInitialization.get()); + state.addressSpace.bindObject(op.first, op.second.get()); + mayBeResolvedMemoryObjects.push_back(idLazyInitialization); } } } @@ -5888,39 +5976,32 @@ bool Executor::resolveMemoryObjects( } bool Executor::checkResolvedMemoryObjects( - ExecutionState &state, ref address, KInstruction *target, - unsigned bytes, const std::vector &mayBeResolvedMemoryObjects, - bool hasLazyInitialized, std::vector &resolvedMemoryObjects, + ExecutionState &state, ref address, KInstruction *target, + unsigned bytes, const ObjectResolutionList &mayBeResolvedMemoryObjects, + bool hasLazyInitialized, ObjectResolutionList &resolvedMemoryObjects, std::vector> &resolveConditions, std::vector> &unboundConditions, ref &checkOutOfBounds, bool &mayBeOutOfBound) { - ref base = address; + ref base = address->getBase(); + ref basePointer = PointerExpr::create(base, base); unsigned size = bytes; - if (state.isGEPExpr(address)) { - base = state.gepExprBases.at(address).first; - size = kmodule->targetData->getTypeStoreSize( - state.gepExprBases.at(address).second); + if (state.isGEPExpr(base)) { + size = kmodule->targetData->getTypeStoreSize(state.gepExprBases.at(base)); } checkOutOfBounds = Expr::createTrue(); if (mayBeResolvedMemoryObjects.size() == 1) { - const MemoryObject *mo = - state.addressSpace.findObject(*mayBeResolvedMemoryObjects.begin()) - .first; + const MemoryObject *mo = mayBeResolvedMemoryObjects.begin()->get(); state.addPointerResolution(address, mo); - state.addPointerResolution(base, mo); ref inBounds = mo->getBoundsCheckPointer(address, bytes); ref baseInBounds = Expr::createTrue(); ref notInBounds = Expr::createIsZero(inBounds); - - if (hasLazyInitialized) { - baseInBounds = AndExpr::create( - baseInBounds, Expr::createIsZero(mo->getOffsetExpr(base))); - } + ref addressNotInBounds = + Expr::createIsZero(mo->getBoundsCheckAddress(address->getValue())); inBounds = AndExpr::create(inBounds, baseInBounds); inBounds = optimizer.optimizeExpr(inBounds, true); @@ -5929,6 +6010,9 @@ bool Executor::checkResolvedMemoryObjects( notInBounds = Simplificator::simplifyExpr(state.constraints.cs(), notInBounds) .simplified; + addressNotInBounds = + Simplificator::simplifyExpr(state.constraints.cs(), addressNotInBounds) + .simplified; PartialValidity result; solver->setTimeout(coreSolverTimeout); @@ -5950,47 +6034,38 @@ bool Executor::checkResolvedMemoryObjects( if (mayBeInBound) { state.addPointerResolution(address, mo, bytes); - state.addPointerResolution(base, mo, size); - resolvedMemoryObjects.push_back(mo->id); + state.addPointerResolution(basePointer, mo, size); + resolvedMemoryObjects.push_back(mo); if (mustBeInBounds) { resolveConditions.push_back(Expr::createTrue()); unboundConditions.push_back(Expr::createFalse()); checkOutOfBounds = Expr::createFalse(); } else { resolveConditions.push_back(inBounds); - unboundConditions.push_back(notInBounds); - if (hasLazyInitialized /*&& !state.isolated*/) { - notInBounds = AndExpr::create( - notInBounds, Expr::createIsZero(mo->getOffsetExpr(base))); - } + unboundConditions.push_back(addressNotInBounds); checkOutOfBounds = notInBounds; } } else if (mayBeOutOfBound) { if (mustBeOutOfBound) { checkOutOfBounds = Expr::createTrue(); } else { - if (hasLazyInitialized /*&& !state.isolated*/) { - notInBounds = AndExpr::create( - notInBounds, Expr::createIsZero(mo->getOffsetExpr(base))); - } checkOutOfBounds = notInBounds; } } } else { for (unsigned int i = 0; i < mayBeResolvedMemoryObjects.size(); ++i) { - const MemoryObject *mo = - state.addressSpace.findObject(mayBeResolvedMemoryObjects.at(i)).first; + const MemoryObject *mo = mayBeResolvedMemoryObjects.at(i).get(); state.addPointerResolution(address, mo); - state.addPointerResolution(base, mo); ref inBounds = mo->getBoundsCheckPointer(address, bytes); ref baseInBounds = Expr::createTrue(); ref notInBounds = Expr::createIsZero(inBounds); + ref addressNotInBounds = + Expr::createIsZero(mo->getBoundsCheckAddress(address->getValue())); if (hasLazyInitialized && i == mayBeResolvedMemoryObjects.size() - 1) { - baseInBounds = AndExpr::create( - baseInBounds, Expr::createIsZero(mo->getOffsetExpr(base))); + inBounds = AndExpr::create(inBounds, checkOutOfBounds); } inBounds = AndExpr::create(inBounds, baseInBounds); @@ -5999,6 +6074,9 @@ bool Executor::checkResolvedMemoryObjects( notInBounds = Simplificator::simplifyExpr(state.constraints.cs(), notInBounds) .simplified; + addressNotInBounds = Simplificator::simplifyExpr(state.constraints.cs(), + addressNotInBounds) + .simplified; bool mayBeInBounds; solver->setTimeout(coreSolverTimeout); @@ -6013,17 +6091,11 @@ bool Executor::checkResolvedMemoryObjects( } state.addPointerResolution(address, mo, bytes); - state.addPointerResolution(base, mo, size); + state.addPointerResolution(basePointer, mo, size); resolveConditions.push_back(inBounds); - resolvedMemoryObjects.push_back(mo->id); - unboundConditions.push_back(notInBounds); - - if (hasLazyInitialized && - i == mayBeResolvedMemoryObjects.size() - 1 /*&& !state.isolated*/) { - notInBounds = AndExpr::create( - notInBounds, Expr::createIsZero(mo->getOffsetExpr(base))); - } + resolvedMemoryObjects.push_back(mo); + unboundConditions.push_back(addressNotInBounds); if (mayBeOutOfBound) { checkOutOfBounds = AndExpr::create(checkOutOfBounds, notInBounds); @@ -6057,23 +6129,12 @@ bool Executor::makeGuard(ExecutionState &state, assert(resolveConditions.size() == unboundConditions.size()); if (resolveConditions.size() > 0) { - ref excludeGuard = Expr::createTrue(); - ref selectGuard = Expr::createFalse(); - for (unsigned int i = 0; i < resolveConditions.size(); ++i) { - selectGuard = OrExpr::create(selectGuard, resolveConditions.at(i)); - } - if (hasLazyInitialized) { - ref head = Expr::createIsZero(unboundConditions.back()); - ref body = Expr::createTrue(); - for (unsigned int j = 0; j < resolveConditions.size(); ++j) { - if (resolveConditions.size() - 1 != j) { - body = AndExpr::create(body, unboundConditions.at(j)); - } - } - excludeGuard = AndExpr::create( - excludeGuard, OrExpr::create(Expr::createIsZero(head), body)); + guard = resolveConditions.back(); + for (unsigned int i = 0; i < resolveConditions.size() - 1; ++i) { + guard = SelectExpr::create( + resolveConditions.at(resolveConditions.size() - 2 - i), + Expr::createTrue(), guard); } - guard = AndExpr::create(excludeGuard, selectGuard); } solver->setTimeout(coreSolverTimeout); @@ -6089,49 +6150,25 @@ bool Executor::makeGuard(ExecutionState &state, return true; } -bool Executor::collectConcretizations( - ExecutionState &state, const std::vector> &resolveConditions, - const std::vector> &unboundConditions, - const std::vector &resolvedMemoryObjects, - ref checkOutOfBounds, bool hasLazyInitialized, ref &guard, - std::vector &resolveConcretizations, bool &mayBeInBounds) { - if (!makeGuard(state, resolveConditions, unboundConditions, checkOutOfBounds, - hasLazyInitialized, guard, mayBeInBounds)) { - return false; - } - - for (unsigned int i = 0; i < resolvedMemoryObjects.size(); ++i) { - Assignment concretization = computeConcretization( - state.constraints.cs(), resolveConditions.at(i), state.queryMetaData); - resolveConcretizations.push_back(concretization); - } - - return true; -} - -void Executor::collectReads( - ExecutionState &state, ref address, KType *targetType, - Expr::Width type, unsigned bytes, - const std::vector &resolvedMemoryObjects, - const std::vector &resolveConcretizations, - std::vector> &results) { - ref base = address; // TODO: unused - unsigned size = bytes; - if (state.isGEPExpr(address)) { - base = state.gepExprBases[address].first; - size = kmodule->targetData->getTypeStoreSize( - state.gepExprBases[address].second); - } - +void Executor::collectReads(ExecutionState &state, ref address, + KType *targetType, Expr::Width type, unsigned bytes, + const ObjectResolutionList &resolvedMemoryObjects, + std::vector> &results) { for (unsigned int i = 0; i < resolvedMemoryObjects.size(); ++i) { - updateStateWithSymcretes(state, resolveConcretizations.at(i)); - state.constraints.rewriteConcretization(resolveConcretizations.at(i)); - - ObjectPair op = state.addressSpace.findObject(resolvedMemoryObjects.at(i)); + RefObjectPair op = state.addressSpace.findOrLazyInitializeObject( + resolvedMemoryObjects.at(i).get()); const MemoryObject *mo = op.first; - const ObjectState *os = op.second; + const ObjectState *os = op.second.get(); - ref result = os->read(mo->getOffsetExpr(address), type); + ref offset = mo->getOffsetExpr(address); + if (SimplifySymIndices) { + if (!isa(offset)) { + offset = Simplificator::simplifyExpr(state.constraints.cs(), offset) + .simplified; + } + } + + ref result = os->read(offset, type); if (X86FPAsX87FP80 && state.prevPC->inst()->getType()->isFloatingPointTy() && @@ -6144,71 +6181,60 @@ void Executor::collectReads( } void Executor::executeMemoryOperation( - ExecutionState &estate, bool isWrite, KType *targetType, ref address, - ref value /* undef if read */, + ExecutionState &estate, bool isWrite, KType *targetType, + ref address, ref value /* undef if read */, KInstruction *target /* undef if write */) { KInstruction *ki = estate.prevPC; - if (X86FPAsX87FP80 && isWrite) { + if (isWrite && isa(ki->inst())) { + if (X86FPAsX87FP80) { + auto valueOperand = + cast(ki->inst())->getValueOperand(); + if (valueOperand->getType()->isFloatingPointTy() && + Context::get().getPointerWidth() == 32) { + value = X87FP80ToFPTrunc(value, + getWidthForLLVMType(valueOperand->getType()), + estate.roundingMode); + } + } auto valueOperand = cast(ki->inst())->getValueOperand(); - if (valueOperand->getType()->isFloatingPointTy() && - Context::get().getPointerWidth() == 32) { - value = - X87FP80ToFPTrunc(value, getWidthForLLVMType(valueOperand->getType()), - estate.roundingMode); + if (valueOperand->getType()->isPointerTy()) { + value = PointerExpr::create(value); } } Expr::Width type = (isWrite ? value->getWidth() : getWidthForLLVMType(target->inst()->getType())); unsigned bytes = Expr::getMinBytesForWidth(type); - ref base = address; + ref base = address->getBase(); + ref basePointer = PointerExpr::create(base, base); + ref zeroPointer = PointerExpr::create(Expr::createPointer(0)); unsigned size = bytes; KType *baseTargetType = targetType; - if (estate.isGEPExpr(address)) { - base = estate.gepExprBases[address].first; - size = kmodule->targetData->getTypeStoreSize( - estate.gepExprBases[address].second); - baseTargetType = typeSystemManager->getWrappedType( - llvm::PointerType::get(estate.gepExprBases[address].second, + if (estate.isGEPExpr(base)) { + KType *baseTargetType = typeSystemManager->getWrappedType( + llvm::PointerType::get(estate.gepExprBases[base], kmodule->targetData->getAllocaAddrSpace())); } if (SimplifySymIndices) { - ref oldAddress = address; - ref oldbase = base; - if (!isa(address)) { - address = Simplificator::simplifyExpr(estate.constraints.cs(), address) - .simplified; - } if (!isa(base)) { base = Simplificator::simplifyExpr(estate.constraints.cs(), base).simplified; } - if (!isa(address) || base->isZero()) { - if (estate.isGEPExpr(oldAddress)) { - estate.gepExprBases[address] = { - base, - estate.gepExprBases[oldAddress].second, - }; - } - } if (isWrite && !isa(value)) value = Simplificator::simplifyExpr(estate.constraints.cs(), value) .simplified; } - address = optimizer.optimizeExpr(address, true); base = optimizer.optimizeExpr(base, true); - ref uniqueBase = toUnique(estate, base); - - StatePair branches = - forkInternal(estate, Expr::createIsZero(base), BranchType::MemOp); + ref isNullPointer = Expr::createIsZero(base); + StatePair branches = forkInternal(estate, isNullPointer, BranchType::MemOp); ExecutionState *bound = branches.first; if (bound) { - auto error = isReadFromSymbolicArray(uniqueBase) + auto error = (isReadFromSymbolicArray(base) && branches.second) ? ReachWithError::MayBeNullPointerException : ReachWithError::MustBeNullPointerException; terminateStateOnTargetError(*bound, error); @@ -6218,7 +6244,7 @@ void Executor::executeMemoryOperation( ExecutionState *state = branches.second; // fast path: single in-bounds resolution - IDType idFastResult; + ref idFastResult; bool success = false; if (state->resolvedPointers.count(base) && @@ -6226,25 +6252,33 @@ void Executor::executeMemoryOperation( success = true; idFastResult = *state->resolvedPointers[base].begin(); } else { + ObjectPair idFastOp; solver->setTimeout(coreSolverTimeout); if (!state->addressSpace.resolveOne(*state, solver.get(), address, - targetType, idFastResult, success, + targetType, idFastOp, success, haltExecution)) { - address = toConstant(*state, address, "resolveOne failure"); - success = state->addressSpace.resolveOne(cast(address), - targetType, idFastResult); + address = toConstantPointer(*state, address, "resolveOne failure"); + success = state->addressSpace.resolveOne( + cast(address), targetType, idFastOp); } solver->setTimeout(time::Span()); + + if (success) { + idFastResult = idFastOp.first; + } } if (success) { - ObjectPair op = state->addressSpace.findObject(idFastResult); + RefObjectPair op = + state->addressSpace.findOrLazyInitializeObject(idFastResult.get()); const MemoryObject *mo = op.first; - if (MaxSymArraySize && mo->size >= MaxSymArraySize) { - address = toConstant(*state, address, "max-sym-array-size"); + ref sizeExpr = dyn_cast(mo->getSizeExpr()); + if (MaxSymArraySize && sizeExpr && + sizeExpr->getZExtValue() >= MaxSymArraySize) { + base = toConstant(*state, base, "max-sym-array-size"); } ref inBounds = mo->getBoundsCheckPointer(address, bytes); @@ -6266,20 +6300,24 @@ void Executor::executeMemoryOperation( bool mustBeInBounds = !isa(response); if (mustBeInBounds) { - if (isa(response)) { - addConstraint(*state, inBounds); - } ref result; - op = state->addressSpace.findObject(idFastResult); - const ObjectState *os = op.second; - state->addPointerResolution(base, mo); + op = state->addressSpace.findOrLazyInitializeObject(idFastResult.get()); + const ObjectState *os = op.second.get(); + state->addPointerResolution(basePointer, mo); state->addPointerResolution(address, mo); + ref offset = mo->getOffsetExpr(address); + if (SimplifySymIndices) { + if (!isa(offset)) { + offset = Simplificator::simplifyExpr(state->constraints.cs(), offset) + .simplified; + } + } if (isWrite) { ObjectState *wos = state->addressSpace.getWriteable(mo, os); maxNewWriteableOSSize = std::max(maxNewWriteableOSSize, wos->getSparseStorageEntries()); wos->getDynamicType()->handleMemoryAccess( - targetType, mo->getOffsetExpr(address), + targetType, offset, ConstantExpr::alloc(size, Context::get().getPointerWidth()), true); if (wos->readOnly) { terminateStateOnProgramError( @@ -6288,10 +6326,10 @@ void Executor::executeMemoryOperation( StateTerminationType::ReadOnly, "memory error: object read only")); } else { - wos->write(mo->getOffsetExpr(address), value); + wos->write(offset, value); } } else { - result = os->read(mo->getOffsetExpr(address), type); + result = os->read(offset, type); if (X86FPAsX87FP80 && ki->inst()->getType()->isFloatingPointTy() && Context::get().getPointerWidth() == 32) { @@ -6301,6 +6339,10 @@ void Executor::executeMemoryOperation( if (interpreterOpts.MakeConcreteSymbolic) result = replaceReadWithSymbolic(*state, result); + if (target->inst()->getType()->isPointerTy()) { + result = PointerExpr::create(result); + } + bindLocal(target, *state, result); } @@ -6308,10 +6350,12 @@ void Executor::executeMemoryOperation( } } else if (guidanceKind == GuidanceKind::ErrorGuidance && allLeafsAreConstant(address)) { + ObjectPair idFastOp; solver->setTimeout(coreSolverTimeout); - state->addressSpace.resolveOne(*state, solver.get(), base, baseTargetType, - idFastResult, success, haltExecution); + state->addressSpace.resolveOne(*state, solver.get(), basePointer, + baseTargetType, idFastOp, success, + haltExecution); solver->setTimeout(time::Span()); if (!success) { @@ -6323,7 +6367,7 @@ void Executor::executeMemoryOperation( bool mayBeOutOfBound = true; bool hasLazyInitialized = false; bool incomplete = false; - std::vector mayBeResolvedMemoryObjects; + ObjectResolutionList mayBeResolvedMemoryObjects; if (!resolveMemoryObjects( *state, address, targetType, target, bytes, @@ -6337,7 +6381,7 @@ void Executor::executeMemoryOperation( ref checkOutOfBounds; std::vector> resolveConditions; std::vector> unboundConditions; - std::vector resolvedMemoryObjects; + ObjectResolutionList resolvedMemoryObjects; if (!checkResolvedMemoryObjects( *state, address, target, bytes, mayBeResolvedMemoryObjects, @@ -6351,13 +6395,11 @@ void Executor::executeMemoryOperation( ExecutionState *unbound = nullptr; if (MergedPointerDereference) { ref guard; - std::vector resolveConcretizations; bool mayBeInBounds; - if (!collectConcretizations(*state, resolveConditions, unboundConditions, - resolvedMemoryObjects, checkOutOfBounds, - hasLazyInitialized, guard, - resolveConcretizations, mayBeInBounds)) { + if (!makeGuard(*state, resolveConditions, unboundConditions, + checkOutOfBounds, hasLazyInitialized, guard, + mayBeInBounds)) { terminateStateOnSolverError(*state, "Query timed out (resolve)"); return; } @@ -6380,25 +6422,21 @@ void Executor::executeMemoryOperation( if (state) { std::vector> results; collectReads(*state, address, targetType, type, bytes, - resolvedMemoryObjects, resolveConcretizations, results); + resolvedMemoryObjects, results); if (isWrite) { for (unsigned int i = 0; i < resolvedMemoryObjects.size(); ++i) { - updateStateWithSymcretes(*state, resolveConcretizations[i]); - state->constraints.rewriteConcretization(resolveConcretizations[i]); - - ObjectPair op = - state->addressSpace.findObject(resolvedMemoryObjects[i]); + RefObjectPair op = state->addressSpace.findOrLazyInitializeObject( + resolvedMemoryObjects.at(i).get()); const MemoryObject *mo = op.first; - const ObjectState *os = op.second; + const ObjectState *os = op.second.get(); ObjectState *wos = state->addressSpace.getWriteable(mo, os); maxNewWriteableOSSize = std::max(maxNewWriteableOSSize, wos->getSparseStorageEntries()); if (wos->readOnly) { branches = - forkInternal(*state, Expr::createIsZero(unboundConditions[i]), - BranchType::MemOp); + forkInternal(*state, resolveConditions[i], BranchType::MemOp); assert(branches.first); terminateStateOnProgramError( *branches.first, @@ -6408,18 +6446,28 @@ void Executor::executeMemoryOperation( "memory error: object read only")); state = branches.second; } else { - ref result = SelectExpr::create( - Expr::createIsZero(unboundConditions[i]), value, results[i]); - wos->write(mo->getOffsetExpr(address), result); + ref offset = mo->getOffsetExpr(address); + if (SimplifySymIndices) { + if (!isa(offset)) { + offset = + Simplificator::simplifyExpr(state->constraints.cs(), offset) + .simplified; + } + } + ref result = + SelectExpr::create(resolveConditions[i], value, results[i]); + wos->write(offset, result); } } } else { ref result = results[unboundConditions.size() - 1]; for (unsigned int i = 0; i < unboundConditions.size(); ++i) { unsigned int index = unboundConditions.size() - 1 - i; - result = - SelectExpr::create(Expr::createIsZero(unboundConditions[index]), - results[index], result); + result = SelectExpr::create(resolveConditions[index], results[index], + result); + } + if (target->inst()->getType()->isPointerTy()) { + result = PointerExpr::create(result); } bindLocal(target, *state, result); } @@ -6442,22 +6490,26 @@ void Executor::executeMemoryOperation( if (!bound) { continue; } - ObjectPair op = bound->addressSpace.findObject(resolvedMemoryObjects[i]); + RefObjectPair op = bound->addressSpace.findOrLazyInitializeObject( + resolvedMemoryObjects.at(i).get()); const MemoryObject *mo = op.first; - const ObjectState *os = op.second; + const ObjectState *os = op.second.get(); if (hasLazyInitialized && i + 1 != resolvedMemoryObjects.size()) { const MemoryObject *liMO = - bound->addressSpace - .findObject( - resolvedMemoryObjects[resolvedMemoryObjects.size() - 1]) - .first; + resolvedMemoryObjects.at(resolvedMemoryObjects.size() - 1).get(); bound->removePointerResolutions(liMO); bound->addressSpace.unbindObject(liMO); } + ref offset = mo->getOffsetExpr(address); + if (SimplifySymIndices) { + if (!isa(offset)) { + offset = Simplificator::simplifyExpr(bound->constraints.cs(), offset) + .simplified; + } + } bound->addUniquePointerResolution(address, mo); - bound->addUniquePointerResolution(base, mo); /* FIXME: Notice, that here we are creating a new instance of object for every memory operation in order to handle type changes. This might @@ -6470,7 +6522,7 @@ void Executor::executeMemoryOperation( maxNewWriteableOSSize = std::max(maxNewWriteableOSSize, wos->getSparseStorageEntries()); wos->getDynamicType()->handleMemoryAccess( - targetType, mo->getOffsetExpr(address), + targetType, offset, ConstantExpr::alloc(size, Context::get().getPointerWidth()), true); if (wos->readOnly) { terminateStateOnProgramError( @@ -6479,16 +6531,20 @@ void Executor::executeMemoryOperation( StateTerminationType::ReadOnly, "memory error: object read only")); } else { - wos->write(mo->getOffsetExpr(address), value); + wos->write(offset, value); } } else { - ref result = os->read(mo->getOffsetExpr(address), type); + ref result = os->read(offset, type); if (X86FPAsX87FP80 && ki->inst()->getType()->isFloatingPointTy() && Context::get().getPointerWidth() == 32) { result = FPToX87FP80Ext(result); } + if (target->inst()->getType()->isPointerTy()) { + result = PointerExpr::create(result); + } + bindLocal(target, *bound, result); } } @@ -6507,21 +6563,27 @@ void Executor::executeMemoryOperation( /* If base may point to some object then we may provide additional information about object allocations site.*/ + + ref idFastResult; bool uniqueBaseResolved = false; - IDType baseID; - if (!unbound->addressSpace.resolveOneIfUnique(*unbound, solver.get(), - uniqueBase, baseTargetType, - baseID, uniqueBaseResolved)) { - terminateStateOnSolverError(*unbound, "Query timed out (resolve)"); - return; + if (unbound->resolvedPointers.count(base) && + unbound->resolvedPointers.at(base).size() == 1) { + uniqueBaseResolved = true; + idFastResult = *unbound->resolvedPointers[base].begin(); + } else if (auto constBasePointer = + dyn_cast(basePointer)) { + ObjectPair contantResult; + uniqueBaseResolved = unbound->addressSpace.resolveOne( + constBasePointer, baseTargetType, contantResult); + if (uniqueBaseResolved) { + idFastResult = contantResult.first; + } } if (uniqueBaseResolved) { - // Obtain memory object - const ObjectPair baseObjectPair = - unbound->addressSpace.findObject(baseID); - + RefObjectPair baseObjectPair = + unbound->addressSpace.findOrLazyInitializeObject(idFastResult.get()); if (!baseObjectPair.first->isLazyInitialized) { // Termiante with source event terminateStateOnProgramError( @@ -6542,28 +6604,31 @@ void Executor::executeMemoryOperation( } } -bool Executor::lazyInitializeObject(ExecutionState &state, ref address, - const KInstruction *target, - KType *targetType, uint64_t size, - bool isLocal, IDType &id, bool isSymbolic) { - assert(!isa(address)); +ref Executor::lazyInitializeObject( + ExecutionState &state, ref address, const KInstruction *target, + KType *targetType, uint64_t concreteSize, ref size, bool isLocal, + ref conditionExpr, bool isSymbolic) { + assert(!isa(address)); std::pair, ref> moBasePair; unsigned timestamp = 0; - if (state.getBase(address, moBasePair)) { + ref base = address->getBase(); + if (state.getBase(base, moBasePair)) { timestamp = moBasePair.first->timestamp; } ref sizeExpr; - if (size < MaxSymbolicAllocationSize && !isLocal && isSymbolic) { - const Array *lazyInstantiationSize = makeArray( - Expr::createPointer(Context::get().getPointerWidth() / CHAR_BIT), - SourceBuilder::lazyInitializationSize(address)); - sizeExpr = Expr::createTempRead(lazyInstantiationSize, - Context::get().getPointerWidth()); - - ref lowerBound = UgeExpr::create(sizeExpr, Expr::createPointer(size)); - ref upperBound = UleExpr::create( - sizeExpr, Expr::createPointer(MaxSymbolicAllocationSize)); + if (!isa(size) && + (!MaxSymbolicAllocationSize || + concreteSize < MaxSymbolicAllocationSize) && + isSymbolic) { + sizeExpr = size; + ref lowerBound = + UgeExpr::create(sizeExpr, Expr::createPointer(concreteSize)); + ref upperBound = Expr::createTrue(); + if (MaxSymbolicAllocationSize) { + upperBound = UleExpr::create( + sizeExpr, Expr::createPointer(MaxSymbolicAllocationSize)); + } bool mayBeInBounds; solver->setTimeout(coreSolverTimeout); bool success = solver->mayBeTrue(state.constraints.cs(), @@ -6571,56 +6636,30 @@ bool Executor::lazyInitializeObject(ExecutionState &state, ref address, mayBeInBounds, state.queryMetaData); solver->setTimeout(time::Span()); if (!success) { - return false; + return nullptr; } assert(mayBeInBounds); addConstraint(state, AndExpr::create(lowerBound, upperBound)); + conditionExpr = + AddExpr::create(conditionExpr, AndExpr::create(lowerBound, upperBound)); } else { - sizeExpr = Expr::createPointer(size); + sizeExpr = Expr::createPointer(concreteSize); } - ref addressExpr = isSymbolic ? address : nullptr; + ref addressExpr = address->getBase(); MemoryObject *mo = allocate(state, sizeExpr, isLocal, /*isGlobal=*/false, CodeLocation::create(target, "", 0, {}), - /*allocationAlignment=*/8, addressExpr, timestamp); - if (!mo) { - return false; - } - - // Check if address is suitable for LI object. - ref checkAddressForLazyInitializationExpr = EqExpr::create( - address, - ConstantExpr::create(mo->address, Context::get().getPointerWidth())); + /*allocationAlignment=*/8, targetType, conditionExpr, + addressExpr, timestamp, isSymbolic); - bool mayBeLazyInitialized = false; - solver->setTimeout(coreSolverTimeout); - bool success = solver->mayBeTrue(state.constraints.cs(), - checkAddressForLazyInitializationExpr, - mayBeLazyInitialized, state.queryMetaData); - solver->setTimeout(time::Span()); - if (!success) { - return false; - } - - if (!mayBeLazyInitialized) { - id = 0; - } else { - address = - Simplificator::simplifyExpr(state.constraints.cs(), address).simplified; - executeMakeSymbolic(state, mo, targetType, - SourceBuilder::lazyInitializationContent(address), - isLocal); - id = mo->id; - } - - return true; + return mo; } -IDType Executor::lazyInitializeLocalObject(ExecutionState &state, - StackFrame &sf, ref address, - const KInstruction *target) { +void Executor::lazyInitializeLocalObject(ExecutionState &state, StackFrame &sf, + ref address, + const KInstruction *target) { AllocaInst *ai = cast(target->inst()); unsigned elementSize = kmodule->targetData->getTypeStoreSize(ai->getAllocatedType()); @@ -6631,86 +6670,35 @@ IDType Executor::lazyInitializeLocalObject(ExecutionState &state, size = MulExpr::create(size, count); if (isa(size)) { elementSize = cast(size)->getZExtValue(); - } - } - IDType id; - bool success = lazyInitializeObject( - state, address, target, typeSystemManager->getWrappedType(ai->getType()), - elementSize, true, id, - /*state.isolated || UseSymbolicSizeLazyInit*/ UseSymbolicSizeLazyInit); - assert(success); - assert(id); - auto op = state.addressSpace.findObject(id); - assert(op.first); - state.addPointerResolution(address, op.first); - state.addConstraint(EqExpr::create(address, op.first->getBaseExpr()), {}); + } else { + const Array *lazyInstantiationSize = makeArray( + Expr::createPointer(Context::get().getPointerWidth() / CHAR_BIT), + SourceBuilder::lazyInitializationSize(address)); + size = Expr::createTempRead(lazyInstantiationSize, + Context::get().getPointerWidth()); + } + } + ref conditionExpr = Expr::createTrue(); + ref pointer = PointerExpr::create(address, address); + ref id = lazyInitializeObject( + state, pointer, target, typeSystemManager->getWrappedType(ai->getType()), + elementSize, size, true, conditionExpr, UseSymbolicSizeLazyInit); + state.addPointerResolution(pointer, id.get()); + state.addConstraint(EqExpr::create(address, id->getBaseExpr())); state.addConstraint( - Expr::createIsZero(EqExpr::create(address, Expr::createPointer(0))), {}); + Expr::createIsZero(EqExpr::create(address, Expr::createPointer(0)))); if (isa(size)) { - addConstraint(state, EqExpr::create(size, op.first->getSizeExpr())); + addConstraint(state, EqExpr::create(size, id->getSizeExpr())); } - return id; + RefObjectPair op = state.addressSpace.findOrLazyInitializeObject(id.get()); + state.addressSpace.bindObject(op.first, op.second.get()); } -IDType Executor::lazyInitializeLocalObject(ExecutionState &state, - ref address, - const KInstruction *target) { - return lazyInitializeLocalObject(state, state.stack.valueStack().back(), - address, target); -} - -void Executor::updateStateWithSymcretes(ExecutionState &state, - const Assignment &assignment) { - /* Try to update memory objects in this state with the bindings from - * recevied - * assign. We want to update only objects, whose size were changed. */ - - std::vector> updatedSizeSymcretes; - Assignment diffAssignment = - state.constraints.cs().concretization().diffWith(assignment); - - for (const ref &symcrete : state.constraints.cs().symcretes()) { - for (const Array *array : symcrete->dependentArrays()) { - if (!diffAssignment.bindings.count(array)) { - continue; - } - if (ref sizeSymcrete = dyn_cast(symcrete)) { - updatedSizeSymcretes.push_back(sizeSymcrete); - break; - } - } - } - - for (const ref &sizeSymcrete : updatedSizeSymcretes) { - uint64_t newSize = - cast(assignment.evaluate(sizeSymcrete->symcretized)) - ->getZExtValue(); - - MemoryObject *newMO = addressManager->allocateMemoryObject( - sizeSymcrete->addressSymcrete.symcretized, newSize); - - if (!newMO || state.addressSpace.findObject(newMO).second) { - continue; - } - - ObjectPair op = state.addressSpace.findObject(newMO->id); - - if (!op.second) { - continue; - } - - /* Create a new ObjectState with the new size and new owning memory - * object. - */ - - auto wos = new ObjectState( - *(state.addressSpace.getWriteable(op.first, op.second))); - maxNewWriteableOSSize = - std::max(maxNewWriteableOSSize, wos->getSparseStorageEntries()); - wos->swapObjectHack(newMO); - state.addressSpace.unbindObject(op.first); - state.addressSpace.bindObject(newMO, wos); - } +void Executor::lazyInitializeLocalObject(ExecutionState &state, + ref address, + const KInstruction *target) { + lazyInitializeLocalObject(state, state.stack.valueStack().back(), address, + target); } uint64_t Executor::updateNameVersion(ExecutionState &state, @@ -6723,11 +6711,16 @@ uint64_t Executor::updateNameVersion(ExecutionState &state, return id; } -const Array *Executor::makeArray(ref size, ref source) { - const Array *array = arrayCache.CreateArray(size, source); +const Array *Executor::makeArray(ref size, + ref source) const { + const Array *array = Array::create(size, source); return array; } +ref Executor::makePointer(ref expr) const { + return PointerExpr::create(expr); +} + void Executor::executeMakeSymbolic(ExecutionState &state, const MemoryObject *mo, KType *type, const ref source, @@ -6737,9 +6730,11 @@ void Executor::executeMakeSymbolic(ExecutionState &state, const Array *array = makeArray(mo->getSizeExpr(), source); ObjectState *os = bindObjectInState(state, mo, type, isLocal, array); - if (AlignSymbolicPointers) { + ref sizeExpr = + dyn_cast(os->getObject()->getSizeExpr()); + if (AlignSymbolicPointers && sizeExpr) { if (ref alignmentRestrictions = type->getContentRestrictions( - os->read(0, os->getObject()->size * CHAR_BIT))) { + os->read(0, sizeExpr->getZExtValue() * CHAR_BIT))) { addConstraint(state, alignmentRestrictions); } } @@ -6758,34 +6753,39 @@ void Executor::executeMakeSymbolic(ExecutionState &state, if (!obj) { if (ZeroSeedExtension) { si.assignment.bindings.replace( - {array, SparseStorage(0)}); + {array, SparseStorageImpl(0)}); } else if (!AllowSeedExtension) { terminateStateOnUserError(state, "ran out of inputs during seeding"); break; } } else { - if (obj->numBytes != mo->size && - ((!(AllowSeedExtension || ZeroSeedExtension) && - obj->numBytes < mo->size) || - (!AllowSeedTruncation && obj->numBytes > mo->size))) { - std::stringstream msg; - msg << "replace size mismatch: " << mo->name << "[" << mo->size - << "]" - << " vs " << obj->name << "[" << obj->numBytes << "]" - << " in test\n"; - - terminateStateOnUserError(state, msg.str()); - break; - } else { - SparseStorage values; - if (si.assignment.bindings.find(array) != - si.assignment.bindings.end()) { - values = si.assignment.bindings.at(array); + ref sizeExpr = + dyn_cast(mo->getSizeExpr()); + if (sizeExpr) { + unsigned moSize = sizeExpr->getZExtValue(); + if (obj->numBytes != moSize && + ((!(AllowSeedExtension || ZeroSeedExtension) && + obj->numBytes < moSize) || + (!AllowSeedTruncation && obj->numBytes > moSize))) { + std::stringstream msg; + msg << "replace size mismatch: " << mo->name << "[" << moSize + << "]" + << " vs " << obj->name << "[" << obj->numBytes << "]" + << " in test\n"; + + terminateStateOnUserError(state, msg.str()); + break; + } else { + SparseStorageImpl values; + if (si.assignment.bindings.find(array) != + si.assignment.bindings.end()) { + values = si.assignment.bindings.at(array); + } + values.store(0, obj->bytes, + obj->bytes + std::min(obj->numBytes, moSize)); + si.assignment.bindings.replace({array, values}); } - values.store(0, obj->bytes, - obj->bytes + std::min(obj->numBytes, mo->size)); - si.assignment.bindings.replace({array, values}); } } } @@ -6796,11 +6796,12 @@ void Executor::executeMakeSymbolic(ExecutionState &state, terminateStateOnUserError(state, "replay count mismatch"); } else { KTestObject *obj = &replayKTest->objects[replayPosition++]; - if (obj->numBytes != mo->size) { - terminateStateOnUserError(state, "replay size mismatch"); - } else { - for (unsigned i = 0; i < mo->size; i++) + ref sizeExpr = dyn_cast(mo->getSizeExpr()); + if (sizeExpr && obj->numBytes != sizeExpr->getZExtValue()) { + for (unsigned i = 0; i < sizeExpr->getZExtValue(); i++) os->write8(i, obj->bytes[i]); + } else { + terminateStateOnUserError(state, "replay size mismatch"); } } } @@ -6847,19 +6848,29 @@ ExecutionState *Executor::formState(Function *f, int argc, char **argv, ref parameterLocation = CodeLocation::create(kf, kf->getSourceFilepath(), kf->getLine(), {}); + llvm::Type *argumentType = llvm::PointerType::get( + llvm::IntegerType::get(kmodule->module->getContext(), 8), + kmodule->targetData->getAllocaAddrSpace()); + + llvm::Type *argvType = llvm::ArrayType::get(argumentType, 1); + argvMO = allocate( *state, Expr::createPointer((argc + 1 + envc + 1 + 1) * NumPtrBytes), /*isLocal=*/false, /*isGlobal=*/true, - /*allocSite=*/parameterLocation, /*alignment=*/8); + /*allocSite=*/parameterLocation, /*alignment=*/8, + typeSystemManager->getWrappedType(argvType)); if (!argvMO) klee_error("Could not allocate memory for function arguments"); - arguments.push_back(argvMO->getBaseExpr()); + arguments.push_back( + PointerExpr::create(argvMO->getBaseExpr(), argvMO->getBaseExpr())); if (++ai != ae) { - uint64_t envp_start = argvMO->address + (argc + 1) * NumPtrBytes; - arguments.push_back(Expr::createPointer(envp_start)); + uint64_t envp_start = (argc + 1) * NumPtrBytes; + arguments.push_back(AddExpr::create( + PointerExpr::create(argvMO->getBaseExpr(), argvMO->getBaseExpr()), + Expr::createPointer(envp_start))); if (++ai != ae) klee_error("invalid main function (expect 0-3 arguments)"); @@ -6884,7 +6895,9 @@ ExecutionState *Executor::formState(Function *f, int argc, char **argv, for (int i = 0; i < argc + 1 + envc + 1 + 1; i++) { if (i == argc || i >= argc + 1 + envc) { // Write NULL pointer - argvOS->write(i * NumPtrBytes, Expr::createPointer(0)); + argvOS->write(i * NumPtrBytes, + PointerExpr::create(Expr::createPointer(0), + Expr::createPointer(0))); } else { char *s = i < argc ? argv[i] : envp[i - (argc + 1)]; int j, len = strlen(s); @@ -6895,7 +6908,8 @@ ExecutionState *Executor::formState(Function *f, int argc, char **argv, MemoryObject *arg = allocate(*state, Expr::createPointer(len + 1), /*isLocal=*/false, /*isGlobal=*/true, - /*allocSite=*/parameterLocation, /*alignment=*/8); + /*allocSite=*/parameterLocation, /*alignment=*/8, + typeSystemManager->getWrappedType(argumentType)); if (!arg) klee_error("Could not allocate memory for function arguments"); @@ -6906,7 +6920,8 @@ ExecutionState *Executor::formState(Function *f, int argc, char **argv, os->write8(j, s[j]); // Write pointer to newly allocated and initialised argv/envp c-string - argvOS->write(i * NumPtrBytes, arg->getBaseExpr()); + argvOS->write(i * NumPtrBytes, PointerExpr::create(arg->getBaseExpr(), + arg->getBaseExpr())); } } } @@ -6940,9 +6955,6 @@ void Executor::runFunctionAsMain(Function *f, int argc, char **argv, ExecutionState *state = formState(f, argc, argv, envp); bindModuleConstants(llvm::APFloat::rmNearestTiesToEven); - state->gepExprBases = std::move(constantGepExprBases); - constantGepExprBases.clear(); - KFunction *kEntryFunction = kmodule->functionMap.at(f); if (guidanceKind == GuidanceKind::ErrorGuidance) { ref forest; @@ -7009,48 +7021,6 @@ void Executor::runFunctionAsMain(Function *f, int argc, char **argv, statsTracker->done(); } -ExecutionState *Executor::prepareStateForPOSIX(KInstIterator &caller, - ExecutionState *state) { - Function *mainFn = kmodule->module->getFunction("__klee_posix_wrapped_main"); - - assert(mainFn && "__klee_posix_wrapped_main not found"); - KBlock *target = kmodule->functionMap[mainFn]->entryKBlock; - - if (pathWriter) - state->pathOS = pathWriter->open(); - if (symPathWriter) - state->symPathOS = symPathWriter->open(); - - if (statsTracker) - statsTracker->framePushed(*state, 0); - - processForest = std::make_unique(); - processForest->addRoot(state); - ExecutionState *original = state->copy(); - ExecutionState *initialState = nullptr; - ref targets(new TargetForest()); - targets->add(ReachBlockTarget::create(target)); - prepareTargetedExecution(*state, targets); - targetedRun(*state, target, &initialState); - state = initialState; - if (state) { - auto frame = state->stack.callStack().back(); - caller = frame.caller; - state->popFrame(); - delete original; - } else { - state = original; - state->popFrame(); - } - - processForest = nullptr; - - if (statsTracker) - statsTracker->done(); - - return state; -} - void Executor::prepareTargetedExecution(ExecutionState &initialState, ref whitelist) { initialState.targetForest = *whitelist->deepCopy(); @@ -7080,16 +7050,21 @@ ref Executor::makeSymbolicValue(llvm::Value *value, : SourceBuilder::instruction(*dyn_cast(value), index, kmodule.get()); auto array = makeArray(Expr::createPointer(size), source); - return Expr::createTempRead(array, width); + ref result = Expr::createTempRead(array, width); + if (X86FPAsX87FP80 && value->getType()->isFloatingPointTy() && + Context::get().getPointerWidth() == 32) { + result = FPToX87FP80Ext(result); + } + return result; } void Executor::prepareSymbolicValue(ExecutionState &state, StackFrame &frame, KInstruction *target) { ref result = makeSymbolicValue(target->inst(), state); - bindLocal(target, frame, result); if (isa(target->inst())) { lazyInitializeLocalObject(state, frame, result, target); } + bindLocal(target, frame, result); } void Executor::prepareMockValue(ExecutionState &state, StackFrame &frame, @@ -7103,9 +7078,8 @@ void Executor::prepareMockValue(ExecutionState &state, StackFrame &frame, } void Executor::prepareMockValue(ExecutionState &state, const std::string &name, - KInstruction *target) { - Expr::Width width = - kmodule->targetData->getTypeSizeInBits(target->inst()->getType()); + llvm::Type *type, KInstruction *target) { + Expr::Width width = kmodule->targetData->getTypeSizeInBits(type); prepareMockValue(state, state.stack.valueStack().back(), name, width, target); } @@ -7213,8 +7187,12 @@ void Executor::logState(const ExecutionState &state, int id, *f << "State number " << state.id << ". Test number: " << id << "\n\n"; for (auto &object : state.addressSpace.objects) { *f << "ID memory object: " << object.first->id << "\n"; - *f << "Address memory object: " << object.first->address << "\n"; - *f << "Memory object size: " << object.first->size << "\n"; + *f << "Address memory object: "; + object.first->getBaseExpr()->print(*f); + *f << "\n"; + *f << "Memory object size: "; + object.first->getSizeExpr()->print(*f); + *f << "\n"; } *f << state.symbolics.size() << " symbolics total. " << "Symbolics:\n"; @@ -7223,7 +7201,9 @@ void Executor::logState(const ExecutionState &state, int id, *f << "Symbolic number " << sc++ << "\n"; *f << "Associated memory object: " << symbolic.memoryObject.get()->id << "\n"; - *f << "Memory object size: " << symbolic.memoryObject.get()->size << "\n"; + *f << "Memory object size: "; + symbolic.memoryObject.get()->getSizeExpr()->print(*f); + *f << "\n"; } *f << "\n"; *f << "State constraints:\n"; @@ -7235,19 +7215,23 @@ void Executor::logState(const ExecutionState &state, int id, bool resolveOnSymbolics(const std::vector &symbolics, const Assignment &assn, - const ref &addr, IDType &result) { - uint64_t address = addr->getZExtValue(); + const ref &addr, + ref &result) { + uint64_t base = addr->getConstantBase()->getZExtValue(); + AssignmentEvaluator evaluator(assn, true); for (const auto &res : symbolics) { const auto &mo = res.memoryObject; // Check if the provided address is between start and end of the object - // [mo->address, mo->address + mo->size) or the object is a 0-sized - // object. - ref size = - cast(assn.evaluate(mo->getSizeExpr())); - if ((size->getZExtValue() == 0 && address == mo->address) || - (address - mo->address < size->getZExtValue())) { - result = mo->id; + // [mo->address, mo->address + mo->size) or the object is a 0-sized object. + ref moSize = + cast(evaluator.visit(mo->getSizeExpr())); + ref moAddress = + cast(evaluator.visit(mo->getBaseExpr())); + ref moCondition = + cast(evaluator.visit(mo->getConditionExpr())); + if (((base == moAddress->getZExtValue())) && moCondition->getZExtValue(1)) { + result = mo; return true; } } @@ -7255,66 +7239,63 @@ bool resolveOnSymbolics(const std::vector &symbolics, return false; } +void resolvePointer(const ExecutionState &state, + const std::vector &symbolics, + const Assignment &model, + ExprHashMap, ref>> + &resolvedPointers, + ref pointer) { + ref pointerInModel = model.evaluate(pointer, false); + if (!isa(pointerInModel)) { + return; + } + ref constantPointer = + cast(pointerInModel); + ref mo; + + if (resolveOnSymbolics(symbolics, model, constantPointer, mo)) { + ref moOffset = mo->getOffsetExpr(pointer); + if (SimplifySymIndices) { + if (!isa(moOffset)) { + moOffset = Simplificator::simplifyExpr(state.constraints.cs(), moOffset) + .simplified; + } + } + resolvedPointers[pointer] = std::make_pair(mo, moOffset); + } +} + void Executor::setInitializationGraph( const ExecutionState &state, const std::vector &symbolics, const Assignment &model, KTest &ktest) { std::map> pointers; - std::map>> s; - ExprHashMap>> resolvedPointers; + std::map>> s; + ExprHashMap, ref>> resolvedPointers; - std::unordered_map> idToSymbolics; - for (const auto &symbolic : symbolics) { - ref mo = symbolic.memoryObject; - idToSymbolics[mo->id] = mo; + ExprHashSet symbolicPointers; + for (auto &constraint : state.constraints.cs().cs()) { + klee::findSymbolicPointers(constraint, true, symbolicPointers, + Context::get().getPointerWidth()); } - const klee::Assignment &assn = state.constraints.cs().concretization(); - - for (const auto &symbolic : symbolics) { - KType *symbolicType = symbolic.type; - if (!symbolicType->getRawType()) { - continue; - } - if (symbolicType->getRawType()->isPointerTy()) { - symbolicType = typeSystemManager->getWrappedType( - symbolicType->getRawType()->getPointerElementType()); - } - - if (!(symbolicType->getRawType()->isPointerTy() || - symbolicType->getRawType()->isStructTy())) { - continue; - } - for (const auto &innerTypeOffset : symbolicType->getInnerTypes()) { - if (!innerTypeOffset.first->getRawType()->isPointerTy()) { - continue; - } - for (const auto &offset : innerTypeOffset.second) { - ref address = Expr::createTempRead( - symbolic.array, Context::get().getPointerWidth(), offset); - ref addressInModel = model.evaluate(address); - if (!isa(addressInModel)) { - continue; - } - ref constantAddress = cast(addressInModel); - IDType idResult; - - if (resolveOnSymbolics(symbolics, assn, constantAddress, idResult)) { - ref mo = idToSymbolics[idResult]; - resolvedPointers[address] = - std::make_pair(idResult, mo->getOffsetExpr(address)); - } - } + for (auto &symbolicPointer : symbolicPointers) { + ref read = symbolicPointer->hasOrderedReads(); + auto source = read->updates.root->source; + if (isa(source) || + isa(source)) { + resolvePointer(state, symbolics, model, resolvedPointers, + PointerExpr::create(symbolicPointer)); } } for (const auto &pointer : resolvedPointers) { - if (!isa(pointer.first) && !isa(pointer.first)) { + if (!isa(pointer.first)) { continue; } - + ref pointerExpr = cast(pointer.first); ref updateCheck; - if (auto e = dyn_cast(pointer.first)) { + if (auto e = dyn_cast(pointerExpr->getBase())) { updateCheck = e->getLeft(); } else { updateCheck = e; @@ -7327,7 +7308,7 @@ void Executor::setInitializationGraph( } std::pair, ref> pointerResolution; - auto resolved = state.getBase(pointer.first, pointerResolution); + auto resolved = state.getBase(pointerExpr->getBase(), pointerResolution); if (resolved) { // The objects have to be symbolic @@ -7339,19 +7320,21 @@ void Executor::setInitializationGraph( pointerIndex = i; pointerFound = true; } - if (symbolic.memoryObject->id == pointer.second.first) { + if (symbolic.memoryObject->id == pointer.second.first->id) { pointeeIndex = i; pointeeFound = true; } ++i; } if (pointerFound && pointeeFound) { - ref offset = model.evaluate(pointerResolution.second); - ref indexOffset = model.evaluate(pointer.second.second); + ref offset = + model.evaluate(pointerResolution.second, false); + ref indexOffset = + model.evaluate(pointer.second.second, false); Pointer o; - o.offset = offset->getZExtValue(); + o.offset = cast(offset)->getZExtValue(); o.index = pointeeIndex; - o.indexOffset = indexOffset->getZExtValue(); + o.indexOffset = cast(indexOffset)->getZExtValue(); if (s[pointerIndex].count(o.offset) && s[pointerIndex][o.offset] != std::make_pair(o.index, o.indexOffset)) { @@ -7374,24 +7357,6 @@ void Executor::setInitializationGraph( return; } -Assignment Executor::computeConcretization(const ConstraintSet &constraints, - ref condition, - SolverQueryMetaData &queryMetaData) { - Assignment concretization; - if (Query(constraints, condition, queryMetaData.id).containsSymcretes()) { - ref response; - solver->setTimeout(coreSolverTimeout); - bool success = solver->getResponse( - constraints, Expr::createIsZero(condition), response, queryMetaData); - solver->setTimeout(time::Span()); - assert(success); - assert(isa(response)); - concretization = cast(response)->initialValuesFor( - constraints.gatherSymcretizedArrays()); - } - return concretization; -} - bool isReproducible(const klee::Symbolic &symb) { auto arr = symb.array; bool bad = IrreproducibleSource::classof(arr->source.get()); @@ -7418,6 +7383,16 @@ bool isUninitialized(const klee::Array *array) { return bad; } +bool isMakeSymbolic(const klee::Symbolic &symb) { + auto array = symb.array; + bool good = isa(array->source); + if (!good) + klee_warning_once(array->source.get(), + "A not make_symbolic array %s reaches a test", + array->getIdentifier().c_str()); + return good; +} + bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) { solver->setTimeout(coreSolverTimeout); @@ -7448,14 +7423,7 @@ bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) { // If the particular constraint operated on in this iteration through // the loop isn't implied then add it to the list of constraints. if (!mustBeTrue) { - Assignment concretization = computeConcretization( - extendedConstraints.cs(), pi, state.queryMetaData); - - if (!concretization.isEmpty()) { - extendedConstraints.addConstraint(pi, concretization); - } else { - extendedConstraints.addConstraint(pi, {}); - } + extendedConstraints.addConstraint(pi); } } } @@ -7468,8 +7436,14 @@ bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) { std::back_inserter(uninitObjects), isUninitialized); std::vector symbolics; - std::copy_if(state.symbolics.begin(), state.symbolics.end(), - std::back_inserter(symbolics), isReproducible); + + if (OnlyOutputMakeSymbolicArrays) { + std::copy_if(state.symbolics.begin(), state.symbolics.end(), + std::back_inserter(symbolics), isMakeSymbolic); + } else { + std::copy_if(state.symbolics.begin(), state.symbolics.end(), + std::back_inserter(symbolics), isReproducible); + } // we cannot be sure that an irreproducible state proves the presence of an // error @@ -7480,20 +7454,125 @@ bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) { setHaltExecution(HaltExecution::ReachedTarget); } - std::vector> values; - std::vector objects; + std::unordered_set objectSet; for (auto &symbolic : symbolics) { - objects.push_back(symbolic.array); + objectSet.insert(symbolic.array); } - bool success = solver->getInitialValues(extendedConstraints.cs(), objects, - values, state.queryMetaData); + for (auto &array : allObjects) { + objectSet.insert(array); + } + + std::vector objects(objectSet.begin(), objectSet.end()); + + ref response; + solver->setTimeout(coreSolverTimeout); + bool success = + solver->getResponse(extendedConstraints.cs(), Expr::createFalse(), + response, state.queryMetaData); solver->setTimeout(time::Span()); - if (!success) { + if (!success || !isa(response)) { klee_warning("unable to compute initial values (invalid constraints?)!"); ExprPPrinter::printQuery(llvm::errs(), state.constraints.cs(), ConstantExpr::alloc(0, Expr::Bool)); return false; } + assert(isa(response)); + + Assignment model = cast(response)->initialValuesFor(objects); + AssignmentEvaluator evaluator(model, false); + + Expr::Width pointerWidthInBits = Context::get().getPointerWidth(); + + std::vector> symbolicSizesTerms; + + /* Collect all size symcretes. */ + for (ref symcrete : extendedConstraints.cs().symcretes()) { + if (isa(symcrete)) { + symbolicSizesTerms.push_back( + ZExtExpr::create(symcrete->symcretized, pointerWidthInBits)); + } + } + + if (symbolicSizesTerms.size() > 0) { + ref symbolicSizesSum = + createNonOverflowingSumExpr(symbolicSizesTerms); + + std::vector symcreteObjects; + std::vector> symcreteValues; + bool success = + computeSizes(extendedConstraints.cs(), symbolicSizesSum, + symcreteObjects, symcreteValues, state.queryMetaData); + if (success) { + Assignment symcreteModel = Assignment(symcreteObjects, symcreteValues); + + for (auto &i : model.diffWith(symcreteModel).bindings) { + model.bindings.replace({i.first, i.second}); + } + } + + ExprHashMap> concretizations; + + for (ref symcrete : extendedConstraints.cs().symcretes()) { + concretizations[symcrete->symcretized] = + evaluator.visit(symcrete->symcretized); + } + + std::vector addresses; + + for (const ref &symcrete : extendedConstraints.cs().symcretes()) { + ref sizeSymcrete = dyn_cast(symcrete); + + if (!sizeSymcrete) { + continue; + } + + ref symcretizedAddress = sizeSymcrete->addressSymcrete.symcretized; + + /* Receive address array linked with this size array to request address + * concretization. */ + ref condcretized = concretizations.at(symcrete->symcretized); + + uint64_t newSize = cast(condcretized)->getZExtValue(); + + void *address = malloc(newSize); + addresses.push_back(address); + unsigned char *charAddressIterator = + reinterpret_cast(&address); + SparseStorageImpl storage(0); + storage.store(0, charAddressIterator, + charAddressIterator + sizeof(address)); + ref constantAddress = ConstantExpr::create( + reinterpret_cast(address), symcretizedAddress->getWidth()); + + concretizations[symcretizedAddress] = constantAddress; + } + + ref concretizationCondition = Expr::createFalse(); + for (const auto &concretization : concretizations) { + solver->setTimeout(coreSolverTimeout); + success = solver->getResponse( + extendedConstraints.cs(), + OrExpr::create(Expr::createIsZero(EqExpr::create( + concretization.first, concretization.second)), + concretizationCondition), + response, state.queryMetaData); + solver->setTimeout(time::Span()); + + if (auto invalidResponse = dyn_cast(response)) { + concretizationCondition = + OrExpr::create(Expr::createIsZero(EqExpr::create( + concretization.first, concretization.second)), + concretizationCondition); + model = invalidResponse->initialValuesFor(objects); + } else { + llvm::errs(); + } + } + + for (auto addr : addresses) { + free(addr); + } + } res.numObjects = symbolics.size(); res.objects = new KTestObject[res.numObjects]; @@ -7504,13 +7583,16 @@ bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) { // Remove mo->size, evaluate size expr in array for (auto &symbolic : symbolics) { auto mo = symbolic.memoryObject; + auto &values = model.bindings.at(symbolic.array); KTestObject *o = &res.objects[i]; o->name = const_cast(mo->name.c_str()); - o->address = mo->address; - o->numBytes = mo->size; + o->address = cast(evaluator.visit(mo->getBaseExpr())) + ->getZExtValue(); + o->numBytes = cast(evaluator.visit(mo->getSizeExpr())) + ->getZExtValue(); o->bytes = new unsigned char[o->numBytes]; - for (size_t j = 0; j < mo->size; j++) { - o->bytes[j] = values[i].load(j); + for (size_t j = 0; j < o->numBytes; j++) { + o->bytes[j] = values.load(j); } o->numPointers = 0; o->pointers = nullptr; @@ -7518,11 +7600,6 @@ bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) { } } - Assignment model = Assignment(objects, values); - for (auto binding : state.constraints.cs().concretization().bindings) { - model.bindings.insert(binding); - } - setInitializationGraph(state, symbolics, model, res); return true; diff --git a/lib/Core/Executor.h b/lib/Core/Executor.h index 090b39aaed..eb769d1831 100644 --- a/lib/Core/Executor.h +++ b/lib/Core/Executor.h @@ -22,11 +22,11 @@ #include "TargetedExecutionManager.h" #include "UserSearcher.h" +#include "klee/ADT/Either.h" #include "klee/ADT/RNG.h" #include "klee/Core/BranchTypes.h" #include "klee/Core/Interpreter.h" #include "klee/Core/TerminationTypes.h" -#include "klee/Expr/ArrayCache.h" #include "klee/Expr/ArrayExprOptimizer.h" #include "klee/Expr/Constraints.h" #include "klee/Expr/SourceBuilder.h" @@ -34,6 +34,7 @@ #include "klee/Module/Cell.h" #include "klee/Module/KInstruction.h" #include "klee/Module/KModule.h" +#include "klee/Support/Timer.h" #include "klee/System/Time.h" #include "klee/Support/CompilerWarning.h" @@ -73,7 +74,6 @@ class Value; } // namespace llvm namespace klee { -class AddressManager; class Array; struct Cell; class CodeGraphInfo; @@ -117,8 +117,8 @@ class Executor : public Interpreter { friend class WeightedRandomSearcher; friend class SpecialFunctionHandler; friend class StatsTracker; - friend klee::Searcher * - klee::constructUserSearcher(Executor &executor, bool stopAfterReachingTarget); + friend klee::Searcher *klee::constructBaseSearcher(Executor &executor); + friend klee::Searcher *klee::constructUserSearcher(Executor &executor); public: typedef std::pair StatePair; @@ -132,6 +132,8 @@ class Executor : public Interpreter { size_t maxNewWriteableOSSize = 0; size_t maxNewStateStackSize = 0; + size_t multiplexReached = 0; + using SetOfStates = std::set; /* Set of Intrinsic::ID. Plain type is used here to avoid including llvm in * the header */ @@ -144,7 +146,6 @@ class Executor : public Interpreter { ExternalDispatcher *externalDispatcher; std::unique_ptr solver; - std::unique_ptr addressManager; std::unique_ptr memory; TypeManager *typeSystemManager; @@ -160,8 +161,6 @@ class Executor : public Interpreter { std::unique_ptr targetCalculator; std::unique_ptr targetManager; - ExprHashMap, llvm::Type *>> constantGepExprBases; - /// When non-empty the Executor is running in "seed" mode. The /// states in this map will be executed in an arbitrary order /// (outside the normal search interface) until they terminate. When @@ -176,7 +175,7 @@ class Executor : public Interpreter { /// Map of globals to their bound address. This also includes /// globals that have no representative object (i.e. functions). - std::map> globalAddresses; + std::map> globalAddresses; /// Map of legal function addresses to the corresponding Function. /// Used to validate and dereference function pointers. @@ -225,9 +224,6 @@ class Executor : public Interpreter { /// Maximum time to allow for a single instruction. time::Span maxInstructionTime; - /// Assumes ownership of the created array objects - ArrayCache arrayCache; - /// File to print executed instructions to std::unique_ptr debugInstFile; @@ -250,6 +246,13 @@ class Executor : public Interpreter { /// @brief SARIF report for all exploration paths. SarifReportJson sarifReport; + FunctionsByModule functionsByModule; + + const char *okExternalsList[4] = {"printf", "fprintf", "puts", "getpid"}; + std::set okExternals = std::set( + okExternalsList, + okExternalsList + (sizeof(okExternalsList) / sizeof(okExternalsList[0]))); + /// Return the typeid corresponding to a certain `type_info` ref getEhTypeidFor(ref type_info); @@ -257,12 +260,8 @@ class Executor : public Interpreter { void executeInstruction(ExecutionState &state, KInstruction *ki); - void targetedRun(ExecutionState &initialState, KBlock *target, - ExecutionState **resultState = nullptr); - void seed(ExecutionState &initialState); void run(ExecutionState *initialState); - void runWithTarget(ExecutionState &state, KFunction *kf, KBlock *target); void initializeTypeManager(); @@ -292,6 +291,8 @@ class Executor : public Interpreter { ObjectState *bindObjectInState(ExecutionState &state, const MemoryObject *mo, KType *dynamicType, bool IsAlloca, const Array *array = nullptr); + ObjectState *bindObjectInState(ExecutionState &state, const MemoryObject *mo, + const ObjectState *object); /// Resolve a pointer to the memory objects it could point to the /// start of, forking execution when necessary and generating errors @@ -301,7 +302,8 @@ class Executor : public Interpreter { /// \param results[out] A list of ((MemoryObject,ObjectState), /// state) pairs for each object the given address can point to the /// beginning of. - typedef std::vector> ExactResolutionList; + typedef std::vector> + ExactResolutionList; bool resolveExact(ExecutionState &state, ref p, KType *type, ExactResolutionList &results, const std::string &name); @@ -310,16 +312,18 @@ class Executor : public Interpreter { const ObjectState *reallocFrom, size_t allocationAlignment, bool checkOutOfMemory); - bool computeSizes(ExecutionState &state, ref size, + bool computeSizes(const ConstraintSet &constraints, ref symbolicSizesSum, std::vector &objects, - std::vector> &values); + std::vector> &values, + SolverQueryMetaData &metaData); MemoryObject *allocate(ExecutionState &state, ref size, bool isLocal, bool isGlobal, ref allocSite, - size_t allocationAlignment, + size_t allocationAlignment, KType *type, + ref conditionExpr = Expr::createTrue(), ref lazyInitializationSource = ref(), - unsigned timestamp = 0); + unsigned timestamp = 0, bool isSymbolic = false); /// Allocate and bind a new object in a particular state. NOTE: This /// function may fork. @@ -351,7 +355,7 @@ class Executor : public Interpreter { /// convenience for realloc). Note that this function can cause the /// state to fork and that \ref state cannot be safely accessed /// afterwards. - void executeFree(ExecutionState &state, ref address, + void executeFree(ExecutionState &state, ref address, KInstruction *target = 0); /// Serialize a landingpad instruction so it can be handled by the @@ -367,17 +371,19 @@ class Executor : public Interpreter { void executeCall(ExecutionState &state, KInstruction *ki, llvm::Function *f, std::vector> &arguments); - bool resolveMemoryObjects(ExecutionState &state, ref address, + typedef std::vector> ObjectResolutionList; + + bool resolveMemoryObjects(ExecutionState &state, ref address, KType *targetType, KInstruction *target, unsigned bytes, - std::vector &mayBeResolvedMemoryObjects, + ObjectResolutionList &mayBeResolvedMemoryObjects, bool &mayBeOutOfBound, bool &mayLazyInitialize, bool &incomplete, bool onlyLazyInitialize = false); bool checkResolvedMemoryObjects( - ExecutionState &state, ref address, KInstruction *target, - unsigned bytes, const std::vector &mayBeResolvedMemoryObjects, - bool hasLazyInitialized, std::vector &resolvedMemoryObjects, + ExecutionState &state, ref address, KInstruction *target, + unsigned bytes, const ObjectResolutionList &mayBeResolvedMemoryObjects, + bool hasLazyInitialized, ObjectResolutionList &resolvedMemoryObjects, std::vector> &resolveConditions, std::vector> &unboundConditions, ref &checkOutOfBounds, bool &mayBeOutOfBound); @@ -388,47 +394,34 @@ class Executor : public Interpreter { ref checkOutOfBounds, bool hasLazyInitialized, ref &guard, bool &mayBeInBounds); - bool collectConcretizations(ExecutionState &state, - const std::vector> &resolveConditions, - const std::vector> &unboundConditions, - const std::vector &resolvedMemoryObjects, - ref checkOutOfBounds, - bool hasLazyInitialized, ref &guard, - std::vector &resolveConcretizations, - bool &mayBeInBounds); - - void collectReads(ExecutionState &state, ref address, KType *targetType, - Expr::Width type, unsigned bytes, - const std::vector &resolvedMemoryObjects, - const std::vector &resolveConcretizations, + void collectReads(ExecutionState &state, ref address, + KType *targetType, Expr::Width type, unsigned bytes, + const ObjectResolutionList &resolvedMemoryObjects, std::vector> &results); // do address resolution / object binding / out of bounds checking // and perform the operation void executeMemoryOperation(ExecutionState &state, bool isWrite, - KType *targetType, ref address, + KType *targetType, ref address, ref value /* undef if read */, KInstruction *target /* undef if write */); - bool lazyInitializeObject(ExecutionState &state, ref address, - const KInstruction *target, KType *targetType, - uint64_t size, bool isLocal, IDType &id, - bool isConstant = true); + ref + lazyInitializeObject(ExecutionState &state, ref address, + const KInstruction *target, KType *targetType, + uint64_t concreteSize, ref size, bool isLocal, + ref conditionExpr, bool isConstant = true); - IDType lazyInitializeLocalObject(ExecutionState &state, StackFrame &sf, - ref address, - const KInstruction *target); + void lazyInitializeLocalObject(ExecutionState &state, StackFrame &sf, + ref address, const KInstruction *target); - IDType lazyInitializeLocalObject(ExecutionState &state, ref address, - const KInstruction *target); + void lazyInitializeLocalObject(ExecutionState &state, ref address, + const KInstruction *target); void executeMakeSymbolic(ExecutionState &state, const MemoryObject *mo, KType *type, const ref source, bool isLocal); - void updateStateWithSymcretes(ExecutionState &state, - const Assignment &assignment); - /// Assume that `current` state stepped to `block`. /// Can we reach at least one target of `current` from there? bool canReachSomeTargetFromBlock(ExecutionState ¤t, KBlock *block); @@ -453,10 +446,6 @@ class Executor : public Interpreter { // return it. Otherwise, return the unmodified condition. ref maxStaticPctChecks(ExecutionState ¤t, ref condition); - Assignment computeConcretization(const ConstraintSet &constraints, - ref condition, - SolverQueryMetaData &queryMetaData); - /// Add the given (boolean) condition as a constraint on state. This /// function is a wrapper around the state's addConstraint function /// which also manages propagation of implied values, @@ -476,44 +465,65 @@ class Executor : public Interpreter { ref readArgument(ExecutionState &state, StackFrame &frame, const KFunction *kf, unsigned index) { - ref arg = frame.locals[kf->getArgRegister(index)].value; + ref arg = frame.locals->at(kf->getArgRegister(index)).value; if (!arg) { prepareSymbolicArg(state, frame, index); } - return frame.locals[kf->getArgRegister(index)].value; + return frame.locals->at(kf->getArgRegister(index)).value; } ref readDest(ExecutionState &state, StackFrame &frame, const KInstruction *target) { unsigned index = target->getDest(); - ref reg = frame.locals[index].value; + ref reg = frame.locals->at(index).value; if (!reg) { prepareSymbolicRegister(state, frame, index); } - return frame.locals[index].value; + return frame.locals->at(index).value; } - Cell &getArgumentCell(const StackFrame &frame, const KFunction *kf, - unsigned index) { - return frame.locals[kf->getArgRegister(index)]; + const Cell &getArgumentCell(const StackFrame &frame, const KFunction *kf, + unsigned index) { + return frame.locals->at(kf->getArgRegister(index)); } - Cell &getDestCell(const StackFrame &frame, const KInstruction *target) { - return frame.locals[target->getDest()]; + const Cell &getDestCell(const StackFrame &frame, const KInstruction *target) { + return frame.locals->at(target->getDest()); + } + + void setArgumentCell(StackFrame &frame, const KFunction *kf, unsigned index, + ref value) { + return frame.locals->set(kf->getArgRegister(index), Cell(value)); + } + + void setDestCell(StackFrame &frame, const KInstruction *target, + ref value) { + return frame.locals->set(target->getDest(), Cell(value)); } const Cell &eval(const KInstruction *ki, unsigned index, ExecutionState &state, bool isSymbolic = true); - Cell &getArgumentCell(const ExecutionState &state, const KFunction *kf, - unsigned index) { + const Cell &getArgumentCell(const ExecutionState &state, const KFunction *kf, + unsigned index) { return getArgumentCell(state.stack.valueStack().back(), kf, index); } - Cell &getDestCell(const ExecutionState &state, const KInstruction *target) { + const Cell &getDestCell(const ExecutionState &state, + const KInstruction *target) { return getDestCell(state.stack.valueStack().back(), target); } + void setArgumentCell(ExecutionState &state, const KFunction *kf, + unsigned index, ref value) { + setArgumentCell(state.stack.valueStack().back(), kf, index, value); + } + + void setDestCell(ExecutionState &state, const KInstruction *target, + ref value) { + setDestCell(state.stack.valueStack().back(), target, value); + } + void bindLocal(const KInstruction *target, StackFrame &frame, ref value); @@ -533,9 +543,9 @@ class Executor : public Interpreter { /// Evaluates an LLVM constant expression. The optional argument ki /// is the instruction where this constant was encountered, or NULL /// if not applicable/unavailable. - ref evalConstantExpr(const llvm::ConstantExpr *c, - llvm::APFloat::roundingMode rm, - const KInstruction *ki = NULL); + ref evalConstantExpr(const llvm::ConstantExpr *c, + llvm::APFloat::roundingMode rm, + const KInstruction *ki = NULL); /// Evaluates an LLVM float comparison. the operands are two float /// expressions. @@ -545,14 +555,14 @@ class Executor : public Interpreter { /// Evaluates an LLVM constant. The optional argument ki is the /// instruction where this constant was encountered, or NULL if /// not applicable/unavailable. - ref evalConstant(const llvm::Constant *c, - llvm::APFloat::roundingMode rm, - const KInstruction *ki = NULL); + ref evalConstant(const llvm::Constant *c, + llvm::APFloat::roundingMode rm, + const KInstruction *ki = NULL); /// Return a unique constant value for the given expression in the /// given state, if it has one (i.e. it provably only has a single /// value). Otherwise return the original expression. - ref toUnique(const ExecutionState &state, ref &e); + ref toUnique(const ExecutionState &state, ref e); /// Return a constant value for the given expression, forcing it to /// be constant in the given state by adding a constraint if @@ -563,13 +573,17 @@ class Executor : public Interpreter { ref toConstant(ExecutionState &state, ref e, const char *purpose); + ref toConstantPointer(ExecutionState &state, + ref e, + const char *purpose); + /// Bind a constant value for e to the given target. NOTE: This /// function may fork state if the state has multiple seeds. void executeGetValue(ExecutionState &state, ref e, KInstruction *target); /// Get textual information regarding a memory address. - std::string getAddressInfo(ExecutionState &state, ref address, + std::string getAddressInfo(ExecutionState &state, ref address, unsigned size = 0, const MemoryObject *mo = nullptr) const; @@ -652,10 +666,10 @@ class Executor : public Interpreter { uint64_t updateNameVersion(ExecutionState &state, const std::string &name); - const Array *makeArray(ref size, const ref source); + const Array *makeArray(ref size, + const ref source) const; - ExecutionState *prepareStateForPOSIX(KInstIterator &caller, - ExecutionState *state); + ref makePointer(ref expr) const; void prepareTargetedExecution(ExecutionState &initialState, ref whitelist); @@ -666,8 +680,7 @@ class Executor : public Interpreter { const SetOfStates &leftStates, HaltExecution::Reason reason = HaltExecution::NotHalt); - void checkNullCheckAfterDeref(ref cond, ExecutionState &state, - ExecutionState *fstate, ExecutionState *sstate); + void checkNullCheckAfterDeref(ref cond, ExecutionState &state); template void computeOffsetsSeqTy(KGEPInstruction *kgepi, @@ -741,6 +754,8 @@ class Executor : public Interpreter { const std::set &ignoredExternals, std::vector> redefinitions) override; + void setFunctionsByModule(FunctionsByModule &&functionsByModule) override; + void useSeeds(const std::vector *seeds) override { usingSeeds = seeds; } @@ -769,7 +784,7 @@ class Executor : public Interpreter { KInstruction *target); void prepareMockValue(ExecutionState &state, const std::string &name, - KInstruction *target); + llvm::Type *type, KInstruction *target); void prepareSymbolicRegister(ExecutionState &state, StackFrame &frame, unsigned index); diff --git a/lib/Core/ExecutorUtil.cpp b/lib/Core/ExecutorUtil.cpp index 68603341c0..546d6e1a94 100644 --- a/lib/Core/ExecutorUtil.cpp +++ b/lib/Core/ExecutorUtil.cpp @@ -10,6 +10,7 @@ #include "Executor.h" #include "klee/Core/Context.h" +#include "klee/ADT/Either.h" #include "klee/Config/Version.h" #include "klee/Core/Interpreter.h" #include "klee/Expr/Expr.h" @@ -21,6 +22,7 @@ DISABLE_WARNING_PUSH DISABLE_WARNING_DEPRECATED_DECLARATIONS #include "llvm/ADT/APFloat.h" +#include "llvm/ADT/APInt.h" #include "llvm/IR/Constants.h" #include "llvm/IR/DataLayout.h" #include "llvm/IR/Function.h" @@ -96,7 +98,7 @@ ref Executor::evalConstant(const Constant *c, assert(it != globalAddresses.end()); return it->second; } else if (isa(c)) { - return Expr::createPointer(0); + return PointerExpr::create(Expr::createPointer(0)); } else if (isa(c) || isa(c)) { if (getWidthForLLVMType(c->getType()) == 0) { if (isa(ki->inst())) { @@ -149,7 +151,7 @@ ref Executor::evalConstant(const Constant *c, } assert(Context::get().isLittleEndian() && "FIXME:Broken for big endian"); ref res = ConcatExpr::createN(kids.size(), kids.data()); - return cast(res); + return res; } else if (const ConstantVector *cv = dyn_cast(c)) { llvm::SmallVector, 8> kids; const size_t numOperands = cv->getNumOperands(); @@ -159,16 +161,15 @@ ref Executor::evalConstant(const Constant *c, } assert(Context::get().isLittleEndian() && "FIXME:Broken for big endian"); ref res = ConcatExpr::createN(numOperands, kids.data()); - assert(isa(res) && - "result of constant vector built is not a constant"); - return cast(res); + return res; } else if (const BlockAddress *ba = dyn_cast(c)) { // return the address of the specified basic block in the specified // function const auto arg_bb = (BasicBlock *)ba->getOperand(1); - const auto res = - Expr::createPointer(reinterpret_cast(arg_bb)); - return cast(res); + const auto res = PointerExpr::create( + Expr::createPointer(reinterpret_cast(arg_bb)), + Expr::createPointer(reinterpret_cast(arg_bb))); + return res; } else { std::string msg("Cannot handle constant "); llvm::raw_string_ostream os(msg); @@ -179,9 +180,8 @@ ref Executor::evalConstant(const Constant *c, } } -ref Executor::evaluateFCmp(unsigned int predicate, - ref left, - ref right) const { +ref Executor::evaluateFCmp(unsigned int predicate, ref left, + ref right) const { ref result = 0; switch (predicate) { case FCmpInst::FCMP_FALSE: { @@ -281,14 +281,21 @@ ref Executor::evalConstantExpr(const llvm::ConstantExpr *ce, llvm::Type *type = ce->getType(); ref op1(0), op2(0), op3(0); + bool isPointer1(false), isPointer2(false), isPointer3(false); int numOperands = ce->getNumOperands(); - if (numOperands > 0) + if (numOperands > 0) { op1 = evalConstant(ce->getOperand(0), rm, ki); - if (numOperands > 1) + isPointer1 = isa(op1); + } + if (numOperands > 1) { op2 = evalConstant(ce->getOperand(1), rm, ki); - if (numOperands > 2) + isPointer2 = isa(op2); + } + if (numOperands > 2) { op3 = evalConstant(ce->getOperand(2), rm, ki); + isPointer3 = isa(op3); + } /* Checking for possible errors during constant folding */ switch (ce->getOpcode()) { @@ -296,29 +303,34 @@ ref Executor::evalConstantExpr(const llvm::ConstantExpr *ce, case Instruction::UDiv: case Instruction::SRem: case Instruction::URem: { - if (auto op2Const = dyn_cast(op2)) { - if (op2Const->getLimitedValue() == 0) { - std::string msg( - "Division/modulo by zero during constant folding at location "); - llvm::raw_string_ostream os(msg); - os << (ki ? ki->getSourceLocationString() : "[unknown]"); - klee_error("%s", os.str().c_str()); + if (!isPointer2) { + if (auto op2Const = dyn_cast(op2)) { + if (op2Const->getLimitedValue() == 0) { + std::string msg( + "Division/modulo by zero during constant folding at location "); + llvm::raw_string_ostream os(msg); + os << (ki ? ki->getSourceLocationString() : "[unknown]"); + klee_error("%s", os.str().c_str()); + } } } break; } case Instruction::Shl: case Instruction::LShr: - case Instruction::AShr: - if (auto op2Const = dyn_cast(op2)) { - if (op2Const->getLimitedValue() >= op1->getWidth()) { - std::string msg("Overshift during constant folding at location "); - llvm::raw_string_ostream os(msg); - os << (ki ? ki->getSourceLocationString() : "[unknown]"); - klee_error("%s", os.str().c_str()); + case Instruction::AShr: { + if (!isPointer2) { + if (auto op2Const = dyn_cast(op2)) { + if (op2Const->getLimitedValue() >= op1->getWidth()) { + std::string msg("Overshift during constant folding at location "); + llvm::raw_string_ostream os(msg); + os << (ki ? ki->getSourceLocationString() : "[unknown]"); + klee_error("%s", os.str().c_str()); + } } } } + } std::string msg("Unknown ConstantExpr type"); llvm::raw_string_ostream os(msg); @@ -376,25 +388,34 @@ ref Executor::evalConstantExpr(const llvm::ConstantExpr *ce, result = cast(FPToX87FP80Ext(result)); } - if (constantGepExprBases.count(result)) { - constantGepExprBases[result] = {constantGepExprBases[result].first, - ce->getType()}; - } - return result; } - case Instruction::IntToPtr: + case Instruction::IntToPtr: { return ZExtExpr::create(op1, getWidthForLLVMType(type)); + } case Instruction::PtrToInt: return ZExtExpr::create(op1, getWidthForLLVMType(type)); case Instruction::GetElementPtr: { - ref base = ZExtExpr::create(op1, Context::get().getPointerWidth()); + if (!isPointer1) { + op1 = PointerExpr::create(op1, op1); + } + + ref base = cast(op1)->getBase(); + ref offset = cast(op1)->getOffset(); + for (gep_type_iterator ii = gep_type_begin(ce), ie = gep_type_end(ce); ii != ie; ++ii) { - ref indexOp = evalConstant(cast(ii.getOperand()), rm, ki); + auto iop = evalConstant(cast(ii.getOperand()), rm, ki); + ref indexOp; + if (auto ipointer = dyn_cast(iop)) { + base = AddExpr::create(base, ipointer->getBase()); + indexOp = ipointer->getOffset(); + } else + indexOp = iop; + if (indexOp->isZero()) continue; @@ -407,31 +428,24 @@ ref Executor::evalConstantExpr(const llvm::ConstantExpr *ce, } unsigned ElementIdx = indexOpConst->getZExtValue(); const StructLayout *SL = kmodule->targetData->getStructLayout(STy); - base = AddExpr::create( - base, ConstantExpr::alloc(APInt(Context::get().getPointerWidth(), - SL->getElementOffset(ElementIdx)))); + offset = AddExpr::create( + offset, + ConstantExpr::alloc(APInt(Context::get().getPointerWidth(), + SL->getElementOffset(ElementIdx)))); continue; } // For array or vector indices, scale the index by the size of the type. // Indices can be negative - base = AddExpr::create( - base, + offset = AddExpr::create( + offset, MulExpr::create( SExtExpr::create(indexOp, Context::get().getPointerWidth()), ConstantExpr::alloc(APInt(Context::get().getPointerWidth(), kmodule->targetData->getTypeAllocSize( ii.getIndexedType()))))); } - - if (constantGepExprBases.count(op1)) { - constantGepExprBases[base] = constantGepExprBases[op1]; - } else { - constantGepExprBases[base] = { - op1, llvm::cast(ce)->getSourceElementType()}; - } - - return base; + return PointerExpr::create(base, AddExpr::create(base, offset)); } case Instruction::ICmp: { diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp index 33b0fca37f..b27ad36eee 100644 --- a/lib/Core/Memory.cpp +++ b/lib/Core/Memory.cpp @@ -9,13 +9,15 @@ #include "Memory.h" +#include "ConstructStorage.h" #include "ExecutionState.h" #include "MemoryManager.h" +#include "klee/ADT/Ref.h" +#include "klee/ADT/SparseStorage.h" #include "klee/Core/Context.h" #include "CodeLocation.h" #include "klee/ADT/BitArray.h" -#include "klee/Expr/ArrayCache.h" #include "klee/Expr/Assignment.h" #include "klee/Expr/Expr.h" #include "klee/Module/KType.h" @@ -34,9 +36,34 @@ DISABLE_WARNING_DEPRECATED_DECLARATIONS #include "llvm/Support/raw_ostream.h" DISABLE_WARNING_POP +#include #include +#include +#include #include +namespace klee { +llvm::cl::opt MemoryBackend( + "memory-backend", + llvm::cl::desc("Type of data structures to use for memory modelling " + "(default=fixed)"), + llvm::cl::values(clEnumValN(MemoryType::Fixed, "fixed", + "Use fixed size data structure (default) "), + clEnumValN(MemoryType::Dynamic, "dynamic", + "Use dynamic size data structure"), + clEnumValN(MemoryType::Persistent, "persistent", + "Use persistent data structures"), + clEnumValN(MemoryType::Mixed, "mixed", + "Use according to the conditions")), + llvm::cl::init(MemoryType::Fixed)); + +llvm::cl::opt MaxFixedSizeStructureSize( + "max-fixed-size-structures-size", + llvm::cl::desc("Maximum available size to use dense structures for memory " + "(default 10Mb)"), + llvm::cl::init(10ll << 10)); +} // namespace klee + using namespace llvm; using namespace klee; @@ -54,7 +81,9 @@ std::string MemoryObject::getAllocInfo() const { std::string result; llvm::raw_string_ostream info(result); - info << "MO" << id << "[" << size << "]"; + info << "MO" << id << "["; + sizeExpr->print(info); + info << "]"; if (allocSite && allocSite->source) { const llvm::Value *allocSiteSource = allocSite->source->unwrap(); @@ -78,170 +107,222 @@ std::string MemoryObject::getAllocInfo() const { /***/ ObjectState::ObjectState(const MemoryObject *mo, const Array *array, KType *dt) - : copyOnWriteOwner(0), object(mo), knownSymbolics(nullptr), - unflushedMask(false), updates(array, nullptr), lastUpdate(nullptr), - size(array->size), dynamicType(dt), readOnly(false) {} + : copyOnWriteOwner(0), object(mo), valueOS(ObjectStage(array, nullptr)), + baseOS(ObjectStage(array->size, Expr::createPointer(0), false, + Context::get().getPointerWidth())), + lastUpdate(nullptr), size(array->size), dynamicType(dt), readOnly(false) { + baseOS.initializeToZero(); +} ObjectState::ObjectState(const MemoryObject *mo, KType *dt) - : copyOnWriteOwner(0), object(mo), knownSymbolics(nullptr), - unflushedMask(false), updates(nullptr, nullptr), lastUpdate(nullptr), - size(mo->getSizeExpr()), dynamicType(dt), readOnly(false) {} + : copyOnWriteOwner(0), object(mo), + valueOS(ObjectStage(mo->getSizeExpr(), nullptr)), + baseOS(ObjectStage(mo->getSizeExpr(), Expr::createPointer(0), false, + Context::get().getPointerWidth())), + lastUpdate(nullptr), size(mo->getSizeExpr()), dynamicType(dt), + readOnly(false) { + baseOS.initializeToZero(); +} ObjectState::ObjectState(const ObjectState &os) - : copyOnWriteOwner(0), object(os.object), knownSymbolics(os.knownSymbolics), - unflushedMask(os.unflushedMask), updates(os.updates), - lastUpdate(os.lastUpdate), size(os.size), dynamicType(os.dynamicType), - readOnly(os.readOnly) {} - -ArrayCache *ObjectState::getArrayCache() const { - assert(object && "object was NULL"); - return object->parent->getArrayCache(); -} + : copyOnWriteOwner(0), object(os.object), valueOS(os.valueOS), + baseOS(os.baseOS), lastUpdate(os.lastUpdate), size(os.size), + dynamicType(os.dynamicType), readOnly(os.readOnly), + wasWritten(os.wasWritten) {} /***/ -const UpdateList &ObjectState::getUpdates() const { - // Constant arrays are created lazily. - - if (auto sizeExpr = dyn_cast(size)) { - auto size = sizeExpr->getZExtValue(); - if (knownSymbolics.storage().size() == size) { - SparseStorage> values( - ConstantExpr::create(0, Expr::Int8)); - UpdateList symbolicUpdates = UpdateList(nullptr, nullptr); - for (unsigned i = 0; i < size; i++) { - auto value = knownSymbolics.load(i); - assert(value); - if (isa(value)) { - values.store(i, cast(value)); - } else { - symbolicUpdates.extend(ConstantExpr::create(i, Expr::Int32), value); - } - } - auto array = getArrayCache()->CreateArray( - sizeExpr, SourceBuilder::constant(values)); - updates = UpdateList(array, symbolicUpdates.head); - knownSymbolics.reset(); - unflushedMask.reset(); - } - } +void ObjectState::initializeToZero() { + valueOS.initializeToZero(); + baseOS.initializeToZero(); +} - if (!updates.root) { - SparseStorage> values( - ConstantExpr::create(0, Expr::Int8)); - auto array = - getArrayCache()->CreateArray(size, SourceBuilder::constant(values)); - updates = UpdateList(array, updates.head); +ref ObjectState::read8(unsigned offset) const { + ref val = valueOS.readWidth(offset); + ref base = baseOS.readWidth(offset); + if (base->isZero()) { + return val; + } else { + return PointerExpr::create(base, val); } - - assert(updates.root); - - return updates; } -void ObjectState::flushForRead() const { - for (const auto &unflushed : unflushedMask.storage()) { - auto offset = unflushed.first; - auto value = knownSymbolics.load(offset); - assert(value); - updates.extend(ConstantExpr::create(offset, Expr::Int32), value); - } - unflushedMask.reset(false); +ref ObjectState::readValue8(unsigned offset) const { + return valueOS.readWidth(offset); } -void ObjectState::flushForWrite() { - flushForRead(); - // The write is symbolic offset and might overwrite any byte - knownSymbolics.reset(nullptr); +ref ObjectState::readBase8(unsigned offset) const { + return baseOS.readWidth(offset); } -/***/ +ref ObjectState::read8(ref offset) const { + assert(!isa(offset) && + "constant offset passed to symbolic read8"); -ref ObjectState::read8(unsigned offset) const { - if (auto byte = knownSymbolics.load(offset)) { - return byte; + if (object) { + if (ref sizeExpr = + dyn_cast(object->getSizeExpr())) { + auto moSize = sizeExpr->getZExtValue(); + if (object && moSize > 4096) { + std::string allocInfo = object->getAllocInfo(); + klee_warning_once(nullptr, + "Symbolic memory access will send the following " + "array of %lu bytes to " + "the constraint solver -- large symbolic arrays may " + "cause significant " + "performance issues: %s", + moSize, allocInfo.c_str()); + } + } + } + ref val = valueOS.readWidth(offset); + ref base = baseOS.readWidth(offset); + if (base->isZero()) { + return val; } else { - assert(!unflushedMask.load(offset) && "unflushed byte without cache value"); - return ReadExpr::create(getUpdates(), - ConstantExpr::create(offset, Expr::Int32)); + return PointerExpr::create(base, val); } } -ref ObjectState::read8(ref offset) const { +ref ObjectState::readValue8(ref offset) const { assert(!isa(offset) && "constant offset passed to symbolic read8"); - flushForRead(); - if (object && object->size > 4096) { - std::string allocInfo = object->getAllocInfo(); - klee_warning_once( - nullptr, - "Symbolic memory access will send the following array of %d bytes to " - "the constraint solver -- large symbolic arrays may cause significant " - "performance issues: %s", - object->size, allocInfo.c_str()); + if (object) { + if (ref sizeExpr = + dyn_cast(object->getSizeExpr())) { + auto moSize = sizeExpr->getZExtValue(); + if (object && moSize > 4096) { + std::string allocInfo = object->getAllocInfo(); + klee_warning_once(nullptr, + "Symbolic memory access will send the following " + "array of %lu bytes to " + "the constraint solver -- large symbolic arrays may " + "cause significant " + "performance issues: %s", + moSize, allocInfo.c_str()); + } + } } + return valueOS.readWidth(offset); +} + +ref ObjectState::readBase8(ref offset) const { + assert(!isa(offset) && + "constant offset passed to symbolic read8"); - return ReadExpr::create(getUpdates(), ZExtExpr::create(offset, Expr::Int32)); + if (object) { + if (ref sizeExpr = + dyn_cast(object->getSizeExpr())) { + auto moSize = sizeExpr->getZExtValue(); + if (object && moSize > 4096) { + std::string allocInfo = object->getAllocInfo(); + klee_warning_once(nullptr, + "Symbolic memory access will send the following " + "array of %lu bytes to " + "the constraint solver -- large symbolic arrays may " + "cause significant " + "performance issues: %s", + moSize, allocInfo.c_str()); + } + } + } + return baseOS.readWidth(offset); } void ObjectState::write8(unsigned offset, uint8_t value) { - knownSymbolics.store(offset, ConstantExpr::create(value, Expr::Int8)); - unflushedMask.store(offset, true); + valueOS.writeWidth(offset, value); + baseOS.writeWidth(offset, + ConstantExpr::create(0, Context::get().getPointerWidth())); } void ObjectState::write8(unsigned offset, ref value) { - // can happen when ExtractExpr special cases - if (ConstantExpr *CE = dyn_cast(value)) { - write8(offset, (uint8_t)CE->getZExtValue(8)); + wasWritten = true; + if (auto pointer = dyn_cast(value)) { + valueOS.writeWidth(offset, pointer->getValue()); + baseOS.writeWidth(offset, pointer->getBase()); } else { - knownSymbolics.store(offset, value); - unflushedMask.store(offset, true); + valueOS.writeWidth(offset, value); + baseOS.writeWidth( + offset, ConstantExpr::create(0, Context::get().getPointerWidth())); } } void ObjectState::write8(ref offset, ref value) { + wasWritten = true; + assert(!isa(offset) && "constant offset passed to symbolic write8"); - flushForWrite(); - if (object && object->size > 4096) { - std::string allocInfo = object->getAllocInfo(); - klee_warning_once( - nullptr, - "Symbolic memory access will send the following array of %d bytes to " - "the constraint solver -- large symbolic arrays may cause significant " - "performance issues: %s", - object->size, allocInfo.c_str()); + if (ref sizeExpr = + dyn_cast(object->getSizeExpr())) { + auto moSize = sizeExpr->getZExtValue(); + if (object && moSize > 4096) { + std::string allocInfo = object->getAllocInfo(); + klee_warning_once(nullptr, + "Symbolic memory access will send the following array " + "of %lu bytes to " + "the constraint solver -- large symbolic arrays may " + "cause significant " + "performance issues: %s", + moSize, allocInfo.c_str()); + } } - updates.extend(ZExtExpr::create(offset, Expr::Int32), value); + if (auto pointer = dyn_cast(value)) { + valueOS.writeWidth(offset, pointer->getValue()); + baseOS.writeWidth(offset, pointer->getBase()); + } else { + valueOS.writeWidth(offset, value); + baseOS.writeWidth( + offset, ConstantExpr::create(0, Context::get().getPointerWidth())); + } } void ObjectState::write(ref os) { - knownSymbolics = os->knownSymbolics; - unflushedMask = os->unflushedMask; - updates = UpdateList(updates.root, os->updates.head); + wasWritten = true; + valueOS.write(os->valueOS); + baseOS.write(os->baseOS); lastUpdate = os->lastUpdate; } /***/ ref ObjectState::read(ref offset, Expr::Width width) const { + if (lastUpdate && lastUpdate->index == offset && + lastUpdate->value->getWidth() == width) + return lastUpdate->value; + + ref val = readValue(offset, width); + ref base = readBase(offset, width); + if (base->isZero()) { + return val; + } else { + return PointerExpr::create(base, val); + } +} + +ref ObjectState::read(unsigned offset, Expr::Width width) const { + ref val = readValue(offset, width); + ref base = readBase(offset, width); + if (base->isZero()) { + return val; + } else { + return PointerExpr::create(base, val); + } +} + +ref ObjectState::readValue(ref offset, Expr::Width width) const { // Truncate offset to 32-bits. offset = ZExtExpr::create(offset, Expr::Int32); // Check for reads at constant offsets. if (ConstantExpr *CE = dyn_cast(offset)) - return read(CE->getZExtValue(32), width); + return readValue(CE->getZExtValue(32), width); // Treat bool specially, it is the only non-byte sized write we allow. if (width == Expr::Bool) - return ExtractExpr::create(read8(offset), 0, Expr::Bool); - - if (lastUpdate && lastUpdate->index == offset && - lastUpdate->value->getWidth() == width) - return lastUpdate->value; + return ExtractExpr::create(readValue8(offset), 0, Expr::Bool); // Otherwise, follow the slow general case. unsigned NumBytes = width / 8; @@ -249,18 +330,18 @@ ref ObjectState::read(ref offset, Expr::Width width) const { ref Res(0); for (unsigned i = 0; i != NumBytes; ++i) { unsigned idx = Context::get().isLittleEndian() ? i : (NumBytes - i - 1); - ref Byte = - read8(AddExpr::create(offset, ConstantExpr::create(idx, Expr::Int32))); + ref Byte = readValue8( + AddExpr::create(offset, ConstantExpr::create(idx, Expr::Int32))); Res = i ? ConcatExpr::create(Byte, Res) : Byte; } return Res; } -ref ObjectState::read(unsigned offset, Expr::Width width) const { +ref ObjectState::readValue(unsigned offset, Expr::Width width) const { // Treat bool specially, it is the only non-byte sized write we allow. if (width == Expr::Bool) - return ExtractExpr::create(read8(offset), 0, Expr::Bool); + return ExtractExpr::create(readValue8(offset), 0, Expr::Bool); // Otherwise, follow the slow general case. unsigned NumBytes = width / 8; @@ -268,13 +349,73 @@ ref ObjectState::read(unsigned offset, Expr::Width width) const { ref Res(0); for (unsigned i = 0; i != NumBytes; ++i) { unsigned idx = Context::get().isLittleEndian() ? i : (NumBytes - i - 1); - ref Byte = read8(offset + idx); + ref Byte = readValue8(offset + idx); Res = i ? ConcatExpr::create(Byte, Res) : Byte; } return Res; } +ref ObjectState::readBase(ref offset, Expr::Width width) const { + // Truncate offset to 32-bits. + offset = ZExtExpr::create(offset, Expr::Int32); + + // Check for reads at constant offsets. + if (ConstantExpr *CE = dyn_cast(offset)) + return readBase(CE->getZExtValue(32), width); + + // Treat bool specially, it is the only non-byte sized write we allow. + if (width == Expr::Bool) + return ExtractExpr::create(readBase8(offset), 0, Expr::Bool); + + // Treat bool specially, it is the only non-byte sized write we allow. + if (width == Expr::Bool) + return ExtractExpr::create(readBase8(offset), 0, Expr::Bool); + + // Otherwise, follow the slow general case. + unsigned NumBytes = width / 8; + assert(width == NumBytes * 8 && "Invalid read size!"); + ref Res(0); + ref null = Expr::createPointer(0); + for (unsigned i = 0; i != NumBytes; ++i) { + unsigned idx = Context::get().isLittleEndian() ? i : (NumBytes - i - 1); + ref Byte = readBase8( + AddExpr::create(offset, ConstantExpr::create(idx, Expr::Int32))); + if (i) { + ref eqBytes = EqExpr::create(Byte, Res); + Res = SelectExpr::create(eqBytes, Byte, null); + } else { + Res = Byte; + } + } + + return Res; +} + +ref ObjectState::readBase(unsigned offset, Expr::Width width) const { + // Treat bool specially, it is the only non-byte sized write we allow. + if (width == Expr::Bool) + return ExtractExpr::create(readBase8(offset), 0, Expr::Bool); + + // Otherwise, follow the slow general case. + unsigned NumBytes = width / 8; + assert(width == NumBytes * 8 && "Invalid width for read size!"); + ref Res(0); + ref null = Expr::createPointer(0); + for (unsigned i = 0; i != NumBytes; ++i) { + unsigned idx = Context::get().isLittleEndian() ? i : (NumBytes - i - 1); + ref Byte = readBase8(offset + idx); + if (i) { + ref eqBytes = EqExpr::create(Byte, Res); + Res = SelectExpr::create(eqBytes, Byte, null); + } else { + Res = Byte; + } + } + + return Res; +} + void ObjectState::write(ref offset, ref value) { // Truncate offset to 32-bits. offset = ZExtExpr::create(offset, Expr::Int32); @@ -371,17 +512,208 @@ void ObjectState::write64(unsigned offset, uint64_t value) { void ObjectState::print() const { llvm::errs() << "-- ObjectState --\n"; - llvm::errs() << "\tMemoryObject ID: " << object->id << "\n"; + llvm::errs() << "\tBase ObjectStage:\n"; + valueOS.print(); + llvm::errs() << "\tOffset ObjectStage:\n"; + baseOS.print(); +} + +KType *ObjectState::getDynamicType() const { return dynamicType; } + +bool ObjectState::isAccessableFrom(KType *accessingType) const { + return !UseTypeBasedAliasAnalysis || + dynamicType->isAccessableFrom(accessingType); +} + +/***/ + +ObjectStage::ObjectStage(const Array *array, ref defaultValue, bool safe, + Expr::Width width) + : updates(array, nullptr), size(array->size), safeRead(safe), width(width) { + knownSymbolics.reset(constructStorage, OptionalRefEq>( + array->getSize(), defaultValue, MaxFixedSizeStructureSize)); + unflushedMask.reset( + constructStorage(array->getSize(), false, MaxFixedSizeStructureSize)); +} + +ObjectStage::ObjectStage(ref size, ref defaultValue, bool safe, + Expr::Width width) + : updates(nullptr, nullptr), size(size), safeRead(safe), width(width) { + knownSymbolics.reset(constructStorage, OptionalRefEq>( + size, defaultValue, MaxFixedSizeStructureSize)); + unflushedMask.reset(constructStorage(size, false, MaxFixedSizeStructureSize)); +} + +ObjectStage::ObjectStage(const ObjectStage &os) + : knownSymbolics(os.knownSymbolics->clone()), + unflushedMask(os.unflushedMask->clone()), updates(os.updates), + size(os.size), safeRead(os.safeRead), width(os.width) {} + +/***/ + +const UpdateList &ObjectStage::getUpdates() const { + if (auto sizeExpr = dyn_cast(size)) { + auto size = sizeExpr->getZExtValue(); + if (knownSymbolics->storage().size() == size) { + std::unique_ptr>> values(constructStorage( + sizeExpr, ConstantExpr::create(0, width), MaxFixedSizeStructureSize)); + UpdateList symbolicUpdates = UpdateList(nullptr, nullptr); + for (unsigned i = 0; i < size; i++) { + auto value = knownSymbolics->load(i); + assert(value); + if (isa(value)) { + values->store(i, cast(value)); + } else { + symbolicUpdates.extend(ConstantExpr::create(i, Expr::Int32), value); + } + } + auto array = + Array::create(sizeExpr, SourceBuilder::constant(values->clone()), + Expr::Int32, width); + updates = UpdateList(array, symbolicUpdates.head); + knownSymbolics->reset(nullptr); + unflushedMask->reset(); + } + } + + if (!updates.root) { + auto array = Array::create( + size, + SourceBuilder::constant(constructStorage( + size, ConstantExpr::create(0, width), MaxFixedSizeStructureSize)), + Expr::Int32, width); + updates = UpdateList(array, updates.head); + } + + assert(updates.root); + + return updates; +} + +void ObjectStage::initializeToZero() { + auto array = Array::create( + size, + SourceBuilder::constant(constructStorage( + size, ConstantExpr::create(0, width), MaxFixedSizeStructureSize)), + Expr::Int32, width); + updates = UpdateList(array, nullptr); + knownSymbolics->reset(); + unflushedMask->reset(); +} + +void ObjectStage::flushForRead() const { + for (const auto &unflushed : unflushedMask->storage()) { + auto offset = unflushed.first; + auto value = knownSymbolics->load(offset); + assert(value); + updates.extend(ConstantExpr::create(offset, Expr::Int32), value); + } + unflushedMask->reset(false); +} + +void ObjectStage::flushForWrite() { + flushForRead(); + // The write is symbolic offset and might overwrite any byte + knownSymbolics->reset(nullptr); +} + +/***/ + +ref ObjectStage::readWidth(unsigned offset) const { + if (auto byte = knownSymbolics->load(offset)) { + return byte; + } else { + assert(!unflushedMask->load(offset) && + "unflushed byte without cache value"); + return ReadExpr::create( + getUpdates(), ConstantExpr::create(offset, Expr::Int32), safeRead); + } +} + +ref ObjectStage::readWidth(ref offset) const { + assert(!isa(offset) && + "constant offset passed to symbolic read8"); + flushForRead(); + + return ReadExpr::create(getUpdates(), ZExtExpr::create(offset, Expr::Int32), + safeRead); +} + +void ObjectStage::writeWidth(unsigned offset, uint64_t value) { + auto byte = knownSymbolics->load(offset); + if (byte) { + auto ce = dyn_cast(byte); + if (ce && ce->getZExtValue(width) == value) { + return; + } + } + knownSymbolics->store(offset, ConstantExpr::create(value, width)); + unflushedMask->store(offset, true); +} + +void ObjectStage::writeWidth(unsigned offset, ref value) { + // can happen when ExtractExpr special cases + if (ConstantExpr *CE = dyn_cast(value)) { + writeWidth(offset, CE->getZExtValue(width)); + } else { + auto byte = knownSymbolics->load(offset); + if (byte && byte == value) { + return; + } + knownSymbolics->store(offset, value); + unflushedMask->store(offset, true); + } +} + +void ObjectStage::writeWidth(ref offset, ref value) { + assert(!isa(offset) && + "constant offset passed to symbolic write8"); + + if (knownSymbolics->defaultV() && knownSymbolics->defaultV() == value && + knownSymbolics->storage().size() == 0 && updates.getSize() == 0) { + return; + } + + flushForWrite(); + + updates.extend(ZExtExpr::create(offset, Expr::Int32), value); +} + +void ObjectStage::write(const ObjectStage &os) { + auto constSize = dyn_cast(size); + auto osConstSize = dyn_cast(os.size); + if (constSize || osConstSize) { + size_t bound = 0; + if (osConstSize && constSize) { + bound = std::min(constSize->getZExtValue(), osConstSize->getZExtValue()); + } else if (constSize) { + bound = constSize->getZExtValue(); + } else { + bound = osConstSize->getZExtValue(); + } + for (size_t i = 0; i < bound; ++i) { + knownSymbolics->store(i, os.knownSymbolics->load(i)); + unflushedMask->store(i, os.unflushedMask->load(i)); + } + } else { + knownSymbolics.reset(os.knownSymbolics->clone()); + unflushedMask.reset(os.unflushedMask->clone()); + } + updates = UpdateList(updates.root, os.updates.head); +} + +/***/ + +void ObjectStage::print() const { + llvm::errs() << "-- ObjectStage --\n"; llvm::errs() << "\tRoot Object: " << updates.root << "\n"; - llvm::errs() << "\tSize: " << object->size << "\n"; + llvm::errs() << "\tSize: " << size << "\n"; llvm::errs() << "\tBytes:\n"; - for (unsigned i = 0; i < object->size; i++) { - llvm::errs() << "\t\t[" << i << "]" - << " known? " << !knownSymbolics.load(i).isNull() - << " unflushed? " << unflushedMask.load(i) << " = "; - ref e = read8(i); - llvm::errs() << e << "\n"; + + for (auto [index, value] : knownSymbolics->storage()) { + llvm::errs() << "\t\t[" << index << "]"; + llvm::errs() << value << "\n"; } llvm::errs() << "\tUpdates:\n"; @@ -389,10 +721,3 @@ void ObjectState::print() const { llvm::errs() << "\t\t[" << un->index << "] = " << un->value << "\n"; } } - -KType *ObjectState::getDynamicType() const { return dynamicType; } - -bool ObjectState::isAccessableFrom(KType *accessingType) const { - return !UseTypeBasedAliasAnalysis || - dynamicType->isAccessableFrom(accessingType); -} diff --git a/lib/Core/Memory.h b/lib/Core/Memory.h index 9986f22a7c..80127c399a 100644 --- a/lib/Core/Memory.h +++ b/lib/Core/Memory.h @@ -27,7 +27,10 @@ DISABLE_WARNING_DEPRECATED_DECLARATIONS #include "llvm/ADT/StringExtras.h" DISABLE_WARNING_POP +#include #include +#include +#include #include #include @@ -37,7 +40,6 @@ class Value; namespace klee { -class ArrayCache; class BitArray; class ExecutionState; class KType; @@ -47,6 +49,7 @@ class Solver; typedef uint64_t IDType; extern llvm::cl::opt UseTypeBasedAliasAnalysis; +extern llvm::cl::opt MaxFixedSizeStructureSize; class MemoryObject { friend class STPBuilder; @@ -68,13 +71,14 @@ class MemoryObject { IDType id; mutable unsigned timestamp; - uint64_t address; ref addressExpr; + std::optional address; /// size in bytes - unsigned size; ref sizeExpr; + ref conditionExpr; + uint64_t alignment; mutable std::string name; @@ -87,6 +91,8 @@ class MemoryObject { bool isUserSpecified; MemoryManager *parent; + KType *type; + const Array *content; /// "Location" for which this memory object was allocated. This /// should be either the allocating instruction or the global object @@ -100,27 +106,34 @@ class MemoryObject { public: // XXX this is just a temp hack, should be removed explicit MemoryObject(uint64_t _address) - : id(0), timestamp(0), address(_address), addressExpr(nullptr), size(0), - sizeExpr(nullptr), alignment(0), isFixed(true), - isLazyInitialized(false), parent(NULL), allocSite(0) {} + : id(0), timestamp(0), addressExpr(Expr::createPointer(_address)), + address(_address), sizeExpr(Expr::createPointer(0)), + conditionExpr(Expr::createTrue()), alignment(0), isFixed(true), + isLazyInitialized(false), parent(nullptr), type(nullptr), + content(nullptr), allocSite(nullptr) {} MemoryObject( - uint64_t _address, unsigned _size, uint64_t alignment, bool _isLocal, + ref _address, ref _size, uint64_t alignment, bool _isLocal, bool _isGlobal, bool _isFixed, bool _isLazyInitialized, - ref _allocSite, MemoryManager *_parent, - ref _addressExpr = nullptr, ref _sizeExpr = nullptr, - unsigned _timestamp = 0 /* unused if _isLazyInitialized is false*/) - : id(counter++), timestamp(_timestamp), address(_address), - addressExpr(_addressExpr), size(_size), sizeExpr(_sizeExpr), - alignment(alignment), name("unnamed"), isLocal(_isLocal), - isGlobal(_isGlobal), isFixed(_isFixed), - isLazyInitialized(_isLazyInitialized), isUserSpecified(false), - parent(_parent), allocSite(_allocSite) { + ref _allocSite, MemoryManager *_parent, KType *_type, + ref _condition = Expr::createTrue(), + unsigned _timestamp = 0 /* unused if _isLazyInitialized is false*/, + const Array *_content = + nullptr /* unused if _isLazyInitialized is false*/) + : id(counter++), timestamp(_timestamp), addressExpr(_address), + sizeExpr(_size), conditionExpr(_condition), alignment(alignment), + name("unnamed"), isLocal(_isLocal), isGlobal(_isGlobal), + isFixed(_isFixed), isLazyInitialized(_isLazyInitialized), + isUserSpecified(false), parent(_parent), type(_type), content(_content), + allocSite(_allocSite) { if (isLazyInitialized) { timestamp = _timestamp; } else { timestamp = time++; } + if (auto constAddress = dyn_cast(_address)) { + address = constAddress->getZExtValue(); + } } ~MemoryObject(); @@ -133,29 +146,14 @@ class MemoryObject { void updateTimestamp() const { this->timestamp = time++; } bool hasSymbolicSize() const { return !isa(getSizeExpr()); } - ref getBaseConstantExpr() const { - return ConstantExpr::create(address, Context::get().getPointerWidth()); - } - ref getBaseExpr() const { - if (addressExpr) { - return addressExpr; - } - return getBaseConstantExpr(); - } - ref getSizeExpr() const { - if (sizeExpr) { - return sizeExpr; - } - return Expr::createPointer(size); - } + ref getBaseExpr() const { return addressExpr; } + ref getSizeExpr() const { return sizeExpr; } + ref getConditionExpr() const { return conditionExpr; } ref getOffsetExpr(ref pointer) const { return SubExpr::create(pointer, getBaseExpr()); } - ref getBoundsCheckPointer(ref pointer) const { - return getBoundsCheckOffset(getOffsetExpr(pointer)); - } - ref getBoundsCheckPointer(ref pointer, unsigned bytes) const { - return getBoundsCheckOffset(getOffsetExpr(pointer), bytes); + ref getOffsetExpr(ref pointer) const { + return SubExpr::create(pointer->getValue(), getBaseExpr()); } ref getBoundsCheckOffset(ref offset) const { @@ -176,22 +174,47 @@ class MemoryObject { return SelectExpr::create(offsetSizeCheck, trueExpr, Expr::createFalse()); } + ref getBoundsCheckAddress(ref address) const { + return getBoundsCheckOffset(getOffsetExpr(address)); + } + ref getBoundsCheckAddress(ref address, unsigned bytes) const { + return getBoundsCheckOffset(getOffsetExpr(address), bytes); + } + ref getBaseCheck(ref base) const { + return EqExpr::create(base, getBaseExpr()); + } + + ref getBoundsCheckPointer(ref pointer) const { + ref condition = getBaseCheck(pointer->getBase()); + condition = + AndExpr::create(condition, getBoundsCheckAddress(pointer->getValue())); + return condition; + } + ref getBoundsCheckPointer(ref pointer, + unsigned bytes) const { + ref condition = getBaseCheck(pointer->getBase()); + condition = AndExpr::create( + condition, getBoundsCheckAddress(pointer->getValue(), bytes)); + return condition; + } + /// Compare this object with memory object b. /// \param b memory object to compare with /// \return <0 if this is smaller, 0 if both are equal, >0 if b is smaller int compare(const MemoryObject &b) const { // Short-cut with id - if (id == b.id) + if (id == b.id) { return 0; - if (address != b.address) - return (address < b.address ? -1 : 1); - - if (size != b.size) - return (size < b.size ? -1 : 1); - - if (allocSite->source != b.allocSite->source) + } + if (addressExpr != b.addressExpr) { + return (addressExpr < b.addressExpr ? -1 : 1); + } + if (sizeExpr != b.sizeExpr) { + return (sizeExpr < b.sizeExpr ? -1 : 1); + } + if (allocSite->source != b.allocSite->source) { return (allocSite->source < b.allocSite->source ? -1 : 1); - + } assert(isLazyInitialized == b.isLazyInitialized); return 0; } @@ -199,6 +222,60 @@ class MemoryObject { bool equals(const MemoryObject &b) const { return compare(b) == 0; } }; +class ObjectStage { +private: + using storage_ty = SparseStorage, OptionalRefEq>; + using bool_storage_ty = SparseStorage; + /// knownSymbolics[byte] holds the expression for byte, + /// if byte is known + mutable std::unique_ptr knownSymbolics; + + /// unflushedMask[byte] is set if byte is unflushed + /// mutable because may need flushed during read of const + mutable std::unique_ptr unflushedMask; + + // mutable because we may need flush during read of const + mutable UpdateList updates; + + ref size; + bool safeRead; + Expr::Width width; + +public: + ObjectStage(const Array *array, ref defaultValue, bool safe = true, + Expr::Width width = Expr::Int8); + ObjectStage(ref size, ref defaultValue, bool safe = true, + Expr::Width width = Expr::Int8); + + ObjectStage(const ObjectStage &os); + ~ObjectStage() = default; + + ref readWidth(unsigned offset) const; + ref readWidth(ref offset) const; + void writeWidth(unsigned offset, ref value); + void writeWidth(ref offset, ref value); + void write(const ObjectStage &os); + + void write(unsigned offset, ref value); + void write(ref offset, ref value); + + void writeWidth(unsigned offset, uint64_t value); + void print() const; + + size_t getSparseStorageEntries() { + return knownSymbolics->storage().size() + unflushedMask->storage().size(); + } + void initializeToZero(); + +private: + const UpdateList &getUpdates() const; + + void makeConcrete(); + + void flushForRead() const; + void flushForWrite(); +}; + class ObjectState { private: friend class AddressSpace; @@ -212,16 +289,8 @@ class ObjectState { ref object; - /// knownSymbolics[byte] holds the expression for byte, - /// if byte is known - mutable SparseStorage, OptionalRefEq> knownSymbolics; - - /// unflushedMask[byte] is set if byte is unflushed - /// mutable because may need flushed during read of const - mutable SparseStorage unflushedMask; - - // mutable because we may need flush during read of const - mutable UpdateList updates; + ObjectStage valueOS; + ObjectStage baseOS; ref lastUpdate; @@ -231,8 +300,8 @@ class ObjectState { public: bool readOnly; + bool wasWritten = false; -public: /// Create a new object state for the given memory // For objects in memory ObjectState(const MemoryObject *mo, const Array *array, KType *dt); @@ -246,9 +315,10 @@ class ObjectState { const MemoryObject *getObject() const { return object.get(); } void setReadOnly(bool ro) { readOnly = ro; } + void initializeToZero(); size_t getSparseStorageEntries() { - return knownSymbolics.storage().size() + unflushedMask.storage().size(); + return valueOS.getSparseStorageEntries() + baseOS.getSparseStorageEntries(); } void swapObjectHack(MemoryObject *mo) { object = mo; } @@ -256,6 +326,12 @@ class ObjectState { ref read(ref offset, Expr::Width width) const; ref read(unsigned offset, Expr::Width width) const; ref read8(unsigned offset) const; + ref readValue(ref offset, Expr::Width width) const; + ref readBase(ref offset, Expr::Width width) const; + ref readValue(unsigned offset, Expr::Width width) const; + ref readBase(unsigned offset, Expr::Width width) const; + ref readValue8(unsigned offset) const; + ref readBase8(unsigned offset) const; void write(unsigned offset, ref value); void write(ref offset, ref value); @@ -272,18 +348,11 @@ class ObjectState { KType *getDynamicType() const; private: - const UpdateList &getUpdates() const; - - void makeConcrete(); - ref read8(ref offset) const; + ref readValue8(ref offset) const; + ref readBase8(ref offset) const; void write8(unsigned offset, ref value); void write8(ref offset, ref value); - - void flushForRead() const; - void flushForWrite(); - - ArrayCache *getArrayCache() const; }; } // namespace klee diff --git a/lib/Core/MemoryManager.cpp b/lib/Core/MemoryManager.cpp index 4fb40e33ea..61f416e1b3 100644 --- a/lib/Core/MemoryManager.cpp +++ b/lib/Core/MemoryManager.cpp @@ -8,7 +8,6 @@ //===----------------------------------------------------------------------===// #include "MemoryManager.h" -#include "AddressManager.h" #include "CoreStats.h" #include "ExecutionState.h" @@ -73,17 +72,17 @@ llvm::cl::opt DeterministicStartAddress( llvm::cl::init(0x7ff30000000), llvm::cl::cat(MemoryCat)); } // namespace -llvm::cl::opt MaxConstantAllocationSize( - "max-constant-alloc", +llvm::cl::opt MaxConstantAllocationSize( + "max-constant-size-alloc", llvm::cl::desc( "Maximum available size for single allocation (default 10Mb)"), llvm::cl::init(10ll << 20), llvm::cl::cat(MemoryCat)); -llvm::cl::opt MaxSymbolicAllocationSize( - "max-sym-alloc", +llvm::cl::opt MaxSymbolicAllocationSize( + "max-sym-size-alloc", llvm::cl::desc( "Maximum available size for single allocation (default 10Mb)"), - llvm::cl::init(10ll << 20), llvm::cl::cat(MemoryCat)); + llvm::cl::init(10ll << 10), llvm::cl::cat(MemoryCat)); llvm::cl::opt UseSymbolicSizeAllocation( "use-sym-size-alloc", @@ -91,8 +90,8 @@ llvm::cl::opt UseSymbolicSizeAllocation( llvm::cl::init(false), llvm::cl::cat(MemoryCat)); /***/ -MemoryManager::MemoryManager(ArrayCache *_arrayCache) - : arrayCache(_arrayCache), deterministicSpace(0), nextFreeSlot(0), +MemoryManager::MemoryManager() + : deterministicSpace(0), nextFreeSlot(0), spaceSize(DeterministicAllocationSize.getValue() * 1024 * 1024) { if (DeterministicAllocation) { // Page boundary @@ -118,8 +117,12 @@ MemoryManager::MemoryManager(ArrayCache *_arrayCache) MemoryManager::~MemoryManager() { while (!objects.empty()) { MemoryObject *mo = *objects.begin(); - if (!mo->isFixed && !DeterministicAllocation) - free((void *)mo->address); + if (!mo->isFixed && !DeterministicAllocation) { + if (ref arrayConstantAddress = + dyn_cast(mo->getBaseExpr())) { + free((void *)arrayConstantAddress->getZExtValue()); + } + } objects.erase(mo); delete mo; } @@ -128,21 +131,26 @@ MemoryManager::~MemoryManager() { munmap(deterministicSpace, spaceSize); } -MemoryObject *MemoryManager::allocate(uint64_t size, bool isLocal, - bool isGlobal, bool isLazyInitialiazed, +MemoryObject *MemoryManager::allocate(ref size, bool isLocal, + bool isGlobal, bool isLazyInitialized, ref allocSite, - size_t alignment, ref addressExpr, - ref sizeExpr, unsigned timestamp, - IDType id) { - if (size > MaxConstantAllocationSize) { - klee_warning_once( - 0, "Large alloc: %" PRIu64 " bytes. KLEE models out of memory.", size); - return 0; - } + size_t alignment, KType *type, + ref conditionExpr, + ref addressExpr, unsigned timestamp, + const Array *content) { + if (ref sizeExpr = dyn_cast(size)) { + auto moSize = sizeExpr->getZExtValue(); + if (moSize > MaxConstantAllocationSize) { + klee_warning_once( + 0, "Large alloc: %" PRIu64 " bytes. KLEE models out of memory.", + moSize); + return 0; + } - // Return NULL if size is zero, this is equal to error during allocation - if (NullOnZeroMalloc && size == 0) - return 0; + // Return NULL if size is zero, this is equal to error during allocation + if (NullOnZeroMalloc && moSize == 0) + return 0; + } if (!llvm::isPowerOf2_64(alignment)) { klee_warning("Only alignment of power of two is supported"); @@ -150,64 +158,81 @@ MemoryObject *MemoryManager::allocate(uint64_t size, bool isLocal, } uint64_t address = 0; - if (DeterministicAllocation) { - address = llvm::alignTo((uint64_t)nextFreeSlot + alignment - 1, alignment); - - // Handle the case of 0-sized allocations as 1-byte allocations. - // This way, we make sure we have this allocation between its own red zones - size_t alloc_size = std::max(size, (uint64_t)1); - if ((char *)address + alloc_size < deterministicSpace + spaceSize) { - nextFreeSlot = (char *)address + alloc_size + RedzoneSize; - } else { - klee_warning_once(0, - "Couldn't allocate %" PRIu64 - " bytes. Not enough deterministic space left.", - size); - address = 0; - } - } else { - // Use malloc for the standard case - if (alignment <= 8) - address = (uint64_t)malloc(size); - else { - int res = posix_memalign((void **)&address, alignment, size); - if (res < 0) { - klee_warning("Allocating aligned memory failed."); + if (!addressExpr) { + ref sizeExpr = dyn_cast(size); + assert(sizeExpr); + auto moSize = sizeExpr->getZExtValue(); + if (DeterministicAllocation) { + address = + llvm::alignTo((uint64_t)nextFreeSlot + alignment - 1, alignment); + + // Handle the case of 0-sized allocations as 1-byte allocations. + // This way, we make sure we have this allocation between its own red + // zones + size_t alloc_size = std::max(moSize, (uint64_t)1); + if ((char *)address + alloc_size < deterministicSpace + spaceSize) { + nextFreeSlot = (char *)address + alloc_size + RedzoneSize; + } else { + klee_warning_once(0, + "Couldn't allocate %" PRIu64 + " bytes. Not enough deterministic space left.", + moSize); address = 0; } + } else { + // Use malloc for the standard case + if (alignment <= 8) + address = (uint64_t)malloc(moSize); + else { + int res = posix_memalign((void **)&address, alignment, moSize); + if (res < 0) { + klee_warning("Allocating aligned memory failed."); + address = 0; + } + } } + + if (!address) + return 0; + addressExpr = Expr::createPointer(address); } - if (!address) - return 0; + MemoryObject *res = nullptr; ++stats::allocations; - MemoryObject *res = new MemoryObject( - address, size, alignment, isLocal, isGlobal, false, isLazyInitialiazed, - allocSite, this, addressExpr, sizeExpr, timestamp); - if (id) { - res->id = id; - } - allocatedSizes[res->id][size] = res; + res = new MemoryObject(addressExpr, size, alignment, isLocal, isGlobal, false, + isLazyInitialized, allocSite, this, type, + conditionExpr, timestamp, content); objects.insert(res); return res; } MemoryObject *MemoryManager::allocateFixed(uint64_t address, uint64_t size, - ref allocSite) { + ref allocSite, + KType *type) { #ifndef NDEBUG for (objects_ty::iterator it = objects.begin(), ie = objects.end(); it != ie; ++it) { MemoryObject *mo = *it; - if (address + size > mo->address && address < mo->address + mo->size) - klee_error("Trying to allocate an overlapping object"); + if (ref addressExpr = + dyn_cast(mo->getBaseExpr())) { + if (ref sizeExpr = + dyn_cast(mo->getSizeExpr())) { + auto moAddress = addressExpr->getZExtValue(); + auto moSize = sizeExpr->getZExtValue(); + if (address + size > moAddress && address < moAddress + moSize) + klee_error("Trying to allocate an overlapping object"); + } + } } #endif ++stats::allocations; - MemoryObject *res = new MemoryObject(address, size, 8, false, true, true, - false, allocSite, this); + ref addressExpr = Expr::createPointer(address); + MemoryObject *res = + new MemoryObject(addressExpr, Expr::createPointer(size), 8, false, true, + true, false, allocSite, this, type); objects.insert(res); return res; } @@ -216,21 +241,16 @@ void MemoryManager::deallocate(const MemoryObject *mo) { assert(0); } void MemoryManager::markFreed(MemoryObject *mo) { if (objects.find(mo) != objects.end()) { - allocatedSizes[mo->id].erase(mo->size); - if (allocatedSizes[mo->id].empty()) { - am->bindingsAdressesToObjects.erase(mo->getBaseExpr()); + if (!mo->isFixed && !DeterministicAllocation) { + if (ref arrayConstantAddress = + dyn_cast(mo->getBaseExpr())) { + free((void *)arrayConstantAddress->getZExtValue()); + } } - if (!mo->isFixed && !DeterministicAllocation) - free((void *)mo->address); objects.erase(mo); } } -const std::map & -MemoryManager::getAllocatedObjects(IDType idObject) { - return allocatedSizes[idObject]; -} - size_t MemoryManager::getUsedDeterministicSize() { return nextFreeSlot - deterministicSpace; } diff --git a/lib/Core/MemoryManager.h b/lib/Core/MemoryManager.h index 98b5045fd4..8c9a6424b0 100644 --- a/lib/Core/MemoryManager.h +++ b/lib/Core/MemoryManager.h @@ -14,57 +14,47 @@ #include #include -#include #include -#include namespace llvm { class Value; } namespace klee { +class KType; class MemoryObject; -class ArrayCache; -class AddressManager; struct CodeLocation; typedef uint64_t IDType; class MemoryManager { - friend class AddressManager; - private: typedef std::set objects_ty; objects_ty objects; - std::unordered_map> allocatedSizes; - - ArrayCache *const arrayCache; char *deterministicSpace; char *nextFreeSlot; size_t spaceSize; public: - AddressManager *am; - MemoryManager(ArrayCache *arrayCache); + MemoryManager(); ~MemoryManager(); /** * Returns memory object which contains a handle to real virtual process * memory. */ - MemoryObject *allocate(uint64_t size, bool isLocal, bool isGlobal, + MemoryObject *allocate(ref size, bool isLocal, bool isGlobal, bool isLazyInitialiazed, ref allocSite, - size_t alignment, ref addressExpr = ref(), - ref sizeExpr = ref(), - unsigned timestamp = 0, IDType id = 0); + size_t alignment, KType *type, + ref conditionExpr = Expr::createTrue(), + ref addressExpr = ref(), + unsigned timestamp = 0, + const Array *content = nullptr); MemoryObject *allocateFixed(uint64_t address, uint64_t size, - ref allocSite); + ref allocSite, KType *type); void deallocate(const MemoryObject *mo); void markFreed(MemoryObject *mo); - ArrayCache *getArrayCache() const { return arrayCache; } - const std::map & - getAllocatedObjects(IDType idObject); /* * Returns the size used by deterministic allocation in bytes */ diff --git a/lib/Core/Searcher.cpp b/lib/Core/Searcher.cpp index c26df5ec21..1bfdb2620d 100644 --- a/lib/Core/Searcher.cpp +++ b/lib/Core/Searcher.cpp @@ -159,16 +159,19 @@ void TargetedSearcher::update( // update current if (current && std::find(removedStates.begin(), removedStates.end(), - current) == removedStates.end()) + current) == removedStates.end()) { states->update(current, getWeight(current)); + } // insert states - for (const auto state : addedStates) + for (const auto state : addedStates) { states->insert(state, getWeight(state)); + } // remove states - for (const auto state : removedStates) + for (const auto state : removedStates) { states->remove(state); + } } weight_type TargetedSearcher::getWeight(ExecutionState *es) { @@ -195,7 +198,7 @@ ExecutionState &GuidedSearcher::selectState() { unsigned size = historiesAndTargets.size(); interleave ^= 1; ExecutionState *state = nullptr; - if (interleave || !size) { + if (interleave || size == 0) { state = &baseSearcher->selectState(); } else { index = theRNG.getInt32() % size; @@ -781,3 +784,145 @@ void InterleavedSearcher::printName(llvm::raw_ostream &os) { searcher->printName(os); os << "\n"; } + +// + +ExecutionState &DiscreteTimeFairSearcher::selectState() { + if (searchers.find(std::nullopt) != searchers.end()) { + return searchers.at(std::nullopt)->selectState(); + } + + if (!currentQuant || searchers.find(currentFunction) == searchers.end()) { + unsigned size = functions.size(); + currentFunction = functions[theRNG.getInt32() % size]; + currentQuant = selectQuant; + } else { + --currentQuant; + } + + auto &function = currentFunction; + assert(searchers.find(function) != searchers.end() && + searchers.at(function) && !searchers.at(function)->empty()); + return searchers.at(function)->selectState(); +} + +void DiscreteTimeFairSearcher::update( + ExecutionState *current, const std::vector &addedStates, + const std::vector &removedStates) { + if (current) { + if (current && (std::find(removedStates.begin(), removedStates.end(), + current) == removedStates.end())) { + localStates.insert(current); + } + for (const auto state : removedStates) { + if (std::find(addedStates.begin(), addedStates.end(), state) == + addedStates.end()) { + localStates.insert(state); + } + } + update(localStates); + localStates.clear(); + } + + if (current) { + auto function = current->multiplexKF + ? std::optional(current->multiplexKF) + : std::nullopt; + localFunction.insert(function); + currFunction.insert(function); + statesToFunction[current] = function; + } + + for (const auto state : addedStates) { + auto function = state->multiplexKF + ? std::optional(state->multiplexKF) + : std::nullopt; + localFunction.insert(function); + addedKStates[function].push_back(state); + statesToFunction[state] = function; + } + + for (const auto state : removedStates) { + auto function = state->multiplexKF + ? std::optional(state->multiplexKF) + : std::nullopt; + localFunction.insert(function); + removedKStates[function].push_back(state); + statesToFunction.erase(state); + } + + for (auto function : localFunction) { + + ExecutionState *currTState = + currFunction.count(function) != 0 ? current : nullptr; + + if (!isThereKFunction(function)) { + addKFunction(function); + } + + searchers.at(function)->update(currTState, addedKStates[function], + removedKStates[function]); + addedKStates.at(function).clear(); + removedKStates.at(function).clear(); + if (searchers.at(function)->empty()) { + removeKFunction(function); + } + } + localFunction.clear(); + currFunction.clear(); +} + +void DiscreteTimeFairSearcher::update(const states_ty &states) { + for (const auto &state : states) { + auto function = state->multiplexKF + ? std::optional(state->multiplexKF) + : std::nullopt; + if (function != statesToFunction.at(state)) { + addedKStates[function].push_back(state); + removedKStates[function]; + addedKStates[statesToFunction[state]]; + removedKStates[statesToFunction[state]].push_back(state); + localFunction.insert(function); + localFunction.insert(statesToFunction[state]); + } + } + + for (auto function : localFunction) { + if (!isThereKFunction(function)) { + addKFunction(function); + } + + searchers.at(function)->update(nullptr, addedKStates.at(function), + removedKStates.at(function)); + addedKStates.at(function).clear(); + removedKStates.at(function).clear(); + if (searchers.at(function)->empty()) { + removeKFunction(function); + } + } + localFunction.clear(); +} + +bool DiscreteTimeFairSearcher::isThereKFunction(std::optional kf) { + return searchers.count(kf) != 0; +} + +void DiscreteTimeFairSearcher::addKFunction(std::optional kf) { + assert(searchers.count(kf) == 0); + searchers[kf] = std::unique_ptr(constructor()); + assert(std::find(functions.begin(), functions.end(), kf) == functions.end()); + functions.push_back(kf); +} + +void DiscreteTimeFairSearcher::removeKFunction(std::optional kf) { + searchers.erase(kf); + auto it = std::find(functions.begin(), functions.end(), kf); + assert(it != functions.end()); + functions.erase(it); +} + +bool DiscreteTimeFairSearcher::empty() { return functions.empty(); } + +void DiscreteTimeFairSearcher::printName(llvm::raw_ostream &os) { + os << "DiscreteTimeFairSearcher\n"; +} diff --git a/lib/Core/Searcher.h b/lib/Core/Searcher.h index b2247cf10f..ee1bc18690 100644 --- a/lib/Core/Searcher.h +++ b/lib/Core/Searcher.h @@ -165,7 +165,8 @@ class GuidedSearcher final : public Searcher { std::unique_ptr, TargetHistoryTargetHash, TargetHistoryTargetCmp>; using TargetForestHisoryTargetVector = std::vector; - using TargetForestHistoryTargetSet = + using TargetForestHistoryTargetSet = std::set; + using TargetForestHistoryTargetHashSet = std::unordered_set; @@ -186,7 +187,7 @@ class GuidedSearcher final : public Searcher { TargetHashSet removedTargets; TargetHashSet addedTargets; - TargetForestHistoryTargetSet currTargets; + TargetForestHistoryTargetHashSet currTargets; TargetForestHisoryTargetVector historiesAndTargets; bool isThereTarget(ref history, ref target); @@ -374,6 +375,56 @@ class InterleavedSearcher final : public Searcher { void printName(llvm::raw_ostream &os) override; }; +class DiscreteTimeFairSearcher final : public Searcher { +public: + using BaseSearcherConstructor = std::function; + +private: + using KFunctionToSearcherMap = + std::unordered_map, std::unique_ptr>; + using KFunctionVector = std::vector>; + using KFunctionSet = std::set>; + using StatesVector = std::vector; + using KFunctionStatesMap = + std::unordered_map, StatesVector>; + using StateKFunctionMap = + std::unordered_map>; + + BaseSearcherConstructor constructor; + KFunctionToSearcherMap searchers; + RNG &theRNG; + std::optional currentFunction; + const unsigned selectQuant; + unsigned currentQuant{1}; + + KFunctionStatesMap addedKStates; + KFunctionStatesMap removedKStates; + states_ty localStates; + StateKFunctionMap statesToFunction; + + KFunctionSet localFunction; + KFunctionSet currFunction; + + KFunctionVector functions; + bool isThereKFunction(std::optional kf); + void addKFunction(std::optional kf); + void removeKFunction(std::optional kf); + +public: + DiscreteTimeFairSearcher(BaseSearcherConstructor constructor, RNG &rng, + unsigned selectQuant) + : constructor(constructor), theRNG(rng), selectQuant(selectQuant), + currentQuant(selectQuant) {} + ~DiscreteTimeFairSearcher() override = default; + ExecutionState &selectState() override; + void update(ExecutionState *current, + const std::vector &addedStates, + const std::vector &removedStates) override; + void update(const states_ty &states); + + bool empty() override; + void printName(llvm::raw_ostream &os) override; +}; } // namespace klee #endif /* KLEE_SEARCHER_H */ diff --git a/lib/Core/SeedInfo.cpp b/lib/Core/SeedInfo.cpp index bea2a646a8..efd2df7617 100644 --- a/lib/Core/SeedInfo.cpp +++ b/lib/Core/SeedInfo.cpp @@ -40,11 +40,15 @@ KTestObject *SeedInfo::getNextInput(const MemoryObject *mo, bool byName) { break; if (i < input->numObjects) { KTestObject *obj = &input->objects[i]; - if (obj->numBytes == mo->size) { - used.insert(obj); - klee_warning_once(mo, "using seed input %s[%d] for: %s (no name match)", - obj->name, obj->numBytes, mo->name.c_str()); - return obj; + if (ref sizeExpr = + dyn_cast(mo->getSizeExpr())) { + if (obj->numBytes == sizeExpr->getZExtValue()) { + used.insert(obj); + klee_warning_once(mo, + "using seed input %s[%d] for: %s (no name match)", + obj->name, obj->numBytes, mo->name.c_str()); + return obj; + } } } @@ -62,7 +66,7 @@ KTestObject *SeedInfo::getNextInput(const MemoryObject *mo, bool byName) { void SeedInfo::patchSeed(const ExecutionState &state, ref condition, TimingSolver *solver) { ConstraintSet required = state.constraints.cs(); - required.addConstraint(condition, {}); + required.addConstraint(condition); // Try and patch direct reads first, this is likely to resolve the // problem quickly and avoids long traversal of all seed @@ -110,12 +114,10 @@ void SeedInfo::patchSeed(const ExecutionState &state, ref condition, auto s = it2->second; s.store(i, value->getZExtValue(8)); assignment.bindings.replace({it2->first, s}); - required.addConstraint( - EqExpr::create( - read, ConstantExpr::alloc(it2->second.load(i), Expr::Int8)), - {}); + required.addConstraint(EqExpr::create( + read, ConstantExpr::alloc(it2->second.load(i), Expr::Int8))); } else { - required.addConstraint(isSeed, {}); + required.addConstraint(isSeed); } } } @@ -135,8 +137,8 @@ void SeedInfo::patchSeed(const ExecutionState &state, ref condition, ie = assignment.bindings.end(); it != ie; ++it) { const Array *array = it->first; - ref arrayConstantSize = cast( - state.constraints.cs().concretization().evaluate(array->size)); + ref arrayConstantSize = + cast(assignment.evaluate(array->size)); for (unsigned i = 0; i < arrayConstantSize->getZExtValue(); ++i) { ref read = ReadExpr::create(UpdateList(array, 0), ConstantExpr::alloc(i, Expr::Int32)); @@ -156,12 +158,10 @@ void SeedInfo::patchSeed(const ExecutionState &state, ref condition, auto s = it->second; s.store(i, value->getZExtValue(8)); assignment.bindings.replace({it->first, s}); - required.addConstraint( - EqExpr::create(read, - ConstantExpr::alloc(it->second.load(i), Expr::Int8)), - {}); + required.addConstraint(EqExpr::create( + read, ConstantExpr::alloc(it->second.load(i), Expr::Int8))); } else { - required.addConstraint(isSeed, {}); + required.addConstraint(isSeed); } } } diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index ba762edd0b..cdbd00c84a 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -20,6 +20,7 @@ #include "TypeManager.h" #include "klee/Config/config.h" +#include "klee/Expr/Expr.h" #include "klee/Module/KInstruction.h" #include "klee/Module/KModule.h" #include "klee/Solver/SolverCmdLine.h" @@ -104,7 +105,7 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("klee_get_valuell", handleGetValue, true), add("klee_get_value_i32", handleGetValue, true), add("klee_get_value_i64", handleGetValue, true), - add("klee_define_fixed_object", handleDefineFixedObject, false), + add("klee_define_fixed_object", handleDefineFixedObject, true), add("klee_get_obj_size", handleGetObjSize, true), add("klee_get_errno", handleGetErrno, true), #ifndef __APPLE__ @@ -124,6 +125,7 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("klee_stack_trace", handleStackTrace, false), add("klee_warning", handleWarning, false), add("klee_warning_once", handleWarningOnce, false), + add("klee_dump_constraints", handleDumpConstraints, false), add("malloc", handleMalloc, true), add("memalign", handleMemalign, true), add("realloc", handleRealloc, true), @@ -287,34 +289,38 @@ bool SpecialFunctionHandler::handle(ExecutionState &state, Function *f, /****/ // reads a concrete string from memory -std::string SpecialFunctionHandler::readStringAtAddress(ExecutionState &state, - ref addressExpr) { - IDType idStringAddress; - addressExpr = executor.toUnique(state, addressExpr); - if (!isa(addressExpr)) { +std::string +SpecialFunctionHandler::readStringAtAddress(ExecutionState &state, + ref pointer) { + ObjectPair idStringAddress; + ref uniquePointer = executor.toUnique(state, pointer); + if (!isa(uniquePointer)) { executor.terminateStateOnUserError( state, "Symbolic string pointer passed to one of the klee_ functions"); return ""; } - ref address = cast(addressExpr); + ref pointerConst = + cast(uniquePointer); if (!state.addressSpace.resolveOne( - address, executor.typeSystemManager->getUnknownType(), + pointerConst, executor.typeSystemManager->getUnknownType(), idStringAddress)) { executor.terminateStateOnUserError( state, "Invalid string pointer passed to one of the klee_ functions"); return ""; } - ObjectPair op = state.addressSpace.findObject(idStringAddress); + ObjectPair op = idStringAddress; const MemoryObject *mo = op.first; const ObjectState *os = op.second; - auto relativeOffset = mo->getOffsetExpr(address); // the relativeOffset must be concrete as the address is concrete - size_t offset = cast(relativeOffset)->getZExtValue(); + size_t offset = pointerConst->getConstantOffset()->getZExtValue(); std::ostringstream buf; char c = 0; - for (size_t i = offset; i < mo->size; ++i) { + ref sizeExpr = dyn_cast(mo->getSizeExpr()); + assert(sizeExpr); + size_t moSize = sizeExpr->getZExtValue(); + for (size_t i = offset; i < moSize; ++i) { ref cur = os->read8(i); cur = executor.toUnique(state, cur); assert(isa(cur) && @@ -367,9 +373,10 @@ void SpecialFunctionHandler::handleAssert(ExecutionState &state, assert(arguments.size() == 3 && "invalid number of arguments to _assert"); executor.terminateStateOnProgramError( state, - new ErrorEvent(executor.locationOf(state), StateTerminationType::Assert, - "ASSERTION FAIL: " + - readStringAtAddress(state, arguments[0]))); + new ErrorEvent( + executor.locationOf(state), StateTerminationType::Assert, + "ASSERTION FAIL: " + + readStringAtAddress(state, executor.makePointer(arguments[0])))); } void SpecialFunctionHandler::handleAssertFail( @@ -379,9 +386,10 @@ void SpecialFunctionHandler::handleAssertFail( "invalid number of arguments to __assert_fail"); executor.terminateStateOnProgramError( state, - new ErrorEvent(executor.locationOf(state), StateTerminationType::Assert, - "ASSERTION FAIL: " + - readStringAtAddress(state, arguments[0]))); + new ErrorEvent( + executor.locationOf(state), StateTerminationType::Assert, + "ASSERTION FAIL: " + + readStringAtAddress(state, executor.makePointer(arguments[0])))); } void SpecialFunctionHandler::handleReportError( @@ -393,10 +401,11 @@ void SpecialFunctionHandler::handleReportError( // arguments[0,1,2,3] are file, line, message, suffix executor.terminateStateOnProgramError( state, - new ErrorEvent(executor.locationOf(state), - StateTerminationType::ReportError, - readStringAtAddress(state, arguments[2])), - "", readStringAtAddress(state, arguments[3]).c_str()); + new ErrorEvent( + executor.locationOf(state), StateTerminationType::ReportError, + readStringAtAddress(state, executor.makePointer(arguments[2]))), + "", + readStringAtAddress(state, executor.makePointer(arguments[3])).c_str()); } void SpecialFunctionHandler::handleNew(ExecutionState &state, @@ -417,7 +426,7 @@ void SpecialFunctionHandler::handleDelete(ExecutionState &state, // XXX should type check args assert(arguments.size() == 1 && "invalid number of arguments to delete"); - executor.executeFree(state, arguments[0]); + executor.executeFree(state, executor.makePointer(arguments[0])); } void SpecialFunctionHandler::handleNewArray(ExecutionState &state, @@ -447,7 +456,7 @@ void SpecialFunctionHandler::handleDeleteArray( std::vector> &arguments) { // XXX should type check args assert(arguments.size() == 1 && "invalid number of arguments to delete[]"); - executor.executeFree(state, arguments[0]); + executor.executeFree(state, executor.makePointer(arguments[0])); } void SpecialFunctionHandler::handleMalloc(ExecutionState &state, @@ -502,7 +511,8 @@ void SpecialFunctionHandler::handleEhUnwindRaiseExceptionImpl( assert(arguments.size() == 1 && "invalid number of arguments to _klee_eh_Unwind_RaiseException_impl"); - ref exceptionObject = dyn_cast(arguments[0]); + ref exceptionObject = + dyn_cast(executor.makePointer(arguments[0])); if (!exceptionObject.get()) { executor.terminateStateOnExecError( state, "Internal error: Symbolic exception pointer"); @@ -603,7 +613,8 @@ void SpecialFunctionHandler::handlePrintExpr( assert(arguments.size() == 2 && "invalid number of arguments to klee_print_expr"); - std::string msg_str = readStringAtAddress(state, arguments[0]); + std::string msg_str = + readStringAtAddress(state, executor.makePointer(arguments[0])); llvm::errs() << msg_str << ":" << arguments[1] << "\n"; } @@ -634,7 +645,8 @@ void SpecialFunctionHandler::handleWarning(ExecutionState &state, assert(arguments.size() == 1 && "invalid number of arguments to klee_warning"); - std::string msg_str = readStringAtAddress(state, arguments[0]); + std::string msg_str = + readStringAtAddress(state, executor.makePointer(arguments[0])); klee_warning("%s: %s", state.stack.callStack().back().kf->function()->getName().data(), msg_str.c_str()); @@ -646,20 +658,31 @@ void SpecialFunctionHandler::handleWarningOnce( assert(arguments.size() == 1 && "invalid number of arguments to klee_warning_once"); - std::string msg_str = readStringAtAddress(state, arguments[0]); + std::string msg_str = + readStringAtAddress(state, executor.makePointer(arguments[0])); klee_warning_once( 0, "%s: %s", state.stack.callStack().back().kf->function()->getName().data(), msg_str.c_str()); } +void SpecialFunctionHandler::handleDumpConstraints( + ExecutionState &state, KInstruction *target, + std::vector> &arguments) { + + assert(arguments.size() == 0 && + "invalid number of arguments to klee_warning_once"); + state.constraints.cs().dump(); +} + void SpecialFunctionHandler::handlePrintRange( ExecutionState &state, KInstruction *target, std::vector> &arguments) { assert(arguments.size() == 2 && "invalid number of arguments to klee_print_range"); - std::string msg_str = readStringAtAddress(state, arguments[0]); + std::string msg_str = + readStringAtAddress(state, executor.makePointer(arguments[0])); llvm::errs() << msg_str << ":" << arguments[1]; if (!isa(arguments[1])) { // FIXME: Pull into a unique value method? @@ -696,13 +719,8 @@ void SpecialFunctionHandler::handleGetObjSize( "klee_get_obj_size"); for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); it != ie; ++it) { - const MemoryObject *mo = - it->second->addressSpace.findObject(it->first).first; - executor.bindLocal( - target, *it->second, - ConstantExpr::create(mo->size, - executor.kmodule->targetData->getTypeSizeInBits( - target->inst()->getType()))); + const MemoryObject *mo = it->first; + executor.bindLocal(target, *it->second, mo->getSizeExpr()); } } @@ -719,20 +737,21 @@ void SpecialFunctionHandler::handleGetErrno(ExecutionState &state, #endif // Retrieve the memory object of the errno variable - IDType idErrnoObject; + ObjectPair idErrnoObject; llvm::Type *pointerErrnoAddr = llvm::PointerType::get( llvm::IntegerType::get(executor.kmodule->module->getContext(), sizeof(*errno_addr) * CHAR_BIT), executor.kmodule->targetData->getAllocaAddrSpace()); bool resolved = state.addressSpace.resolveOne( - ConstantExpr::createPointer((uint64_t)errno_addr), + ConstantPointerExpr::create(Expr::createPointer((uint64_t)errno_addr), + Expr::createPointer((uint64_t)errno_addr)), executor.typeSystemManager->getWrappedType(pointerErrnoAddr), idErrnoObject); if (!resolved) executor.terminateStateOnUserError(state, "Could not resolve address for errno"); - const ObjectState *os = state.addressSpace.findObject(idErrnoObject).second; + const ObjectState *os = idErrnoObject.second; executor.bindLocal(target, state, os->read(0, Expr::Int32)); } @@ -750,11 +769,11 @@ void SpecialFunctionHandler::handleErrnoLocation( int *errno_addr = nullptr; #endif - executor.bindLocal( - target, state, - ConstantExpr::create((uint64_t)errno_addr, - executor.kmodule->targetData->getTypeSizeInBits( - target->inst()->getType()))); + ref errnoExpr = ConstantExpr::create( + (uint64_t)errno_addr, executor.kmodule->targetData->getTypeSizeInBits( + target->inst()->getType())); + + executor.bindLocal(target, state, PointerExpr::create(errnoExpr, errnoExpr)); } void SpecialFunctionHandler::handleCalloc(ExecutionState &state, KInstruction *target, @@ -775,16 +794,21 @@ void SpecialFunctionHandler::handleRealloc(ExecutionState &state, assert(arguments.size() == 2 && "invalid number of arguments to realloc"); ref address = arguments[0]; ref size = arguments[1]; + ref addressPointer = executor.makePointer(address); Executor::StatePair zeroSize = executor.forkInternal( state, Expr::createIsZero(size), BranchType::Realloc); if (zeroSize.first) { // size == 0 - executor.executeFree(*zeroSize.first, address, target); + executor.executeFree(*zeroSize.first, + PointerExpr::create(addressPointer->getValue(), + addressPointer->getValue()), + target); } if (zeroSize.second) { // size != 0 Executor::StatePair zeroPointer = executor.forkInternal( - *zeroSize.second, Expr::createIsZero(address), BranchType::Realloc); + *zeroSize.second, Expr::createIsZero(addressPointer->getValue()), + BranchType::Realloc); if (zeroPointer.first) { // address == 0 executor.executeAlloc(*zeroPointer.first, size, false, target, @@ -800,12 +824,13 @@ void SpecialFunctionHandler::handleRealloc(ExecutionState &state, for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); it != ie; ++it) { - const ObjectState *os = - it->second->addressSpace.findObject(it->first).second; + ref os = + it->second->addressSpace.findOrLazyInitializeObject(it->first) + .second; executor.executeAlloc(*it->second, size, false, target, executor.typeSystemManager->handleRealloc( os->getDynamicType(), size), - false, os, 0, CheckOutOfMemory); + false, os.get(), 0, CheckOutOfMemory); } } } @@ -816,7 +841,7 @@ void SpecialFunctionHandler::handleFree(ExecutionState &state, std::vector> &arguments) { // XXX should type check args assert(arguments.size() == 1 && "invalid number of arguments to free"); - executor.executeFree(state, arguments[0]); + executor.executeFree(state, executor.makePointer(arguments[0])); } void SpecialFunctionHandler::handleCheckMemoryAccess( @@ -825,33 +850,34 @@ void SpecialFunctionHandler::handleCheckMemoryAccess( assert(arguments.size() == 2 && "invalid number of arguments to klee_check_memory_access"); - ref address = executor.toUnique(state, arguments[0]); - ref size = executor.toUnique(state, arguments[1]); - if (!isa(address) || !isa(size)) { + ref pointer = executor.makePointer(arguments[0]); + ref size = executor.toUnique(state, arguments[1]->getValue()); + ref uniquePointer = executor.toUnique(state, pointer); + if (!isa(uniquePointer) || !isa(size)) { executor.terminateStateOnUserError( state, "check_memory_access requires constant args"); } else { - IDType idObject; + ObjectPair idObject; if (!state.addressSpace.resolveOne( - cast(address), + cast(uniquePointer), executor.typeSystemManager->getUnknownType(), idObject)) { executor.terminateStateOnProgramError( state, new ErrorEvent(executor.locationOf(state), StateTerminationType::Ptr, "check_memory_access: memory error"), - executor.getAddressInfo(state, address)); + executor.getAddressInfo(state, pointer)); } else { - const MemoryObject *mo = state.addressSpace.findObject(idObject).first; + const MemoryObject *mo = idObject.first; ref chk = mo->getBoundsCheckPointer( - address, cast(size)->getZExtValue()); + pointer, cast(size)->getZExtValue()); if (!chk->isTrue()) { executor.terminateStateOnProgramError( state, new ErrorEvent( new AllocEvent(mo->allocSite), executor.locationOf(state), StateTerminationType::Ptr, "check_memory_access: memory error"), - executor.getAddressInfo(state, address)); + executor.getAddressInfo(state, pointer)); } } } @@ -871,18 +897,27 @@ void SpecialFunctionHandler::handleDefineFixedObject( std::vector> &arguments) { assert(arguments.size() == 2 && "invalid number of arguments to klee_define_fixed_object"); - assert(isa(arguments[0]) && + assert((isa(arguments[0]) || + isa(arguments[0])) && "expect constant address argument to klee_define_fixed_object"); assert(isa(arguments[1]) && "expect constant size argument to klee_define_fixed_object"); - uint64_t address = cast(arguments[0])->getZExtValue(); + uint64_t address = isa(arguments[0]) + ? cast(arguments[0])->getZExtValue() + : cast(arguments[0]) + ->getConstantValue() + ->getZExtValue(); uint64_t size = cast(arguments[1])->getZExtValue(); - MemoryObject *mo = - executor.memory->allocateFixed(address, size, executor.locationOf(state)); + MemoryObject *mo = executor.memory->allocateFixed( + address, size, executor.locationOf(state), + executor.typeSystemManager->getUnknownType()); executor.bindObjectInState( state, mo, executor.typeSystemManager->getUnknownType(), false); mo->isUserSpecified = true; // XXX hack; + + executor.bindLocal(target, state, + PointerExpr::create(mo->getBaseExpr(), mo->getBaseExpr())); } void SpecialFunctionHandler::handleMakeSymbolic( @@ -897,7 +932,10 @@ void SpecialFunctionHandler::handleMakeSymbolic( return; } - name = arguments[2]->isZero() ? "" : readStringAtAddress(state, arguments[2]); + ref pointer = PointerExpr::create(arguments[2]); + name = pointer->getBase()->isZero() && pointer->getValue()->isZero() + ? "" + : readStringAtAddress(state, executor.makePointer(arguments[2])); if (name.length() == 0) { name = "unnamed"; @@ -911,12 +949,13 @@ void SpecialFunctionHandler::handleMakeSymbolic( for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); it != ie; ++it) { - ObjectPair op = it->second->addressSpace.findObject(it->first); + RefObjectPair op = + it->second->addressSpace.findOrLazyInitializeObject(it->first); const MemoryObject *mo = op.first; mo->setName(name); mo->updateTimestamp(); - const ObjectState *old = op.second; + ref old = op.second; ExecutionState *s = it->second; if (old->readOnly) { @@ -964,7 +1003,9 @@ void SpecialFunctionHandler::handleMakeMock(ExecutionState &state, return; } - name = arguments[2]->isZero() ? "" : readStringAtAddress(state, arguments[2]); + name = arguments[2]->isZero() + ? "" + : readStringAtAddress(state, executor.makePointer(arguments[2])); if (name.empty()) { executor.terminateStateOnUserError( @@ -1042,8 +1083,7 @@ void SpecialFunctionHandler::handleMarkGlobal( for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); it != ie; ++it) { - const MemoryObject *mo = - it->second->addressSpace.findObject(it->first).first; + const MemoryObject *mo = it->first; assert(!mo->isLocal); mo->isGlobal = true; } diff --git a/lib/Core/SpecialFunctionHandler.h b/lib/Core/SpecialFunctionHandler.h index 6528b98c36..d6a469eca6 100644 --- a/lib/Core/SpecialFunctionHandler.h +++ b/lib/Core/SpecialFunctionHandler.h @@ -24,6 +24,7 @@ class Function; namespace klee { class Executor; class Expr; +class PointerExpr; class ExecutionState; struct KInstruction; template class ref; @@ -98,7 +99,8 @@ class SpecialFunctionHandler { /* Convenience routines */ - std::string readStringAtAddress(ExecutionState &state, ref address); + std::string readStringAtAddress(ExecutionState &state, + ref address); /* Handlers */ @@ -148,6 +150,7 @@ class SpecialFunctionHandler { HANDLER(handleUnderConstrained); HANDLER(handleWarning); HANDLER(handleWarningOnce); + HANDLER(handleDumpConstraints); HANDLER(handleTypeMismatchV1); HANDLER(handleAlignmentAssumption); HANDLER(handleAddOverflow); diff --git a/lib/Core/StatsTracker.cpp b/lib/Core/StatsTracker.cpp index c8e3f3fb19..b6320e9c81 100644 --- a/lib/Core/StatsTracker.cpp +++ b/lib/Core/StatsTracker.cpp @@ -940,8 +940,9 @@ void StatsTracker::computeReachableUncovered() { cb, /*moduleIsFullyLinked=*/true)) { callTargets[inst].push_back(target); } else { - callTargets[inst] = std::vector( - km->escapingFunctions.begin(), km->escapingFunctions.end()); + for (auto kf : km->escapingFunctions) { + callTargets[inst].push_back(kf->function()); + } } } } diff --git a/lib/Core/TargetCalculator.cpp b/lib/Core/TargetCalculator.cpp index 8ebc51a52a..61fdcef5fa 100644 --- a/lib/Core/TargetCalculator.cpp +++ b/lib/Core/TargetCalculator.cpp @@ -89,7 +89,7 @@ void TargetCalculator::update(const ExecutionState &state) { if (!fullyCoveredFunctions.count(state.prevPC->parent->parent) && coveredFunctionsInBranches.count(state.prevPC->parent->parent)) { bool covered = true; - std::set fnsTaken; + KFunctionSet fnsTaken; std::deque fns; fns.push_back(state.prevPC->parent->parent); @@ -99,18 +99,16 @@ void TargetCalculator::update(const ExecutionState &state) { for (auto &kcallBlock : currKF->kCallBlocks) { if (kcallBlock->calledFunctions.size() == 1) { auto calledFunction = *kcallBlock->calledFunctions.begin(); - KFunction *calledKFunction = state.prevPC->parent->parent->parent - ->functionMap[calledFunction]; - if (calledKFunction->numInstructions != 0 && - coveredFunctionsInBranches.count(calledKFunction) == 0 && - !getCoverageTargets(calledKFunction).empty()) { + if (calledFunction->numInstructions != 0 && + coveredFunctionsInBranches.count(calledFunction) == 0 && + !getCoverageTargets(calledFunction).empty()) { covered = false; break; } - if (!fnsTaken.count(calledKFunction) && - fullyCoveredFunctions.count(calledKFunction) == 0 && - calledKFunction->numInstructions != 0) { - fns.push_back(calledKFunction); + if (!fnsTaken.count(calledFunction) && + fullyCoveredFunctions.count(calledFunction) == 0 && + calledFunction->numInstructions != 0) { + fns.push_back(calledFunction); } } } @@ -154,7 +152,7 @@ void TargetCalculator::update(ref e) { } } -const std::map> & +const KBlockMap> & TargetCalculator::getCoverageTargets(KFunction *kf) { switch (TrackCoverage) { case TrackCoverageBy::Blocks: @@ -184,10 +182,8 @@ bool TargetCalculator::uncoveredBlockPredicate(KBlock *kblock) { cast(kblock)->calledFunctions.size() == 1) { auto calledFunction = *cast(kblock)->calledFunctions.begin(); - KFunction *calledKFunction = - kblock->parent->parent->functionMap[calledFunction]; - result = fullyCoveredFunctions.count(calledKFunction) == 0 && - calledKFunction->numInstructions; + result = fullyCoveredFunctions.count(calledFunction) == 0 && + calledFunction->numInstructions; } if (fBranches.at(kblock) != cb) { result |= kblock->basicBlock()->getTerminator()->getNumSuccessors() > @@ -214,7 +210,7 @@ TargetHashSet TargetCalculator::calculate(ExecutionState &state) { sfi != sfe; sfi++) { kf = sfi->kf; - std::set blocks; + KBlockSet blocks; using std::placeholders::_1; KBlockPredicate func = std::bind(&TargetCalculator::uncoveredBlockPredicate, this, _1); @@ -235,11 +231,9 @@ TargetHashSet TargetCalculator::calculate(ExecutionState &state) { cast(block)->calledFunctions.size() == 1) { auto calledFunction = *cast(block)->calledFunctions.begin(); - KFunction *calledKFunction = - block->parent->parent->functionMap[calledFunction]; notCoveredFunction = - fullyCoveredFunctions.count(calledKFunction) == 0 && - calledKFunction->numInstructions; + fullyCoveredFunctions.count(calledFunction) == 0 && + calledFunction->numInstructions; } if (notCoveredFunction) { targets.insert(ReachBlockTarget::create(block, true)); diff --git a/lib/Core/TargetCalculator.h b/lib/Core/TargetCalculator.h index 790997487e..16a9a5350e 100644 --- a/lib/Core/TargetCalculator.h +++ b/lib/Core/TargetCalculator.h @@ -11,6 +11,7 @@ #define KLEE_TARGETCALCULATOR_H #include "ObjectManager.h" + #include "klee/ADT/RNG.h" #include "klee/Module/KModule.h" #include "klee/Module/Target.h" @@ -38,18 +39,12 @@ class ExecutionState; enum class TrackCoverageBy { None, Blocks, Branches, All }; -typedef std::pair Branch; - class TargetCalculator : public Subscriber { - using StatesSet = std::unordered_set; - - typedef std::unordered_set VisitedBlocks; - typedef std::unordered_set VisitedBranches; + using StatesSet = states_ty; enum HistoryKind { Blocks, Transitions }; - typedef std::unordered_map>> + typedef std::unordered_map>> CoveredBranches; typedef std::unordered_set CoveredFunctionsBranches; @@ -78,8 +73,7 @@ class TargetCalculator : public Subscriber { CoveredFunctionsBranches fullyCoveredFunctions; StatesSet localStates; - const std::map> & - getCoverageTargets(KFunction *kf); + const KBlockMap> &getCoverageTargets(KFunction *kf); }; } // namespace klee diff --git a/lib/Core/TargetManager.h b/lib/Core/TargetManager.h index 3188cb283d..c045c013d2 100644 --- a/lib/Core/TargetManager.h +++ b/lib/Core/TargetManager.h @@ -38,9 +38,6 @@ class TargetManager : public Subscriber { using StatesSet = states_ty; using StateToDistanceMap = std::unordered_map>; - using TargetForestHistoryTargetSet = - std::unordered_set; Interpreter::GuidanceKind guidance; DistanceCalculator &distanceCalculator; diff --git a/lib/Core/TargetedExecutionManager.cpp b/lib/Core/TargetedExecutionManager.cpp index 6c2224af72..2ede8edc64 100644 --- a/lib/Core/TargetedExecutionManager.cpp +++ b/lib/Core/TargetedExecutionManager.cpp @@ -86,7 +86,7 @@ cl::list ExitOnErrorType( "Violation of nullable attribute detected"), clEnumValN(StateTerminationType::User, "User", "Wrong klee_* functions invocation")), - cl::ZeroOrMore, cl::cat(TerminationCat)); + cl::cat(TerminationCat)); cl::opt MaxInstructions("max-instructions", @@ -183,6 +183,12 @@ cl::opt cl::desc("stop execution after visiting some basic block this " "amount of times (default=0)."), cl::init(0), cl::cat(TerminationCat)); + +cl::opt MaxSymbolicCycles( + "max-sym-cycles", + cl::desc("stop execution after visiting some basic block this " + "amount of times just after symbolic fork (default=0)."), + cl::init(0), cl::cat(TerminationCat)); } // namespace klee TargetedHaltsOnTraces::TargetedHaltsOnTraces(ref &forest) { @@ -380,18 +386,18 @@ bool TargetedExecutionManager::canReach(const ref &from, } const auto &blockDist = codeGraphInfo.getDistance(fromBlock); - if (blockDist.count(toBlock->basicBlock()) != 0) { + if (blockDist.count(toBlock) != 0) { return true; } } else { const auto &funcDist = codeGraphInfo.getDistance(fromKf); - if (funcDist.count(toKf->function()) != 0) { + if (funcDist.count(toKf) != 0) { return true; } const auto &backwardFuncDist = codeGraphInfo.getBackwardDistance(fromKf); - if (backwardFuncDist.count(toKf->function()) != 0) { + if (backwardFuncDist.count(toKf) != 0) { return true; } } @@ -465,9 +471,9 @@ KFunction *TargetedExecutionManager::tryResolveEntryFunction( KFunction *curKf = nullptr; for (size_t m = 0; m < currKFs.size() && !curKf; ++m) { curKf = currKFs.at(m); - if (funcDist.count(curKf->function()) == 0) { + if (funcDist.count(curKf) == 0) { const auto &curFuncDist = codeGraphInfo.getDistance(curKf); - if (curFuncDist.count(resKf->function()) == 0) { + if (curFuncDist.count(resKf) == 0) { curKf = nullptr; } else { i = j; diff --git a/lib/Core/TargetedExecutionManager.h b/lib/Core/TargetedExecutionManager.h index 7432f52228..9d787d724e 100644 --- a/lib/Core/TargetedExecutionManager.h +++ b/lib/Core/TargetedExecutionManager.h @@ -60,6 +60,7 @@ extern llvm::cl::opt MaxStaticPctCheckDelay; extern llvm::cl::opt TimerInterval; extern llvm::cl::opt MaxCycles; +extern llvm::cl::opt MaxSymbolicCycles; class CodeGraphInfo; @@ -89,7 +90,7 @@ class TargetedHaltsOnTraces { class TargetedExecutionManager : public Subscriber { private: - using Blocks = std::unordered_set; + using Blocks = KBlockSet; using LocationToBlocks = std::unordered_map, Blocks, RefLocationHash, RefLocationCmp>; using Locations = diff --git a/lib/Core/TimingSolver.cpp b/lib/Core/TimingSolver.cpp index 91d1d57e9c..9f05dc9f83 100644 --- a/lib/Core/TimingSolver.cpp +++ b/lib/Core/TimingSolver.cpp @@ -84,23 +84,24 @@ bool TimingSolver::tryGetUnique(const ConstraintSet &constraints, ref e, SolverQueryMetaData &metaData) { ++stats::queries; result = e; - if (!isa(result)) { - ref value; + if (!isa(result) && !isa(result)) { + ref unique; bool isTrue = false; e = optimizer.optimizeExpr(e, true); TimerStatIncrementer timer(stats::solverTime); - if (!solver->getValue(Query(constraints, e, metaData.id), value)) { + if (!solver->getValue(Query(constraints, e, metaData.id), unique)) { return false; } - ref cond = EqExpr::create(e, value); + + ref cond = EqExpr::create(e, unique); cond = optimizer.optimizeExpr(cond, false); if (!solver->mustBeTrue(Query(constraints, cond, metaData.id), isTrue)) { return false; } if (isTrue) { - result = value; + result = unique; } metaData.queryCost += timer.delta(); @@ -164,8 +165,7 @@ bool TimingSolver::mayBeFalse(const ConstraintSet &constraints, ref expr, } bool TimingSolver::getValue(const ConstraintSet &constraints, ref expr, - ref &result, - SolverQueryMetaData &metaData) { + ref &result, SolverQueryMetaData &metaData) { ++stats::queries; // Fast path, to avoid timer and OS overhead. if (ConstantExpr *CE = dyn_cast(expr)) { @@ -186,6 +186,31 @@ bool TimingSolver::getValue(const ConstraintSet &constraints, ref expr, return success; } +bool TimingSolver::getValue(const ConstraintSet &constraints, ref expr, + ref &result, + SolverQueryMetaData &metaData) { + ref tmp; + bool success = getValue(constraints, expr, tmp, metaData); + + assert(isa(tmp)); + result = cast(tmp); + + return success; +} + +bool TimingSolver::getValue(const ConstraintSet &constraints, + ref pointer, + ref &result, + SolverQueryMetaData &metaData) { + ref tmp; + bool success = getValue(constraints, pointer, tmp, metaData); + + assert(isa(tmp)); + result = cast(tmp); + + return success; +} + bool TimingSolver::getMinimalUnsignedValue(const ConstraintSet &constraints, ref expr, ref &result, @@ -212,7 +237,7 @@ bool TimingSolver::getMinimalUnsignedValue(const ConstraintSet &constraints, bool TimingSolver::getInitialValues( const ConstraintSet &constraints, const std::vector &objects, - std::vector> &result, + std::vector> &result, SolverQueryMetaData &metaData, bool produceValidityCore) { ++stats::queries; if (objects.empty()) diff --git a/lib/Core/TimingSolver.h b/lib/Core/TimingSolver.h index 7692d50377..f3c80591b7 100644 --- a/lib/Core/TimingSolver.h +++ b/lib/Core/TimingSolver.h @@ -84,16 +84,23 @@ class TimingSolver { SolverQueryMetaData &metaData, bool produceValidityCore = false); + bool getValue(const ConstraintSet &, ref expr, ref &result, + SolverQueryMetaData &metaData); + bool getValue(const ConstraintSet &, ref expr, ref &result, SolverQueryMetaData &metaData); + bool getValue(const ConstraintSet &, ref pointer, + ref &result, + SolverQueryMetaData &metaData); + bool getMinimalUnsignedValue(const ConstraintSet &, ref expr, ref &result, SolverQueryMetaData &metaData); bool getInitialValues(const ConstraintSet &, const std::vector &objects, - std::vector> &result, + std::vector> &result, SolverQueryMetaData &metaData, bool produceValidityCore = false); diff --git a/lib/Core/UserSearcher.cpp b/lib/Core/UserSearcher.cpp index 47ba08d07f..cdd9cb09a5 100644 --- a/lib/Core/UserSearcher.cpp +++ b/lib/Core/UserSearcher.cpp @@ -86,6 +86,13 @@ cl::opt BatchTime( "--use-batching-search. Set to 0s to disable (default=5s)"), cl::init("5s"), cl::cat(SearchCat)); +cl::opt UseFairSearch( + "use-fair-search", + cl::desc( + "Use fair searcher to interleave states with different entry points" + "(default=false)"), + cl::init(false), cl::cat(SearchCat)); + } // namespace void klee::initializeSearchOptions() { @@ -156,9 +163,7 @@ Searcher *getNewSearcher(Searcher::CoreSearchType type, RNG &rng, return searcher; } -Searcher *klee::constructUserSearcher(Executor &executor, - bool stopAfterReachingTarget) { - +Searcher *klee::constructBaseSearcher(Executor &executor) { Searcher *searcher = getNewSearcher(CoreSearch[0], executor.theRNG, *executor.processForest); @@ -188,6 +193,19 @@ Searcher *klee::constructUserSearcher(Executor &executor, new IterativeDeepeningSearcher(searcher, UseIterativeDeepeningSearch); } + return searcher; +} + +Searcher *klee::constructUserSearcher(Executor &executor) { + + Searcher *searcher = nullptr; + if (UseFairSearch) { + searcher = new DiscreteTimeFairSearcher(BaseSearcherConstructor(executor), + executor.theRNG, 1); + } else { + searcher = constructBaseSearcher(executor); + } + llvm::raw_ostream &os = executor.getHandler().getInfoStream(); os << "BEGIN searcher description\n"; diff --git a/lib/Core/UserSearcher.h b/lib/Core/UserSearcher.h index d11ab791e5..387c60c4a0 100644 --- a/lib/Core/UserSearcher.h +++ b/lib/Core/UserSearcher.h @@ -25,8 +25,13 @@ bool userSearcherRequiresMD2U(); void initializeSearchOptions(); -Searcher *constructUserSearcher(Executor &executor, - bool stopAfterReachingTarget = true); +Searcher *constructBaseSearcher(Executor &executor); +Searcher *constructUserSearcher(Executor &executor); +struct BaseSearcherConstructor { + Executor &executor; + BaseSearcherConstructor(Executor &executor) : executor(executor) {} + Searcher *operator()() const { return constructBaseSearcher(executor); } +}; } // namespace klee #endif /* KLEE_USERSEARCHER_H */ diff --git a/lib/Expr/AlphaBuilder.cpp b/lib/Expr/AlphaBuilder.cpp index 3056503669..ca135e9430 100644 --- a/lib/Expr/AlphaBuilder.cpp +++ b/lib/Expr/AlphaBuilder.cpp @@ -27,18 +27,18 @@ const Array *AlphaBuilder::visitArray(const Array *arr) { } source = SourceBuilder::mockDeterministic(mockSource->km, mockSource->function, args); - alphaArrayMap[arr] = arrayCache.CreateArray( - size, source, arr->getDomain(), arr->getRange()); + alphaArrayMap[arr] = + Array::create(size, source, arr->getDomain(), arr->getRange()); reverseAlphaArrayMap[alphaArrayMap[arr]] = arr; } else if (!arr->isConstantArray()) { source = SourceBuilder::alpha(index); index++; - alphaArrayMap[arr] = arrayCache.CreateArray( - size, source, arr->getDomain(), arr->getRange()); + alphaArrayMap[arr] = + Array::create(size, source, arr->getDomain(), arr->getRange()); reverseAlphaArrayMap[alphaArrayMap[arr]] = arr; } else if (size != arr->getSize()) { - alphaArrayMap[arr] = arrayCache.CreateArray( - size, source, arr->getDomain(), arr->getRange()); + alphaArrayMap[arr] = + Array::create(size, source, arr->getDomain(), arr->getRange()); reverseAlphaArrayMap[alphaArrayMap[arr]] = arr; } else { alphaArrayMap[arr] = arr; @@ -77,7 +77,7 @@ ExprVisitor::Action AlphaBuilder::visitRead(const ReadExpr &re) { return Action::changeTo(e); } -AlphaBuilder::AlphaBuilder(ArrayCache &_arrayCache) : arrayCache(_arrayCache) {} +AlphaBuilder::AlphaBuilder() {} constraints_ty AlphaBuilder::visitConstraints(const constraints_ty &cs) { constraints_ty result; diff --git a/lib/Expr/ArrayCache.cpp b/lib/Expr/ArrayCache.cpp index 3962278f6c..9be7e0200e 100644 --- a/lib/Expr/ArrayCache.cpp +++ b/lib/Expr/ArrayCache.cpp @@ -19,6 +19,7 @@ const Array *ArrayCache::CreateArray(ref _size, auto id = allocatedCount[_source->getKind()]; const Array *array = new Array(_size, _source, _domain, _range, id); + std::pair success = cachedSymbolicArrays.insert(array); if (success.second) { diff --git a/lib/Expr/ArrayExprOptimizer.cpp b/lib/Expr/ArrayExprOptimizer.cpp index 205685fdd6..405c4b9011 100644 --- a/lib/Expr/ArrayExprOptimizer.cpp +++ b/lib/Expr/ArrayExprOptimizer.cpp @@ -303,7 +303,7 @@ ref ExprOptimizer::getSelectOptExpr( if (ref constantSource = dyn_cast(read->updates.root->source)) { arrayConstValues = - constantSource->constantValues.getFirstNIndexes(size); + constantSource->constantValues->getFirstNIndexes(size); } for (auto it = us.rbegin(); it != us.rend(); it++) { const UpdateNode *un = *it; @@ -379,7 +379,7 @@ ref ExprOptimizer::getSelectOptExpr( if (ref constantSource = dyn_cast(read->updates.root->source)) { arrayConstValues = - constantSource->constantValues.getFirstNIndexes(size); + constantSource->constantValues->getFirstNIndexes(size); } if (arrayConstValues.size() < size) { // We need to "force" initialization of the values diff --git a/lib/Expr/ArrayExprVisitor.cpp b/lib/Expr/ArrayExprVisitor.cpp index 0c4c3bd213..9696d0db94 100644 --- a/lib/Expr/ArrayExprVisitor.cpp +++ b/lib/Expr/ArrayExprVisitor.cpp @@ -16,44 +16,6 @@ using namespace klee; //------------------------------ HELPER FUNCTIONS ---------------------------// -bool ArrayExprHelper::isReadExprAtOffset(ref e, const ReadExpr *base, - ref offset) { - const ReadExpr *re = dyn_cast(e.get()); - if (!re || (re->getWidth() != Expr::Int8)) - return false; - return SubExpr::create(re->index, base->index) == offset; -} - -ReadExpr *ArrayExprHelper::hasOrderedReads(const ConcatExpr &ce) { - const ReadExpr *base = dyn_cast(ce.getKid(0)); - - // right now, all Reads are byte reads but some - // transformations might change this - if (!base || base->getWidth() != Expr::Int8) { - return nullptr; - } - - // Get stride expr in proper index width. - Expr::Width idxWidth = base->index->getWidth(); - ref strideExpr = ConstantExpr::alloc(-1, idxWidth); - ref offset = ConstantExpr::create(0, idxWidth); - - ref e = ce.getKid(1); - - // concat chains are unbalanced to the right - while (e->getKind() == Expr::Concat) { - offset = AddExpr::create(offset, strideExpr); - if (!isReadExprAtOffset(e->getKid(0), base, offset)) - return nullptr; - e = e->getKid(1); - } - - offset = AddExpr::create(offset, strideExpr); - if (!isReadExprAtOffset(e, base, offset)) - return nullptr; - - return cast(e.get()); -} void ArrayExprHelper::collectAlternatives( const SelectExpr &se, std::vector> &alternatives) { @@ -72,7 +34,7 @@ void ArrayExprHelper::collectAlternatives( //--------------------------- INDEX-BASED OPTIMIZATION-----------------------// ExprVisitor::Action ConstantArrayExprVisitor::visitConcat(const ConcatExpr &ce) { - ReadExpr *base = ArrayExprHelper::hasOrderedReads(ce); + ref base = ce.hasOrderedReads(); return base ? visitRead(*base) : Action::doChildren(); } @@ -162,7 +124,7 @@ ExprVisitor::Action IndexTransformationExprVisitor::visitMul(const MulExpr &e) { //-------------------------- VALUE-BASED OPTIMIZATION------------------------// ExprVisitor::Action ArrayReadExprVisitor::visitConcat(const ConcatExpr &ce) { - ReadExpr *base = ArrayExprHelper::hasOrderedReads(ce); + ref base = ce.hasOrderedReads(); if (base) { return inspectRead(const_cast(&ce), ce.getWidth(), *base); } @@ -177,7 +139,7 @@ ExprVisitor::Action ArrayReadExprVisitor::inspectRead(ref hash, Expr::Width width, const ReadExpr &re) { // pre(*): index is symbolic - if (!isa(re.index)) { + if (!isa(re.index) && re.updates.root->getRange() == 8) { if (readInfo.find(&re) == readInfo.end()) { if (re.updates.root->isSymbolicArray() && !re.updates.head) { return Action::doChildren(); diff --git a/lib/Expr/Assignment.cpp b/lib/Expr/Assignment.cpp index 860f1a0a50..a17d2ed9fd 100644 --- a/lib/Expr/Assignment.cpp +++ b/lib/Expr/Assignment.cpp @@ -84,8 +84,8 @@ std::vector Assignment::keys() const { return result; } -std::vector> Assignment::values() const { - std::vector> result; +std::vector> Assignment::values() const { + std::vector> result; result.reserve(bindings.size()); for (auto i : bindings) { result.push_back(i.second); diff --git a/lib/Expr/AssignmentGenerator.cpp b/lib/Expr/AssignmentGenerator.cpp index 601ceb66e6..0b7a18a9cb 100644 --- a/lib/Expr/AssignmentGenerator.cpp +++ b/lib/Expr/AssignmentGenerator.cpp @@ -177,7 +177,7 @@ bool AssignmentGenerator::helperGenerateAssignment(const ref &e, // SPECIAL case Expr::Concat: { - ReadExpr *base = hasOrderedReads(&ep); + ref base = ep.hasOrderedReads(); if (base) { return helperGenerateAssignment(ref(base), val, a, ep.getWidth(), sign); @@ -213,7 +213,7 @@ bool AssignmentGenerator::helperGenerateAssignment(const ref &e, } if (a->bindings.find(re.updates.root) == a->bindings.end()) { a->bindings.insert(std::make_pair( - re.updates.root, SparseStorage(c_value, 0))); + re.updates.root, SparseStorageImpl(c_value, 0))); } else { return false; } @@ -232,46 +232,6 @@ bool AssignmentGenerator::helperGenerateAssignment(const ref &e, } } -bool AssignmentGenerator::isReadExprAtOffset(ref e, const ReadExpr *base, - ref offset) { - const ReadExpr *re = dyn_cast(e.get()); - if (!re || (re->getWidth() != Expr::Int8)) - return false; - return SubExpr::create(re->index, base->index) == offset; -} - -ReadExpr *AssignmentGenerator::hasOrderedReads(ref e) { - assert(e->getKind() == Expr::Concat); - - const ReadExpr *base = dyn_cast(e->getKid(0)); - - // right now, all Reads are byte reads but some - // transformations might change this - if (!base || base->getWidth() != Expr::Int8) - return NULL; - - // Get stride expr in proper index width. - Expr::Width idxWidth = base->index->getWidth(); - ref strideExpr = ConstantExpr::alloc(-1, idxWidth); - ref offset = ConstantExpr::create(0, idxWidth); - - e = e->getKid(1); - - // concat chains are unbalanced to the right - while (e->getKind() == Expr::Concat) { - offset = AddExpr::create(offset, strideExpr); - if (!isReadExprAtOffset(e->getKid(0), base, offset)) - return NULL; - e = e->getKid(1); - } - - offset = AddExpr::create(offset, strideExpr); - if (!isReadExprAtOffset(e, base, offset)) - return NULL; - - return cast(e.get()); -} - ref AssignmentGenerator::createSubExpr(const ref &l, ref &r) { return SubExpr::create(r, l); } diff --git a/lib/Expr/Constraints.cpp b/lib/Expr/Constraints.cpp index 7669baad7d..acf0aa4da3 100644 --- a/lib/Expr/Constraints.cpp +++ b/lib/Expr/Constraints.cpp @@ -18,6 +18,8 @@ #include "klee/Expr/IndependentConstraintSetUnion.h" #include "klee/Expr/IndependentSet.h" #include "klee/Expr/Path.h" +#include "klee/Expr/SourceBuilder.h" +#include "klee/Expr/SymbolicSource.h" #include "klee/Expr/Symcrete.h" #include "klee/Module/KModule.h" #include "klee/Support/OptionCategories.h" @@ -134,6 +136,58 @@ class ExprReplaceVisitor2 : public ExprVisitor { } } + ref visitSource(ref source) { + if (ref liSource = + dyn_cast(source)) { + ref pointer = visit(liSource->pointer); + switch (source->getKind()) { + case SymbolicSource::Kind::LazyInitializationAddress: { + return SourceBuilder::lazyInitializationAddress(pointer); + } + case SymbolicSource::Kind::LazyInitializationSize: { + return SourceBuilder::lazyInitializationSize(pointer); + } + case SymbolicSource::Kind::LazyInitializationContent: { + return SourceBuilder::lazyInitializationContent(pointer); + } + default: + assert(0 && "unreachable"); + } + } else { + return source; + } + } + + const Array *visitArray(const Array *arr) { + ref source = visitSource(arr->source); + ref size = visit(arr->getSize()); + if (source != arr->source || size != arr->getSize()) { + return Array::create(size, source, arr->getDomain(), arr->getRange()); + } else { + return arr; + } + } + + UpdateList visitUpdateList(UpdateList u) { + const Array *root = visitArray(u.root); + std::vector> updates; + + for (auto un = u.head; un; un = un->next) { + updates.push_back(un); + } + + updates.push_back(nullptr); + + for (int i = updates.size() - 2; i >= 0; i--) { + ref index = visit(updates[i]->index); + ref value = visit(updates[i]->value); + updates[i] = new UpdateNode(updates[i + 1], index, value); + } + return UpdateList(root, updates[0]); + } + + Action visitRead(const ReadExpr &re) override { return Action::doChildren(); } + public: ExprHashSet replacementDependency; }; @@ -183,63 +237,66 @@ class ExprReplaceVisitor3 : public ExprVisitor { ConstraintSet::ConstraintSet(constraints_ty cs, symcretes_ty symcretes, Assignment concretization) - : _constraints(cs), _symcretes(symcretes), _concretization(concretization), + : cowKey(1), _constraints(cs), _symcretes(symcretes), + _concretization(new Assignment(concretization)), _independentElements(new IndependentConstraintSetUnion( - _constraints, _symcretes, _concretization)) {} + _constraints, _symcretes, *_concretization)), + copyOnWriteOwner(cowKey) {} ConstraintSet::ConstraintSet(ref ics) - : _constraints(ics->getConstraints()), _symcretes(ics->getSymcretes()), - _concretization(ics->concretization), - _independentElements(new IndependentConstraintSetUnion(ics)) {} + : cowKey(1), _constraints(ics->getConstraints()), + _symcretes(ics->getSymcretes()), + _concretization(new Assignment(ics->concretization)), + _independentElements(new IndependentConstraintSetUnion(ics)), + copyOnWriteOwner(cowKey) {} ConstraintSet::ConstraintSet( - const std::vector> &factors) - : _independentElements(new IndependentConstraintSetUnion( - _constraints, _symcretes, _concretization)) { + const std::vector> &factors, + const ExprHashMap> &concretizedExprs) + : cowKey(1), _concretization(new Assignment()), + _independentElements(new IndependentConstraintSetUnion( + _constraints, _symcretes, *_concretization)), + copyOnWriteOwner(cowKey) { for (auto ics : factors) { constraints_ty constraints = ics->getConstraints(); SymcreteOrderedSet symcretes = ics->getSymcretes(); IndependentConstraintSetUnion icsu(ics); _constraints.insert(constraints.begin(), constraints.end()); _symcretes.insert(symcretes.begin(), symcretes.end()); - _concretization.addIndependentAssignment(ics->concretization); + _concretization->addIndependentAssignment(ics->concretization); _independentElements->addIndependentConstraintSetUnion(icsu); } + _independentElements->concretizedExprs = concretizedExprs; } ConstraintSet::ConstraintSet(constraints_ty cs) : ConstraintSet(cs, {}, {}) {} ConstraintSet::ConstraintSet() - : _independentElements(new IndependentConstraintSetUnion()) {} - -void ConstraintSet::fork() { - _independentElements = std::make_shared( - IndependentConstraintSetUnion(*_independentElements)); + : cowKey(1), _concretization(new Assignment()), + _independentElements(new IndependentConstraintSetUnion()), + copyOnWriteOwner(cowKey) {} + +void ConstraintSet::checkCopyOnWriteOwner() { + if (cowKey != copyOnWriteOwner) { + _independentElements = std::make_shared( + IndependentConstraintSetUnion(*_independentElements)); + _concretization = + std::make_shared(Assignment(*_concretization)); + } } -void ConstraintSet::addConstraint(ref e, const Assignment &delta) { +void ConstraintSet::addConstraint(ref e) { + checkCopyOnWriteOwner(); _constraints.insert(e); - // Update bindings - for (auto &i : delta.bindings) { - _concretization.bindings.replace({i.first, i.second}); - } - _independentElements->updateConcretization(delta); _independentElements->addExpr(e); } IDType Symcrete::idCounter = 0; -void ConstraintSet::addSymcrete(ref s, - const Assignment &concretization) { +void ConstraintSet::addSymcrete(ref s) { + checkCopyOnWriteOwner(); _symcretes.insert(s); _independentElements->addSymcrete(s); - Assignment dependentConcretization; - for (auto i : s->dependentArrays()) { - _concretization.bindings.replace({i, concretization.bindings.at(i)}); - dependentConcretization.bindings.replace( - {i, concretization.bindings.at(i)}); - } - _independentElements->updateConcretization(dependentConcretization); } bool ConstraintSet::isSymcretized(ref expr) const { @@ -251,10 +308,10 @@ bool ConstraintSet::isSymcretized(ref expr) const { return false; } -void ConstraintSet::rewriteConcretization(const Assignment &a) { +void ConstraintSet::rewriteConcretization(const Assignment &a) const { for (auto i : a.bindings) { if (concretization().bindings.count(i.first)) { - _concretization.bindings.replace({i.first, i.second}); + _concretization->bindings.replace({i.first, i.second}); } } _independentElements->updateConcretization(a); @@ -305,7 +362,8 @@ void ConstraintSet::dump() const { this->print(llvm::errs()); } void ConstraintSet::changeCS(constraints_ty &cs) { _constraints = cs; _independentElements = std::make_shared( - IndependentConstraintSetUnion(_constraints, _symcretes, _concretization)); + IndependentConstraintSetUnion(_constraints, _symcretes, + *_concretization)); } const constraints_ty &ConstraintSet::cs() const { return _constraints; } @@ -324,7 +382,7 @@ const ExprHashMap &PathConstraints::indexes() const { } const Assignment &ConstraintSet::concretization() const { - return _concretization; + return *_concretization; } const constraints_ty &PathConstraints::original() const { return _original; } @@ -342,9 +400,7 @@ PathConstraints::orderedCS() const { void PathConstraints::advancePath(KInstruction *ki) { _path.advance(ki); } -void PathConstraints::fork() { constraints.fork(); } - -ExprHashSet PathConstraints::addConstraint(ref e, const Assignment &delta, +ExprHashSet PathConstraints::addConstraint(ref e, Path::PathIndex currIndex) { auto expr = Simplificator::simplifyExpr(constraints, e); if (auto ce = dyn_cast(expr.simplified)) { @@ -365,7 +421,7 @@ ExprHashSet PathConstraints::addConstraint(ref e, const Assignment &delta, auto indexConstraints = orderedConstraints[currIndex].second; indexConstraints.insert(expr); orderedConstraints.replace({currIndex, indexConstraints}); - constraints.addConstraint(expr, delta); + constraints.addConstraint(expr); } } @@ -383,18 +439,16 @@ ExprHashSet PathConstraints::addConstraint(ref e, const Assignment &delta, return added; } -ExprHashSet PathConstraints::addConstraint(ref e, - const Assignment &delta) { - return addConstraint(e, delta, _path.getCurrentIndex()); +ExprHashSet PathConstraints::addConstraint(ref e) { + return addConstraint(e, _path.getCurrentIndex()); } bool PathConstraints::isSymcretized(ref expr) const { return constraints.isSymcretized(expr); } -void PathConstraints::addSymcrete(ref s, - const Assignment &concretization) { - constraints.addSymcrete(s, concretization); +void PathConstraints::addSymcrete(ref s) { + constraints.addSymcrete(s); } void PathConstraints::rewriteConcretization(const Assignment &a) { diff --git a/lib/Expr/Expr.cpp b/lib/Expr/Expr.cpp index 6f707132b0..15b836bd11 100644 --- a/lib/Expr/Expr.cpp +++ b/lib/Expr/Expr.cpp @@ -10,8 +10,10 @@ #include "klee/Expr/Expr.h" #include "klee/Config/Version.h" +#include "klee/Expr/ArrayCache.h" #include "klee/Expr/ExprPPrinter.h" #include "klee/Expr/ExprUtil.h" +#include "klee/Expr/SourceBuilder.h" #include "klee/Expr/SymbolicSource.h" #include "klee/Support/ErrorHandling.h" #include "klee/Support/OptionCategories.h" @@ -62,58 +64,71 @@ cl::opt unsigned Expr::count = 0; ref Expr::createTempRead(const Array *array, Expr::Width w, - unsigned off) { + ref off) { UpdateList ul(array, 0); switch (w) { default: assert(0 && "invalid width"); case Expr::Bool: - return ZExtExpr::create( - ReadExpr::create(ul, ConstantExpr::alloc(off, Expr::Int32)), - Expr::Bool); + return ZExtExpr::create(ReadExpr::create(ul, off), Expr::Bool); case Expr::Int8: - return ReadExpr::create(ul, ConstantExpr::alloc(0, Expr::Int32)); + return ReadExpr::create(ul, off); case Expr::Int16: return ConcatExpr::create( - ReadExpr::create(ul, ConstantExpr::alloc(off + 1, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off, Expr::Int32))); + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(1, Expr::Int32))), + ReadExpr::create(ul, off)); case Expr::Int32: return ConcatExpr::create4( - ReadExpr::create(ul, ConstantExpr::alloc(off + 3, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off + 2, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off + 1, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off, Expr::Int32))); + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(3, Expr::Int32))), + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(2, Expr::Int32))), + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(1, Expr::Int32))), + ReadExpr::create(ul, off)); case Expr::Int64: return ConcatExpr::create8( - ReadExpr::create(ul, ConstantExpr::alloc(off + 7, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off + 6, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off + 5, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off + 4, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off + 3, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off + 2, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off + 1, Expr::Int32)), - ReadExpr::create(ul, ConstantExpr::alloc(off, Expr::Int32))); + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(7, Expr::Int32))), + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(6, Expr::Int32))), + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(5, Expr::Int32))), + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(4, Expr::Int32))), + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(3, Expr::Int32))), + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(2, Expr::Int32))), + ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(1, Expr::Int32))), + ReadExpr::create(ul, off)); case Expr::Fl80: { ref bytes[10]; for (int i = 0; i < 10; ++i) { - bytes[i] = - ReadExpr::create(ul, ConstantExpr::alloc(off + 9 - i, Expr::Int32)); + bytes[i] = ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(9 - i, Expr::Int32))); } return ConcatExpr::createN(10, bytes); } case Expr::Int128: { ref bytes[16]; for (int i = 0; i < 16; ++i) { - bytes[i] = - ReadExpr::create(ul, ConstantExpr::alloc(off + 15 - i, Expr::Int32)); + bytes[i] = ReadExpr::create( + ul, AddExpr::create(off, ConstantExpr::alloc(15 - i, Expr::Int32))); } return ConcatExpr::createN(16, bytes); } } } +ref Expr::createTempRead(const Array *array, Expr::Width w) { + return Expr::createTempRead(array, w, ConstantExpr::create(0, Expr::Int32)); +} + void Expr::splitAnds(ref e, std::vector> &exprs) { if (auto andExpr = dyn_cast(e)) { splitAnds(andExpr->getKid(0), exprs); @@ -150,9 +165,6 @@ int Expr::compare(const Expr &b, ExprEquivSet &equivs) const { bp = this; } - if (equivs.count(std::make_pair(ap, bp))) - return 0; - Kind ak = getKind(), bk = b.getKind(); int kc = (ak > bk) - (ak < bk); if (kc) @@ -162,6 +174,9 @@ int Expr::compare(const Expr &b, ExprEquivSet &equivs) const { if (hc) return hc; + if (equivs.count(std::make_pair(ap, bp))) + return 0; + if (int res = compareContents(b)) return res; @@ -238,6 +253,8 @@ void Expr::printKind(llvm::raw_ostream &os, Kind k) { X(FAbs); X(FNeg); X(FRint); + X(Pointer); + X(ConstantPointer); #undef X default: assert(0 && "invalid kind"); @@ -524,9 +541,13 @@ ref Expr::createIsZero(ref e) { } } -ref Expr::createTrue() { return ConstantExpr::create(1, Expr::Bool); } +ref Expr::createTrue() { + return ConstantExpr::create(1, Expr::Bool); +} -ref Expr::createFalse() { return ConstantExpr::create(0, Expr::Bool); } +ref Expr::createFalse() { + return ConstantExpr::create(0, Expr::Bool); +} Expr::ByteWidth Expr::getByteWidth() const { return (getWidth() + CHAR_BIT - 1) / CHAR_BIT; @@ -551,20 +572,40 @@ std::string Expr::toString() const { /***/ Expr::ExprCacheSet Expr::cachedExpressions; +Expr::ConstantExprCacheSet Expr::cachedConstantExpressions; Expr::~Expr() { Expr::count--; if (isCached) { toBeCleared = true; cachedExpressions.cache.erase(this); + isCached = false; } } -ref Expr::createCachedExpr(ref e) { +ConstantExpr::~ConstantExpr() { + if (isCached) { + toBeCleared = true; + if (mIsFloat) { + cachedExpressions.cache.erase(this); + } else { + cachedConstantExpressions.cache.erase(value); + } + isCached = false; + } +} - std::pair success = - cachedExpressions.cache.insert(e.get()); +Expr::ConstantExprCacheSet::~ConstantExprCacheSet() { + while (cache.size() != 0) { + auto tmp = *cache.begin(); + tmp.second->isCached = false; + cache.erase(cache.begin()); + } +} +ref Expr::createCachedExpr(ref e) { + std::pair success; + success = cachedExpressions.cache.insert(e.get()); if (success.second) { // Cache miss e->isCached = true; @@ -692,12 +733,6 @@ void ConstantExpr::toString(std::string &Res, unsigned radix) const { #endif } -ConstantExpr::ConstantExpr(const llvm::APFloat &v) - : value(v.bitcastToAPInt()), mIsFloat(true) { - assert(&(v.getSemantics()) == &(getFloatSemantics()) && - "float semantics mismatch"); -} - const llvm::fltSemantics &ConstantExpr::widthToFloatSemantics(Width width) { switch (width) { case Expr::Int16: @@ -1507,6 +1542,13 @@ Array::Array(ref _size, ref _source, Expr::Width _domain, Array::~Array() {} +ArrayCache Array::cachedArrays; + +const Array *Array::create(ref _size, const ref source, + Expr::Width _domain, Expr::Width _range) { + return cachedArrays.CreateArray(_size, source, _domain, _range); +} + unsigned Array::computeHash() { unsigned res = 0; res = (res * Expr::MAGIC_HASH_CONSTANT) + size->hash(); @@ -1516,7 +1558,7 @@ unsigned Array::computeHash() { } /***/ -ref ReadExpr::create(const UpdateList &ul, ref index) { +ref ReadExpr::create(const UpdateList &ul, ref index, bool safe) { // rollback update nodes if possible // Iterate through the update list from the most recent to the @@ -1540,29 +1582,34 @@ ref ReadExpr::create(const UpdateList &ul, ref index) { // So that we return weird stuff like reads from consts that should have // simplified to constant exprs if we read beyond size boundary. - if (auto source = dyn_cast(ul.root->source)) { + if (ConstantSource *source = dyn_cast(ul.root->source)) { if (auto arraySizeExpr = dyn_cast(ul.root->size)) { if (auto indexExpr = dyn_cast(index)) { auto arraySize = arraySizeExpr->getZExtValue(); auto concreteIndex = indexExpr->getZExtValue(); - if (concreteIndex >= arraySize) { + if (safe && concreteIndex >= arraySize) { return ReadExpr::alloc(ul, index); } } - } else { + } else if (safe) { return ReadExpr::alloc(ul, index); } } - if (isa(ul.root->source) && !updateListHasSymbolicWrites) { - // No updates with symbolic index to a constant array have been found - if (ConstantExpr *CE = dyn_cast(index)) { - assert(CE->getWidth() <= 64 && "Index too large"); - ref constantSource = - cast(ul.root->source); - uint64_t concreteIndex = CE->getZExtValue(); - if (auto value = constantSource->constantValues.load(concreteIndex)) { + if (ConstantSource *constantSource = + dyn_cast(ul.root->source)) { + if (!updateListHasSymbolicWrites) { + // No updates with symbolic index to a constant array have been found + if (ConstantExpr *CE = dyn_cast(index)) { + assert(CE->getWidth() <= 64 && "Index too large"); + uint64_t concreteIndex = CE->getZExtValue(); + auto value = constantSource->constantValues->load(concreteIndex); + assert(value); return value; + } else if (constantSource->constantValues->storage().size() == 0 && + !safe) { + assert(constantSource->constantValues->defaultV()); + return constantSource->constantValues->defaultV(); } } } @@ -1640,6 +1687,14 @@ ref SelectExpr::create(ref c, ref t, ref f) { AndExpr::create(Expr::createIsZero(c), se->cond), se->trueExpr, t); } } + } else if (isa(t) && isa(f)) { + ref truePointer = cast(t); + ref falsePointer = cast(f); + ref base = + SelectExpr::create(c, truePointer->getBase(), falsePointer->getBase()); + ref value = SelectExpr::create(c, truePointer->getValue(), + falsePointer->getValue()); + return PointerExpr::create(base, value); } else if (!isa(t) && isa(f)) { return SelectExpr::alloc(Expr::createIsZero(c), f, t); } @@ -1649,6 +1704,75 @@ ref SelectExpr::create(ref c, ref t, ref f) { /***/ +bool isReadExprAtOffset(ref e, const ReadExpr *base, ref offset) { + const ReadExpr *re = dyn_cast(e.get()); + if (!re || (re->getWidth() != Expr::Int8)) + return false; + return SubExpr::create(re->index, base->index) == offset; +} + +ref Expr::hasOrderedReads(bool stride) const { + if (auto read = dyn_cast(this)) { + return cast(const_cast(read)); + } + if (!isa(this)) { + return ref(); + } + + ReadExpr *base = dyn_cast(getKid(0)); + int strideNum = stride ? 1 : -1; + + // right now, all Reads are byte reads but some + // transformations might change this + if (!base || base->getWidth() != Expr::Int8) { + return NULL; + } + + // Get stride expr in proper index width. + Expr::Width idxWidth = base->index->getWidth(); + ref strideExpr = ConstantExpr::alloc(strideNum, idxWidth); + ref offset = ConstantExpr::create(0, idxWidth); + + ref e = getKid(1); + + // concat chains are unbalanced to the right + while (e->getKind() == Expr::Concat) { + offset = AddExpr::create(offset, strideExpr); + if (!isReadExprAtOffset(e->getKid(0), base, offset)) { + return NULL; + } + + e = e->getKid(1); + } + + offset = AddExpr::create(offset, strideExpr); + if (!isReadExprAtOffset(e, base, offset)) + return NULL; + + if (!stride) + return cast(e.get()); + else + return base; +} + +ref Expr::hasOrderedReads() const { + ref result = hasOrderedReads(false); + if (!result) { + result = hasOrderedReads(true); + } + return result; +} + +ref Expr::getValue() const { + return isa(this) ? cast(this)->getValue() + : const_cast(this); +} + +ref convolution(const ref &l, const ref &r) { + ref null = ConstantExpr::create(0, l->getWidth()); + return SelectExpr::create(EqExpr::create(l, r), l, null); +} + ref ConcatExpr::create(const ref &l, const ref &r) { Expr::Width w = l->getWidth() + r->getWidth(); @@ -1669,6 +1793,14 @@ ref ConcatExpr::create(const ref &l, const ref &r) { } } + if (PointerExpr *ee_left = dyn_cast(l)) { + if (PointerExpr *ee_right = dyn_cast(r)) { + return PointerExpr::create( + convolution(ee_left->getBase(), ee_right->getBase()), + ConcatExpr::create(ee_left->getValue(), ee_right->getValue())); + } + } + return ConcatExpr::alloc(l, r); } @@ -1715,7 +1847,9 @@ ref ExtractExpr::create(ref expr, unsigned off, Width w) { return expr; } else if (ConstantExpr *CE = dyn_cast(expr)) { return CE->Extract(off, w); - } else if (SelectExpr *se = dyn_cast(expr)) { + } else if (PointerExpr *pe = dyn_cast(expr)) { + return PointerExpr::create(pe->getBase(), + ExtractExpr::create(pe->getValue(), off, w)); } else { // Extract(Concat) if (ConcatExpr *ce = dyn_cast(expr)) { @@ -1746,6 +1880,9 @@ ref NotExpr::create(const ref &e) { if (ConstantExpr *CE = dyn_cast(e)) return CE->Not(); + if (PointerExpr *PE = dyn_cast(e)) + return PE->Not(); + if (NotExpr *NE = dyn_cast(e)) { return NE->expr; } @@ -1778,6 +1915,9 @@ ref ZExtExpr::create(const ref &e, Width w) { return ExtractExpr::create(e, 0, w); } else if (ConstantExpr *CE = dyn_cast(e)) { return CE->ZExt(w); + } else if (PointerExpr *pe = dyn_cast(e)) { + return PointerExpr::create(pe->getBase(), + ZExtExpr::create(pe->getValue(), w)); } else if (SelectExpr *se = dyn_cast(e)) { if (isa(se->trueExpr)) { return SelectExpr::create(se->cond, ZExtExpr::create(se->trueExpr, w), @@ -1796,6 +1936,9 @@ ref SExtExpr::create(const ref &e, Width w) { return ExtractExpr::create(e, 0, w); } else if (ConstantExpr *CE = dyn_cast(e)) { return CE->SExt(w); + } else if (PointerExpr *pe = dyn_cast(e)) { + return PointerExpr::create(pe->getBase(), + SExtExpr::create(pe->getValue(), w)); } else if (SelectExpr *se = dyn_cast(e)) { if (isa(se->trueExpr)) { return SelectExpr::create(se->cond, SExtExpr::create(se->trueExpr, w), @@ -1904,6 +2047,15 @@ static ref AddExpr_createPartialR(const ref &cl, Expr *r) { static ref AddExpr_createPartial(Expr *l, const ref &cr) { return AddExpr_createPartialR(cr, l); } + +static ref AddExpr_createPointerR(const ref &pl, Expr *r) { + return PointerExpr::create(pl->getBase(), AddExpr::create(pl->getValue(), r)); +} + +static ref AddExpr_createPointer(Expr *l, const ref &pr) { + return AddExpr_createPointerR(pr, l); +} + static ref AddExpr_create(Expr *l, Expr *r) { Expr::Width type = l->getWidth(); @@ -1923,6 +2075,10 @@ static ref AddExpr_create(Expr *l, Expr *r) { } else if (rk == Expr::Sub && isa(r->getKid(0))) { // a + (k-b) = k+(a-b) return AddExpr::create(r->getKid(0), SubExpr::create(l, r->getKid(1))); + } else if (rk == Expr::Sub && *r->getKid(1) == *l) { // a + (b - a) = b + return r->getKid(0); + } else if (lk == Expr::Sub && *l->getKid(1) == *r) { // (b - a) + a = b + return l->getKid(0); } else { return AddExpr::alloc(l, r); } @@ -1952,6 +2108,15 @@ static ref SubExpr_createPartial(Expr *l, const ref &cr) { return AddExpr_createPartial(l, ConstantExpr::alloc(0, cr->getWidth())->Sub(cr)); } + +static ref SubExpr_createPointerR(const ref &pl, Expr *r) { + return PointerExpr::create(pl->getBase(), SubExpr::create(pl->getValue(), r)); +} + +static ref SubExpr_createPointer(Expr *l, const ref &pr) { + return PointerExpr::create(pr->getBase(), SubExpr::create(l, pr->getValue())); +} + static ref SubExpr_create(Expr *l, Expr *r) { Expr::Width type = l->getWidth(); @@ -1973,6 +2138,18 @@ static ref SubExpr_create(Expr *l, Expr *r) { } else if (rk == Expr::Sub && isa(r->getKid(0))) { // a - (k-b) = (a+b) - k return SubExpr::create(AddExpr::create(l, r->getKid(1)), r->getKid(0)); + } else if (rk == Expr::Add && + *r->getKid(0) == *l) { // a - (a+b) = -b, a - (b+a) = -b + return NotExpr::create(r->getKid(1)); + } else if (rk == Expr::Add && + *r->getKid(1) == *l) { // a - (a+b) = -b, a - (b+a) = -b + return NotExpr::create(r->getKid(0)); + } else if (lk == Expr::Add && + (*l->getKid(0) == *r)) { // (a + b) - a = b, (b + a) - a = b + return l->getKid(1); + } else if (lk == Expr::Add && + (*l->getKid(1) == *r)) { // (a + b) - a = b, (b + a) - a = b + return l->getKid(0); } else { return SubExpr::alloc(l, r); } @@ -1995,6 +2172,15 @@ static ref MulExpr_createPartialR(const ref &cl, Expr *r) { static ref MulExpr_createPartial(Expr *l, const ref &cr) { return MulExpr_createPartialR(cr, l); } + +static ref MulExpr_createPointerR(const ref &pl, Expr *r) { + return PointerExpr::create(pl->getBase(), MulExpr::create(pl->getValue(), r)); +} + +static ref MulExpr_createPointer(Expr *l, const ref &pr) { + return MulExpr_createPointerR(pr, l); +} + static ref MulExpr_create(Expr *l, Expr *r) { Expr::Width type = l->getWidth(); @@ -2017,6 +2203,15 @@ static ref AndExpr_createPartial(Expr *l, const ref &cr) { static ref AndExpr_createPartialR(const ref &cl, Expr *r) { return AndExpr_createPartial(r, cl); } + +static ref AndExpr_createPointerR(const ref &pl, Expr *r) { + return PointerExpr::create(pl->getBase(), AndExpr::create(pl->getValue(), r)); +} + +static ref AndExpr_createPointer(Expr *l, const ref &pr) { + return AndExpr_createPointerR(pr, l); +} + static ref AndExpr_create(Expr *l, Expr *r) { if (*l == *r) { return l; @@ -2036,6 +2231,15 @@ static ref OrExpr_createPartial(Expr *l, const ref &cr) { static ref OrExpr_createPartialR(const ref &cl, Expr *r) { return OrExpr_createPartial(r, cl); } + +static ref OrExpr_createPointerR(const ref &pl, Expr *r) { + return PointerExpr::create(pl->getBase(), OrExpr::create(pl->getValue(), r)); +} + +static ref OrExpr_createPointer(Expr *l, const ref &pr) { + return OrExpr_createPointerR(pr, l); +} + static ref OrExpr_create(Expr *l, Expr *r) { if (*l == *r) { return l; @@ -2056,6 +2260,15 @@ static ref XorExpr_createPartialR(const ref &cl, Expr *r) { static ref XorExpr_createPartial(Expr *l, const ref &cr) { return XorExpr_createPartialR(cr, l); } + +static ref XorExpr_createPointerR(const ref &pl, Expr *r) { + return PointerExpr::create(pl->getBase(), XorExpr::create(pl->getValue(), r)); +} + +static ref XorExpr_createPointer(Expr *l, const ref &pr) { + return XorExpr_createPointerR(pr, l); +} + static ref XorExpr_create(Expr *l, Expr *r) { return XorExpr::alloc(l, r); } @@ -2116,7 +2329,7 @@ static ref AShrExpr_create(const ref &l, const ref &r) { } } -#define BCREATE_R(_e_op, _op, partialL, partialR) \ +#define BCREATE_R(_e_op, _op, partialL, partialR, pointerL, pointerR) \ ref _e_op ::create(const ref &l, const ref &r) { \ assert(l->getWidth() == r->getWidth() && "type mismatch"); \ if (SelectExpr *sel = dyn_cast(l)) { \ @@ -2131,12 +2344,64 @@ static ref AShrExpr_create(const ref &l, const ref &r) { _e_op::create(l, ser->falseExpr)); \ } \ } \ + if (PointerExpr *pl = dyn_cast(l)) { \ + if (PointerExpr *pr = dyn_cast(r)) \ + return pl->_op(pr); \ + return pointerR(pl, r.get()); \ + } else if (PointerExpr *pr = dyn_cast(r)) { \ + return pointerL(l.get(), pr); \ + } \ if (ConstantExpr *cl = dyn_cast(l)) { \ if (ConstantExpr *cr = dyn_cast(r)) \ return cl->_op(cr); \ - return _e_op##_createPartialR(cl, r.get()); \ + return partialR(cl, r.get()); \ } else if (ConstantExpr *cr = dyn_cast(r)) { \ - return _e_op##_createPartial(l.get(), cr); \ + return partialL(l.get(), cr); \ + } \ + return _e_op##_create(l.get(), r.get()); \ + } + +#define BCREATE_R_C(_e_op, _op, partialL, partialR, pointerL, pointerR) \ + ref _e_op ::create(const ref &l, const ref &r) { \ + assert(l->getWidth() == r->getWidth() && "type mismatch"); \ + if (SelectExpr *sel = dyn_cast(l)) { \ + if (isa(sel->trueExpr)) { \ + return SelectExpr::create(sel->cond, _e_op::create(sel->trueExpr, r), \ + _e_op::create(sel->falseExpr, r)); \ + } \ + } \ + if (SelectExpr *ser = dyn_cast(r)) { \ + if (isa(ser->trueExpr)) { \ + return SelectExpr::create(ser->cond, _e_op::create(l, ser->trueExpr), \ + _e_op::create(l, ser->falseExpr)); \ + } \ + } \ + if (PointerExpr *pl = dyn_cast(l)) { \ + if (PointerExpr *pr = dyn_cast(r)) \ + return pl->_op(pr); \ + return pointerR(pl, r.get()); \ + } else if (PointerExpr *pr = dyn_cast(r)) { \ + return pointerL(l.get(), pr); \ + } \ + if (ConstantExpr *cl = dyn_cast(l)) { \ + if (ConstantExpr *cr = dyn_cast(r)) \ + return cl->_op(cr); \ + return partialR(cl, r.get()); \ + } else if (ConstantExpr *cr = dyn_cast(r)) { \ + return partialL(l.get(), cr); \ + } \ + if (isa<_e_op>(l) && l->height() > r->height() + 1) { \ + if (l->getKid(0)->height() > l->getKid(1)->height()) { \ + return _e_op::create(l->getKid(0), _e_op::create(r, l->getKid(1))); \ + } else { \ + return _e_op::create(l->getKid(1), _e_op::create(r, l->getKid(0))); \ + } \ + } else if (isa<_e_op>(r) && r->height() > l->height() + 1) { \ + if (r->getKid(0)->height() > r->getKid(1)->height()) { \ + return _e_op::create(r->getKid(0), _e_op::create(l, r->getKid(1))); \ + } else { \ + return _e_op::create(r->getKid(1), _e_op::create(l, r->getKid(0))); \ + } \ } \ return _e_op##_create(l.get(), r.get()); \ } @@ -2156,18 +2421,31 @@ static ref AShrExpr_create(const ref &l, const ref &r) { _e_op::create(l, ser->falseExpr)); \ } \ } \ + if (PointerExpr *pl = dyn_cast(l)) { \ + if (PointerExpr *pr = dyn_cast(r)) \ + return pl->_op(pr); \ + return _e_op::create(pl->getValue(), r); \ + } else if (PointerExpr *pr = dyn_cast(r)) { \ + return _e_op::create(l, pr->getValue()); \ + } \ if (ConstantExpr *cl = dyn_cast(l)) \ if (ConstantExpr *cr = dyn_cast(r)) \ return cl->_op(cr); \ return _e_op##_create(l, r); \ } -BCREATE_R(AddExpr, Add, AddExpr_createPartial, AddExpr_createPartialR) -BCREATE_R(SubExpr, Sub, SubExpr_createPartial, SubExpr_createPartialR) -BCREATE_R(MulExpr, Mul, MulExpr_createPartial, MulExpr_createPartialR) -BCREATE_R(AndExpr, And, AndExpr_createPartial, AndExpr_createPartialR) -BCREATE_R(OrExpr, Or, OrExpr_createPartial, OrExpr_createPartialR) -BCREATE_R(XorExpr, Xor, XorExpr_createPartial, XorExpr_createPartialR) +BCREATE_R(AddExpr, Add, AddExpr_createPartial, AddExpr_createPartialR, + AddExpr_createPointer, AddExpr_createPointerR) +BCREATE_R(SubExpr, Sub, SubExpr_createPartial, SubExpr_createPartialR, + SubExpr_createPointer, SubExpr_createPointerR) +BCREATE_R_C(MulExpr, Mul, MulExpr_createPartial, MulExpr_createPartialR, + MulExpr_createPointer, MulExpr_createPointerR) +BCREATE_R_C(AndExpr, And, AndExpr_createPartial, AndExpr_createPartialR, + AndExpr_createPointer, AndExpr_createPointerR) +BCREATE_R_C(OrExpr, Or, OrExpr_createPartial, OrExpr_createPartialR, + OrExpr_createPointer, OrExpr_createPointerR) +BCREATE_R_C(XorExpr, Xor, XorExpr_createPartial, XorExpr_createPartialR, + XorExpr_createPointer, XorExpr_createPointerR) BCREATE(UDivExpr, UDiv) BCREATE(SDivExpr, SDiv) BCREATE(URemExpr, URem) @@ -2180,17 +2458,24 @@ BCREATE(AShrExpr, AShr) ref _e_op ::create(const ref &l, const ref &r) { \ assert(l->getWidth() == r->getWidth() && "type mismatch"); \ if (SelectExpr *sel = dyn_cast(l)) { \ - if (isa(sel->trueExpr)) { \ + if (isa(sel->trueExpr) && !isa(r)) { \ return SelectExpr::create(sel->cond, _e_op::create(sel->trueExpr, r), \ _e_op::create(sel->falseExpr, r)); \ } \ } \ if (SelectExpr *ser = dyn_cast(r)) { \ - if (isa(ser->trueExpr)) { \ + if (isa(ser->trueExpr) && !isa(l)) { \ return SelectExpr::create(ser->cond, _e_op::create(l, ser->trueExpr), \ _e_op::create(l, ser->falseExpr)); \ } \ } \ + if (PointerExpr *pl = dyn_cast(l)) { \ + if (PointerExpr *pr = dyn_cast(r)) \ + return pl->_op(pr); \ + return _e_op::create(pl->getValue(), r); \ + } else if (PointerExpr *pr = dyn_cast(r)) { \ + return _e_op::create(l, pr->getValue()); \ + } \ if (ConstantExpr *cl = dyn_cast(l)) \ if (ConstantExpr *cr = dyn_cast(r)) \ return cl->_op(cr); \ @@ -2201,17 +2486,24 @@ BCREATE(AShrExpr, AShr) ref _e_op ::create(const ref &l, const ref &r) { \ assert(l->getWidth() == r->getWidth() && "type mismatch"); \ if (SelectExpr *sel = dyn_cast(l)) { \ - if (isa(sel->trueExpr)) { \ + if (isa(sel->trueExpr) && !isa(r)) { \ return SelectExpr::create(sel->cond, _e_op::create(sel->trueExpr, r), \ _e_op::create(sel->falseExpr, r)); \ } \ } \ if (SelectExpr *ser = dyn_cast(r)) { \ - if (isa(ser->trueExpr)) { \ + if (isa(ser->trueExpr) && !isa(l)) { \ return SelectExpr::create(ser->cond, _e_op::create(l, ser->trueExpr), \ _e_op::create(l, ser->falseExpr)); \ } \ } \ + if (PointerExpr *pl = dyn_cast(l)) { \ + if (PointerExpr *pr = dyn_cast(r)) \ + return pl->_op(pr); \ + return _e_op::create(pl->getValue(), r); \ + } else if (PointerExpr *pr = dyn_cast(r)) { \ + return _e_op::create(l, pr->getValue()); \ + } \ if (ConstantExpr *cl = dyn_cast(l)) { \ if (ConstantExpr *cr = dyn_cast(r)) \ return cl->_op(cr); \ @@ -2291,10 +2583,10 @@ static ref TryConstArrayOpt(const ref &cl, ReadExpr *rd) { assert(arraySize); auto size = arraySize->getZExtValue(); ref res = ConstantExpr::alloc(0, Expr::Bool); - if (ref constantSource = + if (ConstantSource *constantSource = dyn_cast(rd->updates.root->source)) { for (unsigned i = 0, e = size; i != e; ++i) { - if (cl == constantSource->constantValues.load(i)) { + if (cl == constantSource->constantValues->load(i)) { // Arbitrary maximum on the size of disjunction. if (++numMatches > 100) return EqExpr_create(cl, rd); @@ -2427,6 +2719,8 @@ static ref UleExpr_create(const ref &l, const ref &r) { return OrExpr::create(Expr::createIsZero(l), r); } else if (r->isZero()) { return EqExpr::create(l, r); + } else if (l->isZero()) { + return Expr::createTrue(); } else { return UleExpr::alloc(l, r); } @@ -2567,3 +2861,136 @@ ref IsSubnormalExpr::either(const ref &e0, const ref &e1) { return OrExpr::create(IsSubnormalExpr::create(e0), IsSubnormalExpr::create(e1)); } + +/***/ + +ref PointerExpr::create(const ref &b, const ref &v) { + assert(!isa(b)); + assert(!isa(v)); + if (isa(b) && isa(v)) { + return ConstantPointerExpr::create(cast(b), + cast(v)); + } else { + return PointerExpr::alloc(b, v); + } +} + +ref PointerExpr::createSymbolic(const ref &expr, + const ref &read, + const ref &off) { + ref pointer; + auto updates = read->updates; + if (isa(updates.root->source)) { + pointer = PointerExpr::create(expr, expr); + } else { + auto baseArray = Array::create( + ConstantExpr::create(expr->getWidth() / CHAR_BIT, expr->getWidth()), + SourceBuilder::lazyInitializationAddress(expr)); + ref baseExpr = Expr::createTempRead( + baseArray, expr->getWidth(), SubExpr::create(read->index, off)); + pointer = PointerExpr::create(baseExpr, expr); + } + return pointer; +} + +ref PointerExpr::create(const ref &expr) { + ref pointer; + auto read = expr->hasOrderedReads(); + if (auto *p = dyn_cast(expr)) { + pointer = p; + } else if (auto *se = dyn_cast(expr)) { + pointer = cast( + SelectExpr::create(se->cond, PointerExpr::create(se->trueExpr), + PointerExpr::create(se->falseExpr))); + } else if (read && read->updates.root->isSymbolicArray() && + read->updates.root->getSize()->getWidth() == expr->getWidth() && + read->updates.getSize() == 0) { + pointer = PointerExpr::createSymbolic(expr, read, read->index); + } else { + pointer = PointerExpr::create(expr, expr); + } + return pointer; +} + +ref ConstantPointerExpr::create(const ref &b, + const ref &v) { + assert(!isa(b)); + assert(!isa(v)); + return ConstantPointerExpr::alloc(b, v); +} + +#define BCREATE_P(_e_op, _op) \ + ref PointerExpr::_op(const ref &RHS) { \ + assert(getWidth() == RHS->getWidth() && "type mismatch"); \ + if (!isKnownValue()) { \ + if (!RHS->isKnownValue()) { \ + return _e_op::create(getValue(), RHS->getValue()); \ + } else { \ + return PointerExpr::create( \ + getBase(), _e_op::create(getValue(), RHS->getValue())); \ + } \ + } else if (!RHS->isKnownValue()) { \ + return PointerExpr::create(RHS->getBase(), \ + _e_op::create(getValue(), RHS->getValue())); \ + } else { \ + return _e_op::create(getValue(), RHS->getValue()); \ + } \ + } + +BCREATE_P(AddExpr, Add) +BCREATE_P(SubExpr, Sub) +BCREATE_P(MulExpr, Mul) +BCREATE_P(UDivExpr, UDiv) +BCREATE_P(SDivExpr, SDiv) +BCREATE_P(URemExpr, URem) +BCREATE_P(SRemExpr, SRem) +BCREATE_P(AndExpr, And) +BCREATE_P(OrExpr, Or) +BCREATE_P(XorExpr, Xor) +BCREATE_P(ShlExpr, Shl) +BCREATE_P(LShrExpr, LShr) +BCREATE_P(AShrExpr, AShr) + +ref PointerExpr::Not() { + return PointerExpr::create(getBase(), NotExpr::create(getValue())); +} + +ref PointerExpr::Eq(const ref &RHS) { + ref areValuesEq = EqExpr::create(getValue(), RHS->getValue()); + ref areBasesEq = EqExpr::create(getBase(), RHS->getBase()); + + if (!isKnownValue() && !RHS->isKnownValue()) { + return AndExpr::create(areValuesEq, areBasesEq); + } + + return areValuesEq; +} + +ref PointerExpr::Ne(const ref &RHS) { + return Expr::createIsZero(Eq(RHS)); +} + +ref PointerExpr::Ult(const ref &RHS) { + return UltExpr::create(getValue(), RHS->getValue()); +} +ref PointerExpr::Ule(const ref &RHS) { + return UleExpr::create(getValue(), RHS->getValue()); +} +ref PointerExpr::Ugt(const ref &RHS) { + return RHS->Ult(this); +} +ref PointerExpr::Uge(const ref &RHS) { + return RHS->Ule(this); +} +ref PointerExpr::Slt(const ref &RHS) { + return SltExpr::create(getValue(), RHS->getValue()); +} +ref PointerExpr::Sle(const ref &RHS) { + return SleExpr::create(getValue(), RHS->getValue()); +} +ref PointerExpr::Sgt(const ref &RHS) { + return RHS->Slt(this); +} +ref PointerExpr::Sge(const ref &RHS) { + return RHS->Sle(this); +} diff --git a/lib/Expr/ExprBuilder.cpp b/lib/Expr/ExprBuilder.cpp index 385289ab20..5a99d41734 100644 --- a/lib/Expr/ExprBuilder.cpp +++ b/lib/Expr/ExprBuilder.cpp @@ -144,6 +144,10 @@ class DefaultExprBuilder : public ExprBuilder { virtual ref Sge(const ref &LHS, const ref &RHS) { return SgeExpr::alloc(LHS, RHS); } + + virtual ref Pointer(const ref &Base, const ref &Value) { + return PointerExpr::create(Base, Value); + } }; /// ChainedBuilder - Helper class for construct specialized expression @@ -287,6 +291,10 @@ class ChainedBuilder { ref Sge(const ref &LHS, const ref &RHS) { return Base->Sge(LHS, RHS); } + + ref Pointer(const ref &LHS, const ref &RHS) { + return Base->Pointer(LHS, RHS); + } }; /// ConstantSpecializedExprBuilder - A base expression builder class which @@ -332,6 +340,10 @@ class ConstantSpecializedExprBuilder : public ExprBuilder { return Builder.Select(cast(Cond), LHS, RHS); } + virtual ref Pointer(const ref &Base, const ref &Value) { + return Builder.Pointer(Base, Value); + } + virtual ref Concat(const ref &LHS, const ref &RHS) { if (ConstantExpr *LCE = dyn_cast(LHS)) { if (ConstantExpr *RCE = dyn_cast(RHS)) diff --git a/lib/Expr/ExprEvaluator.cpp b/lib/Expr/ExprEvaluator.cpp index 418640769a..a7003aee3f 100644 --- a/lib/Expr/ExprEvaluator.cpp +++ b/lib/Expr/ExprEvaluator.cpp @@ -32,7 +32,7 @@ ExprVisitor::Action ExprEvaluator::evalRead(const UpdateList &ul, if (ref constantSource = dyn_cast(ul.root->source)) { - if (auto value = constantSource->constantValues.load(index)) { + if (auto value = constantSource->constantValues->load(index)) { return Action::changeTo(value); } } diff --git a/lib/Expr/ExprPPrinter.cpp b/lib/Expr/ExprPPrinter.cpp index 83c6e0b782..035eaa3a56 100644 --- a/lib/Expr/ExprPPrinter.cpp +++ b/lib/Expr/ExprPPrinter.cpp @@ -248,53 +248,6 @@ class PPrinter : public ExprPPrinter { return SubExpr::create(re->index, base->index) == offset; } - /// hasOrderedReads: \arg e must be a ConcatExpr, \arg stride must - /// be 1 or -1. - /// - /// If all children of this Concat are reads or concats of reads - /// with consecutive offsets according to the given \arg stride, it - /// returns the base ReadExpr according to \arg stride: first Read - /// for 1 (MSB), last Read for -1 (LSB). Otherwise, it returns - /// null. - const ReadExpr *hasOrderedReads(ref e, int stride) { - assert(e->getKind() == Expr::Concat); - assert(stride == 1 || stride == -1); - - const ReadExpr *base = dyn_cast(e->getKid(0)); - - // right now, all Reads are byte reads but some - // transformations might change this - if (!base || base->getWidth() != Expr::Int8) { - return NULL; - } - - // Get stride expr in proper index width. - Expr::Width idxWidth = base->index->getWidth(); - ref strideExpr = ConstantExpr::alloc(stride, idxWidth); - ref offset = ConstantExpr::create(0, idxWidth); - - e = e->getKid(1); - - // concat chains are unbalanced to the right - while (e->getKind() == Expr::Concat) { - offset = AddExpr::create(offset, strideExpr); - if (!isReadExprAtOffset(e->getKid(0), base, offset)) { - return NULL; - } - - e = e->getKid(1); - } - - offset = AddExpr::create(offset, strideExpr); - if (!isReadExprAtOffset(e, base, offset)) - return NULL; - - if (stride == -1) - return cast(e.get()); - else - return base; - } - #if 0 /// hasAllByteReads - True iff all children are byte level reads or /// concats of byte level reads. @@ -387,7 +340,7 @@ class PPrinter : public ExprPPrinter { PC << source->getName() << " "; if (auto s = dyn_cast(source)) { - s->constantValues.print(PC.getStream(), Density::Sparse); + s->constantValues->print(PC.getStream(), Density::Sparse); } else if (auto s = dyn_cast(source)) { PC << s->version << " "; switch (s->allocSite->getKind()) { @@ -489,15 +442,15 @@ class PPrinter : public ExprPPrinter { // or they are (base + offset) and base will get printed with // a declaration. if (PCMultibyteReads && e->getKind() == Expr::Concat) { - const ReadExpr *base = hasOrderedReads(e, -1); - const bool isLSB = (base != nullptr); + ref base = e->hasOrderedReads(false); + const bool isLSB = (!base.isNull()); if (!isLSB) - base = hasOrderedReads(e, 1); + base = e->hasOrderedReads(true); if (base) { PC << "(Read" << (isLSB ? "LSB" : "MSB"); printWidth(PC, e); PC << ' '; - printRead(base, PC, PC.pos); + printRead(base.get(), PC, PC.pos); PC << ')'; return; } diff --git a/lib/Expr/ExprSMTLIBPrinter.cpp b/lib/Expr/ExprSMTLIBPrinter.cpp index ea0315ce4e..54ab84c139 100644 --- a/lib/Expr/ExprSMTLIBPrinter.cpp +++ b/lib/Expr/ExprSMTLIBPrinter.cpp @@ -411,6 +411,12 @@ void ExprSMTLIBPrinter::printAShrExpr(const ref &e) { const char *ExprSMTLIBPrinter::getSMTLIBKeyword(const ref &e) { switch (e->getKind()) { + case Expr::Pointer: + case Expr::ConstantPointer: { + PointerExpr *pe = cast(e); + return getSMTLIBKeyword(pe->getValue()); + } + case Expr::Read: return "select"; case Expr::Select: @@ -598,14 +604,11 @@ void ExprSMTLIBPrinter::printArrayDeclarations() { for (std::vector::iterator it = sortedArrays.begin(); it != sortedArrays.end(); it++) { array = *it; - if (array->isConstantArray()) { + if (array->isConstantArray() && isa(array->size)) { /*loop over elements in the array and generate an assert statement for each one */ - uint64_t size = - cast( - query->constraints.concretization().evaluate(array->size)) - ->getZExtValue(); + uint64_t size = cast(array->size)->getZExtValue(); for (uint64_t byteIndex = 0; byteIndex < size; ++byteIndex) { *p << "(assert ("; p->pushIndent(); @@ -618,7 +621,7 @@ void ExprSMTLIBPrinter::printArrayDeclarations() { printSeperator(); auto source = dyn_cast(array->source); - printConstant(source->constantValues.load(byteIndex)); + printConstant(source->constantValues->load(byteIndex)); p->popIndent(); printSeperator(); @@ -694,8 +697,8 @@ void ExprSMTLIBPrinter::printAction() { it != arraysToCallGetValueOn->end(); it++) { theArray = *it; // Loop over the array indices - ref arrayConstantSize = dyn_cast( - query->constraints.concretization().evaluate(theArray->size)); + ref arrayConstantSize = + dyn_cast(theArray->size); if (!arrayConstantSize) { klee_warning( "Query for %s can not be printed as it has non-conretized " diff --git a/lib/Expr/ExprUtil.cpp b/lib/Expr/ExprUtil.cpp index 518e922dc8..49fad5ff4b 100644 --- a/lib/Expr/ExprUtil.cpp +++ b/lib/Expr/ExprUtil.cpp @@ -94,6 +94,79 @@ void klee::findReads(ref e, bool visitUpdates, } } +void klee::findSymbolicPointers(ref e, bool visitUpdates, + ExprHashSet &results, Expr::Width width) { + // Invariant: \forall_{i \in stack} !i.isConstant() && i \in visited + std::vector> stack; + ExprHashSet visited; + std::set updates; + + if (!isa(e)) { + visited.insert(e); + stack.push_back(e); + } + + while (!stack.empty()) { + ref top = stack.back(); + stack.pop_back(); + + if (ReadExpr *re = dyn_cast(top)) { + if (!isa(re->index) && visited.insert(re->index).second) + stack.push_back(re->index); + + if (!isa(re->updates.root->getSize()) && + visited.insert(re->updates.root->getSize()).second) { + stack.push_back(re->updates.root->getSize()); + } + + if (isa(re->updates.root->source) && + visited + .insert(cast(re->updates.root->source) + ->pointer) + .second) { + stack.push_back( + cast(re->updates.root->source)->pointer); + } + + if (visitUpdates) { + // XXX this is probably suboptimal. We want to avoid a potential + // explosion traversing update lists which can be quite + // long. However, it seems silly to hash all of the update nodes + // especially since we memoize all the expr results anyway. So + // we take a simple approach of memoizing the results for the + // head, which often will be shared among multiple nodes. + if (updates.insert(re->updates.head.get()).second) { + for (const auto *un = re->updates.head.get(); un; + un = un->next.get()) { + if (!isa(un->index) && + visited.insert(un->index).second) + stack.push_back(un->index); + if (!isa(un->value) && + visited.insert(un->value).second) + stack.push_back(un->value); + } + } + } + } + + if (top->getWidth() == width && top->hasOrderedReads()) { + // We memoized so can just add to list without worrying about + // repeats. + results.insert(top); + ref k = top->hasOrderedReads(); + if (visited.insert(k).second) + stack.push_back(k); + } else if (!isa(top)) { + Expr *e = top.get(); + for (unsigned i = 0; i < e->getNumKids(); i++) { + ref k = e->getKid(i); + if (!isa(k) && visited.insert(k).second) + stack.push_back(k); + } + } + } +} + /// namespace klee { diff --git a/lib/Expr/ExprVisitor.cpp b/lib/Expr/ExprVisitor.cpp index e33219d20f..6a564db1f1 100644 --- a/lib/Expr/ExprVisitor.cpp +++ b/lib/Expr/ExprVisitor.cpp @@ -31,13 +31,13 @@ ref ExprVisitor::visit(const ref &e) { if (!UseVisitorHash || isa(e)) { return visitActual(e); } else { - visited_ty::iterator it = visited.find(e); + auto result = visited.get(e); - if (it != visited.end()) { - return it->second; + if (result.second) { + return result.first; } else { ref res = visitActual(e); - visited.insert(std::make_pair(e, res)); + visited.add({e, res}); return res; } } @@ -232,6 +232,12 @@ ref ExprVisitor::visitActual(const ref &e) { case Expr::FNeg: res = visitFNeg(static_cast(ep)); break; + case Expr::Pointer: + res = visitPointer(static_cast(ep)); + break; + case Expr::ConstantPointer: + res = visitConstantPointer(static_cast(ep)); + break; case Expr::Constant: default: assert(0 && "invalid expression kind"); @@ -293,7 +299,6 @@ ExprVisitor::Action ExprVisitor::visitSelect(const SelectExpr &) { ExprVisitor::Action ExprVisitor::visitConcat(const ConcatExpr &) { return Action::doChildren(); } - ExprVisitor::Action ExprVisitor::visitExtract(const ExtractExpr &) { return Action::doChildren(); } @@ -505,3 +510,12 @@ ExprVisitor::Action ExprVisitor::visitFMax(const FMaxExpr &) { ExprVisitor::Action ExprVisitor::visitFMin(const FMinExpr &) { return Action::doChildren(); } + +ExprVisitor::Action ExprVisitor::visitPointer(const PointerExpr &) { + return Action::doChildren(); +} + +ExprVisitor::Action +ExprVisitor::visitConstantPointer(const ConstantPointerExpr &) { + return Action::doChildren(); +} diff --git a/lib/Expr/IndependentConstraintSetUnion.cpp b/lib/Expr/IndependentConstraintSetUnion.cpp index ba0b57026c..b396a567fd 100644 --- a/lib/Expr/IndependentConstraintSetUnion.cpp +++ b/lib/Expr/IndependentConstraintSetUnion.cpp @@ -74,7 +74,7 @@ void IndependentConstraintSetUnion::removeConcretization( } } -void IndependentConstraintSetUnion::calculateUpdateConcretizationQueue() { +void IndependentConstraintSetUnion::flushConcretization() { for (auto &e : roots) { ref ics = disjointSets.at(e); Assignment part = updateQueue.part(ics->getSymcretes()); @@ -84,9 +84,6 @@ void IndependentConstraintSetUnion::calculateUpdateConcretizationQueue() { for (auto &it : updateQueue.bindings) { concretization.bindings.replace({it.first, it.second}); } -} - -void IndependentConstraintSetUnion::calculateRemoveConcretizationQueue() { for (auto &e : roots) { ref ics = disjointSets.at(e); Assignment part = removeQueue.part(ics->getSymcretes()); @@ -96,6 +93,8 @@ void IndependentConstraintSetUnion::calculateRemoveConcretizationQueue() { for (auto &it : removeQueue.bindings) { concretization.bindings.remove(it.first); } + removeQueue.bindings = Assignment::bindings_ty(); + updateQueue.bindings = Assignment::bindings_ty(); } void IndependentConstraintSetUnion::reEvaluateConcretization( @@ -115,7 +114,7 @@ void IndependentConstraintSetUnion::reEvaluateConcretization( void IndependentConstraintSetUnion::getAllIndependentConstraintSets( ref e, std::vector> &result) { - calculateQueue(); + flushConstraints(); ref compare = new IndependentConstraintSet(new ExprOrSymcrete::left(e)); for (auto &r : roots) { @@ -128,7 +127,7 @@ void IndependentConstraintSetUnion::getAllIndependentConstraintSets( void IndependentConstraintSetUnion::getAllDependentConstraintSets( ref e, std::vector> &result) { - calculateQueue(); + flushConstraints(); ref compare = new IndependentConstraintSet(new ExprOrSymcrete::left(e)); for (auto &r : roots) { @@ -149,7 +148,8 @@ void IndependentConstraintSetUnion::addSymcrete(ref s) { IndependentConstraintSetUnion IndependentConstraintSetUnion::getConcretizedVersion() { - calculateQueue(); + flushConcretization(); + flushConstraints(); IndependentConstraintSetUnion icsu; for (auto &i : roots) { ref root = disjointSets.at(i); @@ -158,29 +158,29 @@ IndependentConstraintSetUnion::getConcretizedVersion() { icsu.addExpr(expr); } } else { - root->concretizedSets->calculateQueue(); + root->concretizedSets->flushConcretization(); + root->concretizedSets->flushConstraints(); icsu.add(*root->concretizedSets.get()); } icsu.concretization.addIndependentAssignment(root->concretization); } icsu.concretizedExprs = concretizedExprs; - icsu.calculateQueue(); + icsu.flushConcretization(); + icsu.flushConstraints(); return icsu; } IndependentConstraintSetUnion IndependentConstraintSetUnion::getConcretizedVersion( const Assignment &newConcretization) { - calculateQueue(); + flushConcretization(); + flushConstraints(); IndependentConstraintSetUnion icsu = *this; icsu.reEvaluateConcretization(newConcretization); - icsu.calculateQueue(); return icsu.getConcretizedVersion(); } -void IndependentConstraintSetUnion::calculateQueue() { - calculateUpdateConcretizationQueue(); - calculateRemoveConcretizationQueue(); +void IndependentConstraintSetUnion::flushConstraints() { while (!constraintQueue.empty()) { auto constraint = constraintQueue[constraintQueue.size() - 1]; if (auto expr = dyn_cast(constraint)) { @@ -193,13 +193,5 @@ void IndependentConstraintSetUnion::calculateQueue() { addValue(constraint); constraintQueue.pop_back(); } - calculateUpdateConcretizationQueue(); - calculateRemoveConcretizationQueue(); - // Calculations are done twice for constraints already in dsu and for newly - // added constraints. Because IndependentSet update and remove concretization - // functions work only with difference between new and old concretization, no - // extra work is done - removeQueue.bindings = Assignment::bindings_ty(); - updateQueue.bindings = Assignment::bindings_ty(); } } // namespace klee diff --git a/lib/Expr/IndependentSet.cpp b/lib/Expr/IndependentSet.cpp index 9ff427baf7..74a8aad3ef 100644 --- a/lib/Expr/IndependentSet.cpp +++ b/lib/Expr/IndependentSet.cpp @@ -79,11 +79,11 @@ IndependentConstraintSet::removeConcretization( void IndependentConstraintSet::addValuesToAssignment( const std::vector &objects, - const std::vector> &values, + const std::vector> &values, Assignment &assign) const { for (unsigned i = 0; i < objects.size(); i++) { if (assign.bindings.count(objects[i])) { - SparseStorage value = assign.bindings.at(objects[i]); + SparseStorageImpl value = assign.bindings.at(objects[i]); DenseSet ds = (elements.find(objects[i]))->second; for (std::set::iterator it2 = ds.begin(); it2 != ds.end(); it2++) { @@ -97,9 +97,12 @@ void IndependentConstraintSet::addValuesToAssignment( } } -IndependentConstraintSet::IndependentConstraintSet() {} +IndependentConstraintSet::IndependentConstraintSet() { + concretizedSets.reset(new InnerSetUnion()); +} IndependentConstraintSet::IndependentConstraintSet(ref v) { + concretizedSets.reset(new InnerSetUnion()); if (isa(v)) { initIndependentConstraintSet(cast(v)->value()); } else { @@ -328,6 +331,8 @@ IndependentConstraintSet::merge(ref A, b->addValuesToAssignment(b->concretization.keys(), b->concretization.values(), a->concretization); + a->concretizedSets->add(*b->concretizedSets.get()); + if (!a->concretization.bindings.empty()) { InnerSetUnion DSU; for (ref i : a->exprs) { diff --git a/lib/Expr/Parser.cpp b/lib/Expr/Parser.cpp index 956f1fb876..524a1265bc 100644 --- a/lib/Expr/Parser.cpp +++ b/lib/Expr/Parser.cpp @@ -8,7 +8,6 @@ //===----------------------------------------------------------------------===// #include "klee/Expr/Parser/Parser.h" -#include "klee/Expr/ArrayCache.h" #include "klee/Expr/Constraints.h" #include "klee/Expr/Expr.h" #include "klee/Expr/ExprBuilder.h" @@ -114,9 +113,7 @@ class ParserImpl : public Parser { const std::string Filename; const llvm::MemoryBuffer *TheMemoryBuffer; ExprBuilder *Builder; - ArrayCache *TheArrayCache; KModule *km; - bool ownArrayCache; bool ClearArrayAfterQuery; Lexer TheLexer; @@ -280,8 +277,6 @@ class ParserImpl : public Parser { } } - ArrayCache &getArrayCache() { return *TheArrayCache; } - /*** Grammar productions ****/ /* Top level decls */ @@ -345,20 +340,13 @@ class ParserImpl : public Parser { ExprBuilder *_Builder, bool _ClearArrayAfterQuery) : Filename(_Filename), TheMemoryBuffer(MB), Builder(_Builder), ClearArrayAfterQuery(_ClearArrayAfterQuery), TheLexer(MB), - MaxErrors(~0u), NumErrors(0) { - TheArrayCache = new ArrayCache(); - ownArrayCache = true; - } + MaxErrors(~0u), NumErrors(0) {} ParserImpl(const std::string _Filename, const llvm::MemoryBuffer *MB, - ExprBuilder *_Builder, ArrayCache *_TheArrayCache, KModule *km, - bool _ClearArrayAfterQuery) + ExprBuilder *_Builder, KModule *km, bool _ClearArrayAfterQuery) : Filename(_Filename), TheMemoryBuffer(MB), Builder(_Builder), - TheArrayCache(_TheArrayCache), km(km ? km : 0), - ClearArrayAfterQuery(_ClearArrayAfterQuery), TheLexer(MB), - MaxErrors(~0u), NumErrors(0) { - ownArrayCache = false; - } + km(km ? km : 0), ClearArrayAfterQuery(_ClearArrayAfterQuery), + TheLexer(MB), MaxErrors(~0u), NumErrors(0) {} virtual ~ParserImpl(); @@ -462,7 +450,7 @@ DeclResult ParserImpl::ParseArrayDecl() { auto domain = DomainType.get(); auto range = RangeType.get(); - auto array = TheArrayCache->CreateArray(size, source, domain, range); + auto array = Array::create(size, source, domain, range); // auto IDExpr = ParseNumberToken(64, ID).get(); // assert(isa(IDExpr)); @@ -569,8 +557,8 @@ SourceResult ParserImpl::ParseConstantSource() { ConsumeExpectedToken(Token::KWNull); } - SparseStorage> Values(storage, defaultValue); - return SourceBuilder::constant(Values); + SparseStorageImpl> Values(storage, defaultValue); + return SourceBuilder::constant(Values.clone()); } SourceResult ParserImpl::ParseSymbolicSizeConstantAddressSource() { @@ -1025,6 +1013,8 @@ static bool LookupExprInfo(const Token &Tok, unsigned &Kind, bool &IsFixed, return SetOK(eMacroKind_ReadLSB, true, -1); if (memcmp(Tok.start, "ReadMSB", 7) == 0) return SetOK(eMacroKind_ReadMSB, true, -1); + if (memcmp(Tok.start, "Pointer", 7) == 0) + return SetOK(Expr::Pointer, true, 2); break; } @@ -1248,6 +1238,10 @@ ExprResult ParserImpl::ParseBinaryParenExpr(const Token &Name, unsigned Kind, } switch (Kind) { + case Expr::Pointer: + case Expr::ConstantPointer: + return Builder->Pointer(LHS_E, RHS_E); + case Expr::Add: return Builder->Add(LHS_E, RHS_E); case Expr::Sub: @@ -1471,10 +1465,9 @@ VersionResult ParserImpl::ParseVersionSpecifier() { // Define update list to avoid use-of-undef errors. if (!Res.isValid()) { // FIXME: I'm not sure if this is right. Do we need a unique array here? - Res = VersionResult(true, - UpdateList(TheArrayCache->CreateArray( - 0, SourceBuilder::makeSymbolic("", 0)), - NULL)); + Res = VersionResult( + true, + UpdateList(Array::create(0, SourceBuilder::makeSymbolic("", 0)), NULL)); } if (Label) @@ -1750,10 +1743,6 @@ ParserImpl::~ParserImpl() { if (freedNodes.insert(id).second) delete id; } - - if (ownArrayCache) { - delete TheArrayCache; - } } // AST API @@ -1800,10 +1789,10 @@ Parser *Parser::Create(const std::string Filename, const llvm::MemoryBuffer *MB, } Parser *Parser::Create(const std::string Filename, const llvm::MemoryBuffer *MB, - ExprBuilder *Builder, ArrayCache *TheArrayCache, - KModule *km, bool ClearArrayAfterQuery) { - ParserImpl *P = new ParserImpl(Filename, MB, Builder, TheArrayCache, km, - ClearArrayAfterQuery); + ExprBuilder *Builder, KModule *km, + bool ClearArrayAfterQuery) { + ParserImpl *P = + new ParserImpl(Filename, MB, Builder, km, ClearArrayAfterQuery); P->Initialize(); return P; } diff --git a/lib/Expr/Path.cpp b/lib/Expr/Path.cpp index e3be1e0d25..af5b2f8705 100644 --- a/lib/Expr/Path.cpp +++ b/lib/Expr/Path.cpp @@ -150,8 +150,7 @@ Path Path::parse(const std::string &str, const KModule &km) { Path::TransitionKind Path::getTransitionKind(KBlock *a, KBlock *b) { if (auto cb = dyn_cast(a)) { - if (cb->calledFunctions.count(b->parent->function()) && - b == b->parent->entryKBlock) { + if (cb->calledFunctions.count(b->parent) && b == b->parent->entryKBlock) { return TransitionKind::StepInto; } } diff --git a/lib/Expr/SourceBuilder.cpp b/lib/Expr/SourceBuilder.cpp index 47f5fdd823..383ed3287e 100644 --- a/lib/Expr/SourceBuilder.cpp +++ b/lib/Expr/SourceBuilder.cpp @@ -9,7 +9,7 @@ using namespace klee; ref -SourceBuilder::constant(SparseStorage> constantValues) { +SourceBuilder::constant(SparseStorage> *constantValues) { ref r(new ConstantSource(constantValues)); r->computeHash(); return r; diff --git a/lib/Expr/SymbolicSource.cpp b/lib/Expr/SymbolicSource.cpp index a1ea9a0de0..83e28a9d24 100644 --- a/lib/Expr/SymbolicSource.cpp +++ b/lib/Expr/SymbolicSource.cpp @@ -46,8 +46,8 @@ std::set LazyInitializationSource::getRelatedArrays() const { } unsigned ConstantSource::computeHash() { - auto defaultV = constantValues.defaultV(); - auto ordered = constantValues.calculateOrderedStorage(); + auto defaultV = constantValues->defaultV(); + auto ordered = constantValues->calculateOrderedStorage(); unsigned res = (getKind() * SymbolicSource::MAGIC_HASH_CONSTANT) + (defaultV ? defaultV->hash() : 0); diff --git a/lib/Module/Annotation.cpp b/lib/Module/Annotation.cpp index bfc4b2abf4..c4e5173410 100644 --- a/lib/Module/Annotation.cpp +++ b/lib/Module/Annotation.cpp @@ -9,8 +9,15 @@ #include "klee/Module/Annotation.h" #include "klee/Support/ErrorHandling.h" -#include +#include "klee/Support/CompilerWarning.h" +DISABLE_WARNING_PUSH +DISABLE_WARNING_DEPRECATED_DECLARATIONS #include +DISABLE_WARNING_POP + +#include "nlohmann/json.hpp" + +#include namespace klee { diff --git a/lib/Module/CodeGraphInfo.cpp b/lib/Module/CodeGraphInfo.cpp index b57fde6c95..b2c4393983 100644 --- a/lib/Module/CodeGraphInfo.cpp +++ b/lib/Module/CodeGraphInfo.cpp @@ -8,6 +8,7 @@ //===----------------------------------------------------------------------===// #include "klee/Module/CodeGraphInfo.h" +#include "klee/Module/KModule.h" #include "klee/Module/KModule.h" @@ -22,17 +23,17 @@ DISABLE_WARNING_POP using namespace klee; -void CodeGraphInfo::calculateDistance(Block *bb) { +void CodeGraphInfo::calculateDistance(KBlock *bb) { auto &dist = blockDistance[bb]; auto &sort = blockSortedDistance[bb]; - std::deque nodes; + std::deque nodes; nodes.push_back(bb); dist[bb] = 0; sort.push_back({bb, 0}); bool hasCycle = false; for (; !nodes.empty(); nodes.pop_front()) { auto currBB = nodes.front(); - for (auto succ : successors(currBB)) { + for (auto succ : currBB->successors()) { if (succ == bb) { hasCycle = true; continue; @@ -49,16 +50,16 @@ void CodeGraphInfo::calculateDistance(Block *bb) { blockCycles.insert(bb); } -void CodeGraphInfo::calculateBackwardDistance(Block *bb) { +void CodeGraphInfo::calculateBackwardDistance(KBlock *bb) { auto &bdist = blockBackwardDistance[bb]; auto &bsort = blockSortedBackwardDistance[bb]; - std::deque nodes; + std::deque nodes; nodes.push_back(bb); bdist[bb] = 0; bsort.push_back({bb, 0}); while (!nodes.empty()) { auto currBB = nodes.front(); - for (auto const &pred : predecessors(currBB)) { + for (auto const &pred : currBB->predecessors()) { if (bdist.count(pred) == 0) { bdist[pred] = bdist[currBB] + 1; bsort.push_back({pred, bdist[currBB] + 1}); @@ -70,26 +71,23 @@ void CodeGraphInfo::calculateBackwardDistance(Block *bb) { } void CodeGraphInfo::calculateDistance(KFunction *kf) { - auto f = kf->function(); - auto &functionMap = kf->parent->functionMap; - auto &dist = functionDistance[f]; - auto &sort = functionSortedDistance[f]; + auto &dist = functionDistance[kf]; + auto &sort = functionSortedDistance[kf]; std::deque nodes; nodes.push_back(kf); - dist[f] = 0; - sort.push_back({f, 0}); + dist[kf] = 0; + sort.push_back({kf, 0}); while (!nodes.empty()) { auto currKF = nodes.front(); for (auto callBlock : currKF->kCallBlocks) { for (auto calledFunction : callBlock->calledFunctions) { - if (!calledFunction || calledFunction->isDeclaration()) + if (!calledFunction || calledFunction->function()->isDeclaration()) continue; if (dist.count(calledFunction) == 0) { - auto d = dist[currKF->function()] + 1; + auto d = dist[currKF] + 1; dist[calledFunction] = d; sort.emplace_back(calledFunction, d); - auto callKF = functionMap[calledFunction]; - nodes.push_back(callKF); + nodes.push_back(calledFunction); } } } @@ -98,17 +96,16 @@ void CodeGraphInfo::calculateDistance(KFunction *kf) { } void CodeGraphInfo::calculateBackwardDistance(KFunction *kf) { - auto f = kf->function(); auto &callMap = kf->parent->callMap; - auto &bdist = functionBackwardDistance[f]; - auto &bsort = functionSortedBackwardDistance[f]; - std::deque nodes = {f}; - bdist[f] = 0; - bsort.emplace_back(f, 0); + auto &bdist = functionBackwardDistance[kf]; + auto &bsort = functionSortedBackwardDistance[kf]; + std::deque nodes = {kf}; + bdist[kf] = 0; + bsort.emplace_back(kf, 0); for (; !nodes.empty(); nodes.pop_front()) { auto currKF = nodes.front(); for (auto cf : callMap[currKF]) { - if (cf->isDeclaration()) + if (cf->function()->isDeclaration()) continue; auto it = bdist.find(cf); if (it == bdist.end()) { @@ -122,7 +119,7 @@ void CodeGraphInfo::calculateBackwardDistance(KFunction *kf) { } void CodeGraphInfo::calculateFunctionBranches(KFunction *kf) { - std::map> &fbranches = functionBranches[kf]; + KBlockMap> &fbranches = functionBranches[kf]; for (auto &kb : kf->blocks) { fbranches[kb.get()]; if (!isa(kb.get())) { @@ -135,8 +132,7 @@ void CodeGraphInfo::calculateFunctionBranches(KFunction *kf) { } } void CodeGraphInfo::calculateFunctionConditionalBranches(KFunction *kf) { - std::map> &fbranches = - functionConditionalBranches[kf]; + KBlockMap> &fbranches = functionConditionalBranches[kf]; for (auto &kb : kf->blocks) { if (kb->basicBlock()->getTerminator()->getNumSuccessors() > 1) { fbranches[kb.get()]; @@ -149,53 +145,46 @@ void CodeGraphInfo::calculateFunctionConditionalBranches(KFunction *kf) { } } void CodeGraphInfo::calculateFunctionBlocks(KFunction *kf) { - std::map> &fbranches = functionBlocks[kf]; + KBlockMap> &fbranches = functionBlocks[kf]; for (auto &kb : kf->blocks) { fbranches[kb.get()]; } } -const BlockDistanceMap &CodeGraphInfo::getDistance(Block *b) { +const BlockDistanceMap &CodeGraphInfo::getDistance(KBlock *b) { if (blockDistance.count(b) == 0) calculateDistance(b); return blockDistance.at(b); } bool CodeGraphInfo::hasCycle(KBlock *kb) { - auto b = kb->basicBlock(); - if (!blockDistance.count(b)) - calculateDistance(b); - return blockCycles.count(b); -} - -const BlockDistanceMap &CodeGraphInfo::getDistance(KBlock *kb) { - return getDistance(kb->basicBlock()); + if (!blockDistance.count(kb)) + calculateDistance(kb); + return blockCycles.count(kb); } const BlockDistanceMap &CodeGraphInfo::getBackwardDistance(KBlock *kb) { - if (blockBackwardDistance.count(kb->basicBlock()) == 0) - calculateBackwardDistance(kb->basicBlock()); - return blockBackwardDistance.at(kb->basicBlock()); + if (blockBackwardDistance.count(kb) == 0) + calculateBackwardDistance(kb); + return blockBackwardDistance.at(kb); } const FunctionDistanceMap &CodeGraphInfo::getDistance(KFunction *kf) { - auto f = kf->function(); - if (functionDistance.count(f) == 0) + if (functionDistance.count(kf) == 0) calculateDistance(kf); - return functionDistance.at(f); + return functionDistance.at(kf); } const FunctionDistanceMap &CodeGraphInfo::getBackwardDistance(KFunction *kf) { - auto f = kf->function(); - if (functionBackwardDistance.count(f) == 0) + if (functionBackwardDistance.count(kf) == 0) calculateBackwardDistance(kf); - return functionBackwardDistance.at(f); + return functionBackwardDistance.at(kf); } void CodeGraphInfo::getNearestPredicateSatisfying(KBlock *from, KBlockPredicate predicate, - std::set &result) { - std::set visited; + KBlockSet &result) { + std::unordered_set visited; auto blockMap = from->parent->blockMap; std::deque nodes; @@ -218,21 +207,21 @@ void CodeGraphInfo::getNearestPredicateSatisfying(KBlock *from, } } -const std::map> & +const KBlockMap> & CodeGraphInfo::getFunctionBranches(KFunction *kf) { if (functionBranches.count(kf) == 0) calculateFunctionBranches(kf); return functionBranches.at(kf); } -const std::map> & +const KBlockMap> & CodeGraphInfo::getFunctionConditionalBranches(KFunction *kf) { if (functionConditionalBranches.count(kf) == 0) calculateFunctionConditionalBranches(kf); return functionConditionalBranches.at(kf); } -const std::map> & +const KBlockMap> & CodeGraphInfo::getFunctionBlocks(KFunction *kf) { if (functionBlocks.count(kf) == 0) calculateFunctionBlocks(kf); diff --git a/lib/Module/IntrinsicCleaner.cpp b/lib/Module/IntrinsicCleaner.cpp index 796dcfe386..43a4b23dab 100644 --- a/lib/Module/IntrinsicCleaner.cpp +++ b/lib/Module/IntrinsicCleaner.cpp @@ -105,11 +105,11 @@ bool IntrinsicCleanerPass::runOnBasicBlock(BasicBlock &b, Module &M) { case Intrinsic::round: case Intrinsic::sqrt: // case Intrinsic::roundeven do not know how to cause it to generate - // case Intrinsic::lround is not generated by calling corresponding math - // function case Intrinsic::llround is not generated by calling - // corresponding math function case Intrinsic::lrint is not generated by - // calling corresponding math function case Intrinsic::llrint is not - // generated by calling corresponding math function + // case Intrinsic::lround + // case Intrinsic::llround + // case Intrinsic::lrint + // case Intrinsic::llrint is not generated by calling corresponding math + // function if (WithFPRuntime) { break; } else { diff --git a/lib/Module/KModule.cpp b/lib/Module/KModule.cpp index db6ae7a96e..fcbd57baa2 100644 --- a/lib/Module/KModule.cpp +++ b/lib/Module/KModule.cpp @@ -27,6 +27,7 @@ DISABLE_WARNING_PUSH DISABLE_WARNING_DEPRECATED_DECLARATIONS #include "llvm/Bitcode/BitcodeWriter.h" #include "llvm/IR/AssemblyAnnotationWriter.h" +#include "llvm/IR/CFG.h" #include "llvm/IR/DataLayout.h" #include "llvm/IR/Function.h" #include "llvm/IR/IRBuilder.h" @@ -274,16 +275,6 @@ void KModule::optimiseAndPrepare( pm.run(*module); } - if (opts.Optimize) - Optimize(module.get(), preservedFunctions); - - // Add internal functions which are not used to check if instructions - // have been already visited - if (opts.CheckDivZero) - addInternalFunction("klee_div_zero_check"); - if (opts.CheckOvershift) - addInternalFunction("klee_overshift_check"); - // Use KLEE's internal float classification functions if requested. if (opts.WithFPRuntime) { if (UseKleeFloatInternals) { @@ -294,6 +285,16 @@ void KModule::optimiseAndPrepare( } } + if (opts.Optimize) + Optimize(module.get(), preservedFunctions); + + // Add internal functions which are not used to check if instructions + // have been already visited + if (opts.CheckDivZero) + addInternalFunction("klee_div_zero_check"); + if (opts.CheckOvershift) + addInternalFunction("klee_overshift_check"); + // Needs to happen after linking (since ctors/dtors can be modified) // and optimization (since global optimization can rewrite lists). injectStaticConstructorsAndDestructors(module.get(), opts.EntryPoint); @@ -387,17 +388,17 @@ void KModule::manifest(InterpreterHandler *ih, } } - std::vector declarations; + std::vector declarations; unsigned functionID = 0; maxGlobalIndex = 0; for (auto &Function : module->functions()) { + auto kf = std::make_unique(&Function, this, maxGlobalIndex); + if (Function.isDeclaration()) { - declarations.push_back(&Function); + declarations.push_back(kf.get()); } - auto kf = std::make_unique(&Function, this, maxGlobalIndex); - kf->id = functionID; functionID++; functionNameMap.insert({kf->getName().str(), kf.get()}); @@ -414,12 +415,12 @@ void KModule::manifest(InterpreterHandler *ih, for (auto &kf : functions) { if (functionEscapes(kf->function())) { - escapingFunctions.insert(kf->function()); + escapingFunctions.insert(kf.get()); } } for (auto &declaration : declarations) { - if (functionEscapes(declaration)) + if (functionEscapes(declaration->function())) escapingFunctions.insert(declaration); } @@ -427,6 +428,14 @@ void KModule::manifest(InterpreterHandler *ih, for (auto kcb : kfp->kCallBlocks) { bool isInlineAsm = false; const CallBase &cs = cast(*kcb->kcallInstruction->inst()); + Value *fp = cs.getCalledOperand(); + Function *f = getTargetFunction(fp); + if (f) { + auto kf = functionMap.find(getTargetFunction(fp)); + if (kf != functionMap.end()) { + kcb->calledFunctions.insert(kf->second); + } + } if (isa(cs.getCalledOperand())) { isInlineAsm = true; } @@ -437,7 +446,7 @@ void KModule::manifest(InterpreterHandler *ih, escapingFunctions.end()); } for (auto calledFunction : kcb->calledFunctions) { - callMap[calledFunction].insert(kfp->function()); + callMap[calledFunction].insert(kfp.get()); } } } @@ -620,16 +629,8 @@ KFunction::KFunction(llvm::Function *_function, KModule *_km, Instruction *fit = &bbit->front(); Instruction *lit = &bbit->back(); if (SplitCalls && (isa(fit) || isa(fit))) { - const CallBase &cs = cast(*fit); - Value *fp = cs.getCalledOperand(); - Function *f = getTargetFunction(fp); - std::set calledFunctions; - if (f) { - calledFunctions.insert(f); - } auto *ckb = new KCallBlock(this, &*bbit, parent, instructionToRegisterMap, - std::move(calledFunctions), &instructions[n], - globalIndexInc); + &instructions[n], globalIndexInc); kCallBlocks.push_back(ckb); kb = ckb; } else if (SplitReturns && isa(lit)) { @@ -669,6 +670,17 @@ KFunction::~KFunction() { delete[] instructions; } +bool KBlockCompare::operator()(const KBlock *a, const KBlock *b) const { + return a->parent->getGlobalIndex() < b->parent->getGlobalIndex() || + (a->parent->getGlobalIndex() == b->parent->getGlobalIndex() && + a->getId() < b->getId()); +} + +bool KFunctionCompare::operator()(const KFunction *a, + const KFunction *b) const { + return a->getGlobalIndex() < b->getGlobalIndex(); +} + KBlock::KBlock( KFunction *_kfunction, llvm::BasicBlock *block, KModule *km, const std::unordered_map &instructionToRegisterMap, @@ -717,34 +729,30 @@ unsigned KBlock::hash() const { KCallBlock::KCallBlock( KFunction *_kfunction, llvm::BasicBlock *block, KModule *km, const std::unordered_map &instructionToRegisterMap, - std::set _calledFunctions, KInstruction **instructionsKF, - unsigned &globalIndexInc) + KInstruction **instructionsKF, unsigned &globalIndexInc) : KBlock::KBlock(_kfunction, block, km, instructionToRegisterMap, instructionsKF, globalIndexInc, KBlockType::Call), - kcallInstruction(this->instructions[0]), - calledFunctions(std::move(_calledFunctions)) {} + kcallInstruction(this->instructions[0]) {} bool KCallBlock::intrinsic() const { if (calledFunctions.size() != 1) { return false; } - Function *calledFunction = *calledFunctions.begin(); - auto kf = parent->parent->functionMap[calledFunction]; - if (kf && kf->kleeHandled) { + KFunction *calledFunction = *calledFunctions.begin(); + if (calledFunction && calledFunction->kleeHandled) { return true; } - return calledFunction->getIntrinsicID() != llvm::Intrinsic::not_intrinsic; + return calledFunction->function()->getIntrinsicID() != + llvm::Intrinsic::not_intrinsic; } bool KCallBlock::internal() const { return calledFunctions.size() == 1 && - parent->parent->functionMap[*calledFunctions.begin()] != nullptr; + !(*calledFunctions.begin())->function()->isDeclaration(); } KFunction *KCallBlock::getKFunction() const { - return calledFunctions.size() == 1 - ? parent->parent->functionMap[*calledFunctions.begin()] - : nullptr; + return calledFunctions.size() == 1 ? *calledFunctions.begin() : nullptr; } KBasicBlock::KBasicBlock(KFunction *_kfunction, llvm::BasicBlock *block, @@ -763,6 +771,22 @@ KReturnBlock::KReturnBlock( : KBlock::KBlock(_kfunction, block, km, instructionToRegisterMap, instructionsKF, globalIndexInc, KBlockType::Return) {} +KBlockSet KBlock::successors() { + KBlockSet result; + for (auto bb : llvm::successors(basicBlock())) { + result.insert(parent->blockMap[bb]); + } + return result; +} + +KBlockSet KBlock::predecessors() { + KBlockSet result; + for (auto bb : llvm::predecessors(basicBlock())) { + result.insert(parent->blockMap[bb]); + } + return result; +} + std::string KBlock::getLabel() const { std::string _label; llvm::raw_string_ostream label_stream(_label); diff --git a/lib/Module/ModuleUtil.cpp b/lib/Module/ModuleUtil.cpp index d23e41a607..4a6c6bf77e 100644 --- a/lib/Module/ModuleUtil.cpp +++ b/lib/Module/ModuleUtil.cpp @@ -16,6 +16,7 @@ #include "klee/Support/CompilerWarning.h" DISABLE_WARNING_PUSH DISABLE_WARNING_DEPRECATED_DECLARATIONS +#include "llvm/Analysis/CallGraph.h" #include "llvm/Analysis/ValueTracking.h" #include "llvm/BinaryFormat/Magic.h" #include "llvm/Bitcode/BitcodeReader.h" @@ -45,6 +46,7 @@ DISABLE_WARNING_POP #include #include #include +#include using namespace llvm; using namespace klee; @@ -368,6 +370,46 @@ bool klee::loadFileAsOneModule( return res; } +bool klee::loadArchiveAsOneModule( + const std::string &libraryName, LLVMContext &context, + std::vector> &modules, + Interpreter::FunctionsByModule &functionsByModule, std::string &errorMsg) { + std::vector> modules2; + bool res = klee::loadFile(libraryName, context, modules2, errorMsg); + if (res) { + std::vector>> namesByModule; + for (const auto &mod : modules2) { + llvm::CallGraph cg(*mod); + std::vector> names; + for (const auto &f : *mod) { + if (!f.isDeclaration()) { + names.push_back({f.getName().str(), cg[&f]->getNumReferences()}); + } + } + namesByModule.push_back(std::move(names)); + } + + modules.push_back(std::move(modules2.front())); + res = linkModules(modules.back().get(), modules2, 0, errorMsg); + auto mainMod = modules.front().get(); + for (const auto &mod : namesByModule) { + std::unordered_set setFns; + std::vector fns; + for (const auto &name : mod) { + auto fn = mainMod->getFunction(name.first); + if (fn) { + setFns.insert(fn); + fns.push_back(fn); + functionsByModule.usesInModule[fn] = name.second; + } + } + functionsByModule.setModules.push_back(std::move(setFns)); + functionsByModule.modules.push_back(std::move(fns)); + } + } + return res; +} + void klee::replaceOrRenameFunction(llvm::Module *module, const char *old_name, const char *new_name) { Function *new_function, *old_function; @@ -382,4 +424,4 @@ void klee::replaceOrRenameFunction(llvm::Module *module, const char *old_name, assert(old_function->getName() == new_name); } } -} \ No newline at end of file +} diff --git a/lib/Module/TargetForest.cpp b/lib/Module/TargetForest.cpp index 8f4a551e31..0d40b5b4c3 100644 --- a/lib/Module/TargetForest.cpp +++ b/lib/Module/TargetForest.cpp @@ -106,8 +106,8 @@ TargetForest::UnorderedTargetsSet::~UnorderedTargetsSet() { void TargetForest::Layer::addTrace( const Result &result, - const std::unordered_map, std::unordered_set, - RefLocationHash, RefLocationCmp> &locToBlocks) { + const std::unordered_map, KBlockSet, RefLocationHash, + RefLocationCmp> &locToBlocks) { auto forest = this; for (size_t i = 0; i < result.locations.size(); ++i) { const auto &loc = result.locations[i]; diff --git a/lib/Solver/AlphaEquivalenceSolver.cpp b/lib/Solver/AlphaEquivalenceSolver.cpp index d8b6011c78..b15f24c3ff 100644 --- a/lib/Solver/AlphaEquivalenceSolver.cpp +++ b/lib/Solver/AlphaEquivalenceSolver.cpp @@ -13,6 +13,7 @@ #include "klee/Solver/Solver.h" #include "klee/Expr/AlphaBuilder.h" +#include "klee/Expr/ArrayCache.h" #include "klee/Expr/Assignment.h" #include "klee/Expr/Constraints.h" #include "klee/Expr/ExprHashMap.h" @@ -32,20 +33,17 @@ using namespace llvm; class AlphaEquivalenceSolver : public SolverImpl { private: std::unique_ptr solver; - ArrayCache &arrayCache; public: - AlphaEquivalenceSolver(std::unique_ptr solver, - ArrayCache &_arrayCache) - : solver(std::move(solver)), arrayCache(_arrayCache) {} + AlphaEquivalenceSolver(std::unique_ptr solver) + : solver(std::move(solver)) {} bool computeTruth(const Query &, bool &isValid); bool computeValidity(const Query &, PartialValidity &result); bool computeValue(const Query &, ref &result); - bool computeInitialValues(const Query &query, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool computeInitialValues( + const Query &query, const std::vector &objects, + std::vector> &values, bool &hasSolution); bool check(const Query &query, ref &result); bool computeValidityCore(const Query &query, ValidityCore &validityCore, bool &isValid); @@ -60,7 +58,7 @@ class AlphaEquivalenceSolver : public SolverImpl { AlphaBuilder &builder); Assignment changeVersion(const std::vector &objects, - const std::vector> &values, + const std::vector> &values, const ArrayCache::ArrayHashMap &reverse); Assignment changeVersion(const Assignment &a, @@ -86,10 +84,10 @@ AlphaEquivalenceSolver::changeVersion(const ValidityCore &validityCore, Assignment AlphaEquivalenceSolver::changeVersion( const std::vector &objects, - const std::vector> &values, + const std::vector> &values, const ArrayCache::ArrayHashMap &reverse) { std::vector reverseObjects; - std::vector> reverseValues; + std::vector> reverseValues; for (size_t i = 0; i < objects.size(); i++) { if (reverse.count(objects.at(i)) != 0) { reverseObjects.push_back(reverse.at(objects.at(i))); @@ -113,7 +111,7 @@ Assignment AlphaEquivalenceSolver::changeVersion( const Assignment &a, const ArrayCache::ArrayHashMap &reverse) { std::vector objects = a.keys(); - std::vector> values = a.values(); + std::vector> values = a.values(); return changeVersion(objects, values, reverse); } @@ -140,7 +138,7 @@ AlphaEquivalenceSolver::changeVersion(ref res, bool AlphaEquivalenceSolver::computeValidity(const Query &query, PartialValidity &result) { - AlphaBuilder builder(arrayCache); + AlphaBuilder builder; constraints_ty alphaQuery = builder.visitConstraints(query.constraints.cs()); ref alphaQueryExpr = builder.build(query.expr); return solver->impl->computeValidity( @@ -149,7 +147,7 @@ bool AlphaEquivalenceSolver::computeValidity(const Query &query, } bool AlphaEquivalenceSolver::computeTruth(const Query &query, bool &isValid) { - AlphaBuilder builder(arrayCache); + AlphaBuilder builder; constraints_ty alphaQuery = builder.visitConstraints(query.constraints.cs()); ref alphaQueryExpr = builder.build(query.expr); return solver->impl->computeTruth( @@ -159,7 +157,7 @@ bool AlphaEquivalenceSolver::computeTruth(const Query &query, bool &isValid) { bool AlphaEquivalenceSolver::computeValue(const Query &query, ref &result) { - AlphaBuilder builder(arrayCache); + AlphaBuilder builder; constraints_ty alphaQuery = builder.visitConstraints(query.constraints.cs()); ref alphaQueryExpr = builder.build(query.expr); return solver->impl->computeValue( @@ -169,8 +167,8 @@ bool AlphaEquivalenceSolver::computeValue(const Query &query, bool AlphaEquivalenceSolver::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { - AlphaBuilder builder(arrayCache); + std::vector> &values, bool &hasSolution) { + AlphaBuilder builder; constraints_ty alphaQuery = builder.visitConstraints(query.constraints.cs()); ref alphaQueryExpr = builder.build(query.expr); const std::vector newObjects = changeVersion(objects, builder); @@ -185,7 +183,7 @@ bool AlphaEquivalenceSolver::computeInitialValues( bool AlphaEquivalenceSolver::check(const Query &query, ref &result) { - AlphaBuilder builder(arrayCache); + AlphaBuilder builder; constraints_ty alphaQuery = builder.visitConstraints(query.constraints.cs()); ref alphaQueryExpr = builder.build(query.expr); @@ -202,7 +200,7 @@ bool AlphaEquivalenceSolver::check(const Query &query, bool AlphaEquivalenceSolver::computeValidityCore(const Query &query, ValidityCore &validityCore, bool &isValid) { - AlphaBuilder builder(arrayCache); + AlphaBuilder builder; constraints_ty alphaQuery = builder.visitConstraints(query.constraints.cs()); ref alphaQueryExpr = builder.build(query.expr); @@ -232,8 +230,7 @@ void AlphaEquivalenceSolver::notifyStateTermination(std::uint32_t id) { } std::unique_ptr -klee::createAlphaEquivalenceSolver(std::unique_ptr s, - ArrayCache &arrayCache) { +klee::createAlphaEquivalenceSolver(std::unique_ptr s) { return std::make_unique( - std::make_unique(std::move(s), arrayCache)); + std::make_unique(std::move(s))); } diff --git a/lib/Solver/AssignmentValidatingSolver.cpp b/lib/Solver/AssignmentValidatingSolver.cpp index 8284f0502e..a5fc001145 100644 --- a/lib/Solver/AssignmentValidatingSolver.cpp +++ b/lib/Solver/AssignmentValidatingSolver.cpp @@ -31,16 +31,17 @@ class AssignmentValidatingSolver : public SolverImpl { bool computeValidity(const Query &, PartialValidity &result); bool computeTruth(const Query &, bool &isValid); bool computeValue(const Query &, ref &result); - bool computeInitialValues(const Query &, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool + computeInitialValues(const Query &, const std::vector &objects, + std::vector> &values, + bool &hasSolution); bool check(const Query &query, ref &result); bool computeValidityCore(const Query &query, ValidityCore &validityCore, bool &isValid); - void validateAssigment(const Query &query, - const std::vector &objects, - std::vector> &values); + void + validateAssignment(const Query &query, + const std::vector &objects, + std::vector> &values); SolverRunStatus getOperationStatusCode(); char *getConstraintLog(const Query &); void setCoreSolverTimeout(time::Span timeout); @@ -61,9 +62,9 @@ bool AssignmentValidatingSolver::computeValue(const Query &query, return solver->impl->computeValue(query, result); } -void AssignmentValidatingSolver::validateAssigment( +void AssignmentValidatingSolver::validateAssignment( const Query &query, const std::vector &objects, - std::vector> &values) { + std::vector> &values) { // Use `_allowFreeValues` so that if we are missing an assignment // we can't compute a constant and flag this as a problem. Assignment assignment(objects, values); @@ -122,13 +123,13 @@ void AssignmentValidatingSolver::validateAssigment( bool AssignmentValidatingSolver::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { bool success = solver->impl->computeInitialValues(query, objects, values, hasSolution); if (!hasSolution) return success; - validateAssigment(query, objects, values); + validateAssignment(query, objects, values); return success; } @@ -144,12 +145,12 @@ bool AssignmentValidatingSolver::check(const Query &query, std::vector objects; findSymbolicObjects(query, objects); - std::vector> values; + std::vector> values; assert(isa(result)); cast(result)->tryGetInitialValuesFor(objects, values); - validateAssigment(query, objects, values); + validateAssignment(query, objects, values); return true; } @@ -168,7 +169,7 @@ void AssignmentValidatingSolver::dumpAssignmentQuery( // Add Constraints from `query` for (const auto &constraint : query.constraints.cs()) - constraints.addConstraint(constraint, {}); + constraints.addConstraint(constraint); Query augmentedQuery = query.withConstraints(constraints); diff --git a/lib/Solver/BitwuzlaBuilder.cpp b/lib/Solver/BitwuzlaBuilder.cpp index 1849d29605..3d58b8299c 100644 --- a/lib/Solver/BitwuzlaBuilder.cpp +++ b/lib/Solver/BitwuzlaBuilder.cpp @@ -354,7 +354,7 @@ Term BitwuzlaBuilder::getInitialArray(const Array *root) { std::string unique_name = root->getIdentifier() + unique_id; auto source = dyn_cast(root->source); - auto value = (source ? source->constantValues.defaultV() : nullptr); + auto value = (source ? source->constantValues->defaultV() : nullptr); if (source) { assert(value); } @@ -371,7 +371,7 @@ Term BitwuzlaBuilder::getInitialArray(const Array *root) { if (auto constSize = dyn_cast(root->size)) { std::vector array_assertions; for (size_t i = 0; i < constSize->getZExtValue(); i++) { - auto value = source->constantValues.load(i); + auto value = source->constantValues->load(i); // construct(= (select i root) root->value[i]) to be asserted in // BitwuzlaSolver.cpp int width_out; @@ -384,7 +384,7 @@ Term BitwuzlaBuilder::getInitialArray(const Array *root) { } constant_array_assertions[root] = std::move(array_assertions); } else { - for (auto &[index, value] : source->constantValues.storage()) { + for (const auto &[index, value] : source->constantValues->storage()) { int width_out; Term array_value = construct(value, &width_out); assert(width_out == (int)root->getRange() && diff --git a/lib/Solver/BitwuzlaSolver.cpp b/lib/Solver/BitwuzlaSolver.cpp index b3fd6ebddb..753916b68c 100644 --- a/lib/Solver/BitwuzlaSolver.cpp +++ b/lib/Solver/BitwuzlaSolver.cpp @@ -237,13 +237,13 @@ class BitwuzlaSolverImpl : public SolverImpl { bool internalRunSolver(const ConstraintQuery &query, BitwuzlaSolverEnv &env, ObjectAssignment needObjects, - std::vector> *values, + std::vector> *values, ValidityCore *validityCore, bool &hasSolution); SolverImpl::SolverRunStatus handleSolverResponse( Bitwuzla &theSolver, Result satisfiable, const BitwuzlaSolverEnv &env, ObjectAssignment needObjects, - std::vector> *values, bool &hasSolution); + std::vector> *values, bool &hasSolution); protected: BitwuzlaSolverImpl(); @@ -257,9 +257,10 @@ class BitwuzlaSolverImpl : public SolverImpl { bool &isValid); bool computeValue(const ConstraintQuery &, BitwuzlaSolverEnv &env, ref &result); - bool computeInitialValues(const ConstraintQuery &, BitwuzlaSolverEnv &env, - std::vector> &values, - bool &hasSolution); + bool + computeInitialValues(const ConstraintQuery &, BitwuzlaSolverEnv &env, + std::vector> &values, + bool &hasSolution); bool check(const ConstraintQuery &query, BitwuzlaSolverEnv &env, ref &result); bool computeValidityCore(const ConstraintQuery &query, BitwuzlaSolverEnv &env, @@ -404,7 +405,7 @@ bool BitwuzlaSolverImpl::computeTruth(const ConstraintQuery &query, bool BitwuzlaSolverImpl::computeValue(const ConstraintQuery &query, BitwuzlaSolverEnv &env, ref &result) { - std::vector> values; + std::vector> values; bool hasSolution; // Find the object used in the expression, and compute an assignment @@ -423,7 +424,7 @@ bool BitwuzlaSolverImpl::computeValue(const ConstraintQuery &query, bool BitwuzlaSolverImpl::computeInitialValues( const ConstraintQuery &query, BitwuzlaSolverEnv &env, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { return internalRunSolver(query, env, ObjectAssignment::NeededForObjectsFromEnv, &values, /*validityCore=*/NULL, hasSolution); @@ -432,7 +433,7 @@ bool BitwuzlaSolverImpl::computeInitialValues( bool BitwuzlaSolverImpl::check(const ConstraintQuery &query, BitwuzlaSolverEnv &env, ref &result) { - std::vector> values; + std::vector> values; ValidityCore validityCore; bool hasSolution = false; bool status = @@ -461,7 +462,7 @@ bool BitwuzlaSolverImpl::computeValidityCore(const ConstraintQuery &query, bool BitwuzlaSolverImpl::internalRunSolver( const ConstraintQuery &query, BitwuzlaSolverEnv &env, ObjectAssignment needObjects, - std::vector> *values, + std::vector> *values, ValidityCore *validityCore, bool &hasSolution) { TimerStatIncrementer t(stats::queryTime); runStatusCode = SolverImpl::SOLVER_RUN_STATUS_FAILURE; @@ -532,7 +533,6 @@ bool BitwuzlaSolverImpl::internalRunSolver( struct sigaction action {}; struct sigaction old_action {}; - action.sa_handler = signal_handler; action.sa_flags = 0; sigaction(SIGINT, &action, &old_action); @@ -572,7 +572,9 @@ bool BitwuzlaSolverImpl::internalRunSolver( if (bitwuzla_term_unsat_core.count(bitwuzla_constraint)) { ref constraint = env.bitwuzla_ast_expr_to_klee_expr[bitwuzla_constraint]; - unsatCore.insert(constraint); + if (Expr::createIsZero(constraint) != query.getOriginalQueryExpr()) { + unsatCore.insert(constraint); + } } } assert(validityCore && "validityCore cannot be nullptr"); @@ -610,7 +612,7 @@ bool BitwuzlaSolverImpl::internalRunSolver( SolverImpl::SolverRunStatus BitwuzlaSolverImpl::handleSolverResponse( Bitwuzla &theSolver, Result satisfiable, const BitwuzlaSolverEnv &env, ObjectAssignment needObjects, - std::vector> *values, bool &hasSolution) { + std::vector> *values, bool &hasSolution) { switch (satisfiable) { case Result::SAT: { hasSolution = true; @@ -624,7 +626,7 @@ SolverImpl::SolverRunStatus BitwuzlaSolverImpl::handleSolverResponse( values->reserve(objects->size()); for (auto array : *objects) { - SparseStorage data; + SparseStorageImpl data; if (env.usedArrayBytes.count(array)) { std::unordered_set offsetValues; @@ -701,10 +703,11 @@ class BitwuzlaNonIncSolverImpl final : public BitwuzlaSolverImpl { return BitwuzlaSolverImpl::computeValue(ConstraintQuery(query, false), env, result); } - bool computeInitialValues(const Query &query, - const std::vector &objects, - std::vector> &values, - bool &hasSolution) override { + bool + computeInitialValues(const Query &query, + const std::vector &objects, + std::vector> &values, + bool &hasSolution) override { BitwuzlaSolverEnv env(objects); return BitwuzlaSolverImpl::computeInitialValues( ConstraintQuery(query, false), env, values, hasSolution); @@ -877,10 +880,11 @@ class BitwuzlaTreeSolverImpl final : public BitwuzlaSolverImpl { /// implementation of the SolverImpl interface bool computeTruth(const Query &query, bool &isValid) override; bool computeValue(const Query &query, ref &result) override; - bool computeInitialValues(const Query &query, - const std::vector &objects, - std::vector> &values, - bool &hasSolution) override; + bool + computeInitialValues(const Query &query, + const std::vector &objects, + std::vector> &values, + bool &hasSolution) override; bool check(const Query &query, ref &result) override; bool computeValidityCore(const Query &query, ValidityCore &validityCore, bool &isValid) override; @@ -958,7 +962,7 @@ bool BitwuzlaTreeSolverImpl::computeValue(const Query &query, bool BitwuzlaTreeSolverImpl::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { auto q = prepare(query); currentSolver->env.objectsForGetModel = objects; return BitwuzlaSolverImpl::computeInitialValues(q, currentSolver->env, values, diff --git a/lib/Solver/CachingSolver.cpp b/lib/Solver/CachingSolver.cpp index f01d760d32..4f238f50c2 100644 --- a/lib/Solver/CachingSolver.cpp +++ b/lib/Solver/CachingSolver.cpp @@ -79,10 +79,9 @@ class CachingSolver : public SolverImpl { ++stats::queryCacheMisses; return solver->impl->computeValue(query, result); } - bool computeInitialValues(const Query &query, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool computeInitialValues( + const Query &query, const std::vector &objects, + std::vector> &values, bool &hasSolution); bool check(const Query &query, ref &result); bool computeValidityCore(const Query &, ValidityCore &validityCore, bool &isValid); @@ -279,7 +278,7 @@ bool CachingSolver::computeValidityCore(const Query &query, bool CachingSolver::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { ++stats::queryCacheMisses; return solver->impl->computeInitialValues(query, objects, values, hasSolution); diff --git a/lib/Solver/CexCachingSolver.cpp b/lib/Solver/CexCachingSolver.cpp index 038af68e2e..cebf8f7025 100644 --- a/lib/Solver/CexCachingSolver.cpp +++ b/lib/Solver/CexCachingSolver.cpp @@ -103,10 +103,10 @@ class CexCachingSolver : public SolverImpl { bool computeTruth(const Query &, bool &isValid); bool computeValidity(const Query &, PartialValidity &result); bool computeValue(const Query &, ref &result); - bool computeInitialValues(const Query &, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool + computeInitialValues(const Query &, const std::vector &objects, + std::vector> &values, + bool &hasSolution); bool check(const Query &query, ref &result); bool computeValidityCore(const Query &, ValidityCore &validityCore, bool &isValid); @@ -372,23 +372,26 @@ bool CexCachingSolver::computeValue(const Query &query, ref &result) { assert(isa(a) && "computeValue() must have assignment"); result = cast(a)->evaluate(query.expr, false); - if (!isa(result) && solver->impl->computeValue(query, result)) + if ((!isa(result) && !isa(result)) && + solver->impl->computeValue(query, result)) return false; - assert(isa(result) && + assert((isa(result) || isa(result)) && "assignment evaluation did not result in constant"); - if (cast(result)->isTrue()) { - setResponse(query.negateExpr(), a); - } else if (cast(result)->isFalse()) { - setResponse(query, a); + if (ref constResult = dyn_cast(result)) { + if (constResult->isTrue()) { + setResponse(query.negateExpr(), a); + } else if (constResult->isFalse()) { + setResponse(query, a); + } } return true; } bool CexCachingSolver::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { TimerStatIncrementer t(stats::cexCacheTime); ref a; if (!getResponse(query, a)) @@ -400,7 +403,7 @@ bool CexCachingSolver::computeInitialValues( // FIXME: We should use smarter assignment for result so we don't // need redundant copy. - values = std::vector>(objects.size()); + values = std::vector>(objects.size()); Assignment::bindings_ty aBindings; a->tryGetInitialValues(aBindings); @@ -413,7 +416,7 @@ bool CexCachingSolver::computeInitialValues( cast(a)->evaluate(os->size); assert(arrayConstantSize && "Array of symbolic size had not receive value for size!"); - values[i] = SparseStorage(0); + values[i] = SparseStorageImpl(0); } else { values[i] = it->second; } diff --git a/lib/Solver/ConcretizingSolver.cpp b/lib/Solver/ConcretizingSolver.cpp index 645d1863f4..b9140c5b62 100644 --- a/lib/Solver/ConcretizingSolver.cpp +++ b/lib/Solver/ConcretizingSolver.cpp @@ -1,3 +1,15 @@ +//===-- ConcretizingSolver.cpp --------------------------------------------===// +// +// The KLEE Symbolic Virtual Machine +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +#include "klee/Solver/Solver.h" + +#include "klee/ADT/MapOfSets.h" #include "klee/ADT/SparseStorage.h" #include "klee/Expr/Assignment.h" #include "klee/Expr/Constraints.h" @@ -8,7 +20,6 @@ #include "klee/Expr/SymbolicSource.h" #include "klee/Expr/Symcrete.h" -#include "klee/Solver/AddressGenerator.h" #include "klee/Solver/Solver.h" #include "klee/Solver/SolverImpl.h" #include "klee/Solver/SolverUtil.h" @@ -25,16 +36,18 @@ DISABLE_WARNING_POP namespace klee { +typedef std::set> KeyType; + class ConcretizingSolver : public SolverImpl { private: std::unique_ptr solver; - AddressGenerator *addressGenerator; + MapOfSets, Assignment> cache; public: - ConcretizingSolver(std::unique_ptr _solver, AddressGenerator *_ag) - : solver(std::move(_solver)), addressGenerator(_ag) {} + ConcretizingSolver(std::unique_ptr _solver) + : solver(std::move(_solver)) {} - ~ConcretizingSolver() = default; + ~ConcretizingSolver(); bool computeTruth(const Query &, bool &isValid); bool computeValidity(const Query &, PartialValidity &result); @@ -46,10 +59,9 @@ class ConcretizingSolver : public SolverImpl { bool check(const Query &query, ref &result); bool computeValue(const Query &, ref &result); - bool computeInitialValues(const Query &query, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool computeInitialValues( + const Query &query, const std::vector &objects, + std::vector> &values, bool &hasSolution); SolverRunStatus getOperationStatusCode(); char *getConstraintLog(const Query &); void setCoreSolverTimeout(time::Span timeout); @@ -72,8 +84,20 @@ class ConcretizingSolver : public SolverImpl { void reverseConcretization(ref &res, const ExprHashMap> &reverse, ref reverseExpr); + bool updateConcretization(const Query &query, Assignment &assign); }; +KeyType makeKey(const Query &query) { + KeyType key = + KeyType(query.constraints.cs().begin(), query.constraints.cs().end()); + for (ref s : query.constraints.symcretes()) { + key.insert(s->symcretized); + } + ref neg = Expr::createIsZero(query.expr); + key.insert(neg); + return key; +} + Query ConcretizingSolver::constructConcretizedQuery(const Query &query, const Assignment &assign) { ConstraintSet cs = query.constraints; @@ -130,7 +154,7 @@ bool ConcretizingSolver::getBrokenArrays( ref CE = dyn_cast(concretizedQuery.expr); if (CE && CE->isTrue()) { findObjects(query.expr, brokenArrays); - result = new UnknownResponse(); + result = new ValidResponse(ValidityCore().withExpr(query.expr)); return true; } const ExprHashMap> &reverse = @@ -160,10 +184,6 @@ bool ConcretizingSolver::getBrokenArrays( bool ConcretizingSolver::relaxSymcreteConstraints(const Query &query, ref &result) { - if (!query.containsSizeSymcretes()) { - result = new UnknownResponse({}); - return true; - } /* Get initial symcrete solution. We will try to relax them in order to * achieve `mayBeTrue` solution. */ @@ -173,13 +193,10 @@ bool ConcretizingSolver::relaxSymcreteConstraints(const Query &query, * symcretes break (i.e. can not have current value) with given array. */ std::unordered_map>> symcretesDependentFromArrays; - std::unordered_map> - kindsOfSymcretesForArrays; for (const ref &symcrete : query.constraints.symcretes()) { for (const Array *array : symcrete->dependentArrays()) { symcretesDependentFromArrays[array].push_back(symcrete); - kindsOfSymcretesForArrays[array].insert(symcrete->getKind()); } } @@ -201,44 +218,13 @@ bool ConcretizingSolver::relaxSymcreteConstraints(const Query &query, } std::queue arrayQueue; - std::queue addressQueue; bool addressArrayPresent = false; for (const Array *array : currentlyBrokenSymcretizedArrays) { if (symcretesDependentFromArrays.count(array) && - (kindsOfSymcretesForArrays.at(array).count( - Symcrete::SymcreteKind::SK_ALLOC_SIZE) || - kindsOfSymcretesForArrays.at(array).count( - Symcrete::SymcreteKind::SK_LI_SIZE)) && usedSymcretizedArrays.insert(array).second) { arrayQueue.push(array); } - if (symcretesDependentFromArrays.count(array) && - (kindsOfSymcretesForArrays.at(array).count( - Symcrete::SymcreteKind::SK_ALLOC_ADDRESS) || - kindsOfSymcretesForArrays.at(array).count( - Symcrete::SymcreteKind::SK_LI_ADDRESS)) && - !usedSymcretizedArrays.count(array)) { - addressArrayPresent = true; - addressQueue.push(array); - } - } - - if (arrayQueue.empty() && addressArrayPresent) { - while (!addressQueue.empty()) { - assignment.bindings.remove(addressQueue.front()); - addressQueue.pop(); - } - - if (!solver->impl->check(constructConcretizedQuery(query, assignment), - result)) { - return false; - } else { - if (isa(result)) { - result = new UnknownResponse({}); - } - return true; - } } while (!arrayQueue.empty()) { @@ -256,13 +242,7 @@ bool ConcretizingSolver::relaxSymcreteConstraints(const Query &query, continue; } - if (isa(symcrete)) { - currentlyBrokenSymcretes.insert(symcrete); - - for (Symcrete &dependentSymcrete : symcrete->dependentSymcretes()) { - currentlyBrokenSymcretes.insert(ref(&dependentSymcrete)); - } - } + currentlyBrokenSymcretes.insert(symcrete); } for (const ref &symcrete : currentlyBrokenSymcretes) { @@ -293,100 +273,14 @@ bool ConcretizingSolver::relaxSymcreteConstraints(const Query &query, return true; } - Query concretizedNegatedQuery = - constructConcretizedQuery(query.negateExpr(), assignment); - - ConstraintSet queryConstraints = concretizedNegatedQuery.constraints; - queryConstraints.addConstraint(concretizedNegatedQuery.expr, {}); - - std::vector> sizeSymcretes; - for (const ref &symcrete : brokenSymcretes) { - if (isa(symcrete)) { - sizeSymcretes.push_back(symcrete->symcretized); - } - } - - assert(!sizeSymcretes.empty()); - ref symbolicSizesSum = createNonOverflowingSumExpr(sizeSymcretes); - symbolicSizesSum = - Simplificator::simplifyExpr(query.constraints, symbolicSizesSum) - .simplified; - - ref response; - - /* Compute assignment for symcretes. */ - std::vector objects(usedSymcretizedArrays.begin(), - usedSymcretizedArrays.end()); - std::vector> brokenSymcretizedValues; - - if (!solver->impl->check( - Query(queryConstraints, - UgtExpr::create( - symbolicSizesSum, - ConstantExpr::create(SymbolicAllocationThreshold, - symbolicSizesSum->getWidth())), - query.id), - response)) { - return false; - } - - if (!response->tryGetInitialValuesFor(objects, brokenSymcretizedValues)) { - ref minimalValueOfSum; - /* Receive model with a smallest sum as possible. */ - if (!solver->impl->computeMinimalUnsignedValue( - Query(queryConstraints, symbolicSizesSum, query.id), - minimalValueOfSum)) { - return false; - } - - bool hasSolution = false; - if (!solver->impl->computeInitialValues( - Query(queryConstraints, - EqExpr::create(symbolicSizesSum, minimalValueOfSum), query.id) - .negateExpr(), - objects, brokenSymcretizedValues, hasSolution)) { - return false; - } - assert(hasSolution && "Symcretes values should have concretization after " - "computeInitialValues() query."); - } - - for (unsigned idx = 0; idx < objects.size(); ++idx) { - assignment.bindings.replace({objects[idx], brokenSymcretizedValues[idx]}); - } + assignment = cast(result)->initialValuesFor( + query.constraints.gatherSymcretizedArrays()); ExprHashMap> concretizations; for (ref symcrete : query.constraints.symcretes()) { concretizations[symcrete->symcretized] = - assignment.evaluate(symcrete->symcretized); - } - - for (const ref &symcrete : brokenSymcretes) { - ref sizeSymcrete = dyn_cast(symcrete); - - if (!sizeSymcrete) { - continue; - } - - /* Receive address array linked with this size array to request address - * concretization. */ - ref condcretized = assignment.evaluate(symcrete->symcretized); - - uint64_t newSize = cast(condcretized)->getZExtValue(); - - void *address = addressGenerator->allocate( - sizeSymcrete->addressSymcrete.symcretized, newSize); - unsigned char *charAddressIterator = - reinterpret_cast(&address); - SparseStorage storage(0); - storage.store(0, charAddressIterator, - charAddressIterator + sizeof(address)); - - concretizations[sizeSymcrete->addressSymcrete.symcretized] = - ConstantExpr::create( - reinterpret_cast(address), - sizeSymcrete->addressSymcrete.symcretized->getWidth()); + cast(assignment.evaluate(symcrete->symcretized)); } ref concretizationCondition = query.expr; @@ -397,15 +291,7 @@ bool ConcretizingSolver::relaxSymcreteConstraints(const Query &query, concretizationCondition); } - if (!solver->impl->check(query.withExpr(concretizationCondition), result)) { - return false; - } - - if (isa(result)) { - result = new UnknownResponse(); - } - - return true; + return solver->impl->check(query.withExpr(concretizationCondition), result); } bool ConcretizingSolver::computeValidity(const Query &query, @@ -435,7 +321,7 @@ bool ConcretizingSolver::computeValidity(const Query &query, result = PValidity::None; } } - return true; + return result != PValidity::None; } bool ConcretizingSolver::computeValidity( @@ -445,9 +331,6 @@ bool ConcretizingSolver::computeValidity( return solver->impl->computeValidity(query, queryResult, negatedQueryResult); } - auto assign = query.constraints.concretization(); - assert(assertConcretization(query, assign) && - "Assignment does not contain concretization for all symcrete arrays!"); if (!check(query, queryResult) || !check(query.negateExpr(), negatedQueryResult)) { @@ -456,16 +339,44 @@ bool ConcretizingSolver::computeValidity( return true; } +bool ConcretizingSolver::updateConcretization(const Query &query, + Assignment &assign) { + Query qwf = query.withFalse(); + ref result; + KeyType key = makeKey(qwf); + const Assignment *lookup = cache.lookup(key); + if (lookup) { + assign = *lookup; + } else { + if (!solver->impl->check(qwf, result)) { + return false; + } + assert(isa(result)); + + assign = cast(result)->initialValuesFor( + qwf.constraints.gatherSymcretizedArrays()); + cache.insert(key, assign); + } + Assignment delta = qwf.constraints.concretization().diffWith(assign); + qwf.constraints.rewriteConcretization(delta); + return true; +} + bool ConcretizingSolver::check(const Query &query, ref &result) { if (!query.containsSymcretes()) { return solver->impl->check(query, result); } - auto assign = query.constraints.concretization(); + + Assignment assign; + if (!updateConcretization(query, assign)) { + return false; + } + assert(assertConcretization(query, assign) && "Assignment does not contain concretization for all symcrete arrays!"); - auto concretizedQuery = getConcretizedVersion(query); + auto concretizedQuery = constructConcretizedQuery(query, assign); ref CE = dyn_cast(concretizedQuery.expr); if (!CE || !CE->isTrue()) { @@ -473,12 +384,27 @@ bool ConcretizingSolver::check(const Query &query, return false; } } - if ((CE && CE->isTrue()) || isa(result)) { + if ((CE && CE->isTrue()) || (isa(result))) { if (!relaxSymcreteConstraints(query, result)) { return false; } } + if (isa(result)) { + for (auto i : cast(result)->validityCore().constraints) { + if (!query.constraints.cs().count(i)) { + return false; + } + } + } + + if (isa(result)) { + KeyType key = makeKey(query); + assign = cast(result)->initialValuesFor( + query.constraints.gatherSymcretizedArrays()); + cache.insert(key, assign); + } + return true; } @@ -494,15 +420,18 @@ bool ConcretizingSolver::computeTruth(const Query &query, bool &isValid) { return false; } - auto assign = query.constraints.concretization(); + Assignment assign; + if (!updateConcretization(query, assign)) { + return false; + } assert(assertConcretization(query, assign) && "Assignment does not contain concretization for all symcrete arrays!"); - if (ref CE = dyn_cast( - query.constraints.concretization().evaluate(query.expr))) { + if (ref CE = + dyn_cast(assign.evaluate(query.expr))) { isValid = CE->isTrue(); } else { - auto concretizedQuery = getConcretizedVersion(query); + auto concretizedQuery = constructConcretizedQuery(query, assign); if (!solver->impl->computeTruth(concretizedQuery, isValid)) { return false; } @@ -522,6 +451,13 @@ bool ConcretizingSolver::computeTruth(const Query &query, bool &isValid) { } } + if (isa(result)) { + KeyType key = makeKey(query); + assign = cast(result)->initialValuesFor( + query.constraints.gatherSymcretizedArrays()); + cache.insert(key, assign); + } + return true; } @@ -531,11 +467,14 @@ bool ConcretizingSolver::computeValidityCore(const Query &query, if (!query.containsSymcretes()) { return solver->impl->computeValidityCore(query, validityCore, isValid); } - Assignment assign = query.constraints.concretization(); + Assignment assign; + if (!updateConcretization(query, assign)) { + return false; + } assert(assertConcretization(query, assign) && "Assignment does not contain concretization for all symcrete arrays!"); - Query concretizedQuery = getConcretizedVersion(query); + Query concretizedQuery = constructConcretizedQuery(query, assign); if (ref CE = dyn_cast( query.constraints.concretization().evaluate(query.expr))) { @@ -552,13 +491,13 @@ bool ConcretizingSolver::computeValidityCore(const Query &query, if (!relaxSymcreteConstraints(query, result)) { return false; } - if (isa(result)) { - return false; - } /* Here we already have validity core from query above. */ if (ref resultInvalidResponse = dyn_cast(result)) { - assign = resultInvalidResponse->initialValuesFor(assign.keys()); + KeyType key = makeKey(query); + assign = resultInvalidResponse->initialValuesFor( + query.constraints.gatherSymcretizedArrays()); + cache.insert(key, assign); isValid = false; } else { bool success = result->tryGetValidityCore(validityCore); @@ -578,7 +517,10 @@ bool ConcretizingSolver::computeValue(const Query &query, ref &result) { return solver->impl->computeValue(query, result); } - Assignment assign = query.constraints.concretization(); + Assignment assign; + if (!updateConcretization(query, assign)) { + return false; + } assert(assertConcretization(query, assign) && "Assignment does not contain concretization for all symcrete arrays!"); @@ -588,23 +530,27 @@ bool ConcretizingSolver::computeValue(const Query &query, ref &result) { result = expr; return true; } - auto concretizedQuery = getConcretizedVersion(query); + auto concretizedQuery = constructConcretizedQuery(query, assign); return solver->impl->computeValue(concretizedQuery, result); } bool ConcretizingSolver::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { if (!query.containsSymcretes()) { return solver->impl->computeInitialValues(query, objects, values, hasSolution); } - Assignment assign = query.constraints.concretization(); + Assignment assign; + if (!updateConcretization(query, assign)) { + return false; + } + assert(assertConcretization(query, assign) && "Assignment does not contain concretization for all symcrete arrays!"); - auto concretizedQuery = getConcretizedVersion(query); + auto concretizedQuery = constructConcretizedQuery(query, assign); if (!solver->impl->computeInitialValues(concretizedQuery, objects, values, hasSolution)) { return false; @@ -620,6 +566,10 @@ bool ConcretizingSolver::computeInitialValues( if (ref resultInvalidResponse = dyn_cast(result)) { hasSolution = true; + KeyType key = makeKey(query); + assign = resultInvalidResponse->initialValuesFor( + query.constraints.gatherSymcretizedArrays()); + cache.insert(key, assign); result->tryGetInitialValuesFor(objects, values); } } @@ -640,10 +590,10 @@ void ConcretizingSolver::notifyStateTermination(std::uint32_t id) { solver->impl->notifyStateTermination(id); } -std::unique_ptr -createConcretizingSolver(std::unique_ptr s, - AddressGenerator *addressGenerator) { +ConcretizingSolver::~ConcretizingSolver() { cache.clear(); } + +std::unique_ptr createConcretizingSolver(std::unique_ptr s) { return std::make_unique( - std::make_unique(std::move(s), addressGenerator)); + std::make_unique(std::move(s))); } } // namespace klee diff --git a/lib/Solver/ConstructSolverChain.cpp b/lib/Solver/ConstructSolverChain.cpp index c734db9c64..80908272f9 100644 --- a/lib/Solver/ConstructSolverChain.cpp +++ b/lib/Solver/ConstructSolverChain.cpp @@ -28,13 +28,11 @@ DISABLE_WARNING_POP #include namespace klee { -class AddressGenerator; std::unique_ptr constructSolverChain( std::unique_ptr coreSolver, std::string querySMT2LogPath, std::string baseSolverQuerySMT2LogPath, std::string queryKQueryLogPath, - std::string baseSolverQueryKQueryLogPath, - AddressGenerator *addressGenerator, ArrayCache &arrayCache) { + std::string baseSolverQueryKQueryLogPath) { Solver *rawCoreSolver = coreSolver.get(); std::unique_ptr solver = std::move(coreSolver); const time::Span minQueryTimeToLog(MinQueryTimeToLog); @@ -68,13 +66,13 @@ std::unique_ptr constructSolverChain( solver = createCachingSolver(std::move(solver)); if (UseAlphaEquivalence) - solver = createAlphaEquivalenceSolver(std::move(solver), arrayCache); + solver = createAlphaEquivalenceSolver(std::move(solver)); if (UseIndependentSolver) solver = createIndependentSolver(std::move(solver)); if (UseConcretizingSolver) - solver = createConcretizingSolver(std::move(solver), addressGenerator); + solver = createConcretizingSolver(std::move(solver)); if (UseCexCache && UseConcretizingSolver) solver = createCexCachingSolver(std::move(solver)); diff --git a/lib/Solver/DummySolver.cpp b/lib/Solver/DummySolver.cpp index 89f4429896..8b9c01f73d 100644 --- a/lib/Solver/DummySolver.cpp +++ b/lib/Solver/DummySolver.cpp @@ -22,10 +22,10 @@ class DummySolverImpl : public SolverImpl { bool computeValidity(const Query &, PartialValidity &result); bool computeTruth(const Query &, bool &isValid); bool computeValue(const Query &, ref &result); - bool computeInitialValues(const Query &, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool + computeInitialValues(const Query &, const std::vector &objects, + std::vector> &values, + bool &hasSolution); bool check(const Query &query, ref &result); bool computeValidityCore(const Query &query, ValidityCore &validityCore, bool &isValid); @@ -55,7 +55,7 @@ bool DummySolverImpl::computeValue(const Query &, ref &result) { bool DummySolverImpl::computeInitialValues( const Query &, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { ++stats::solverQueries; ++stats::queryCounterexamples; return false; diff --git a/lib/Solver/FastCexSolver.cpp b/lib/Solver/FastCexSolver.cpp index f4c1b377aa..7e3d851667 100644 --- a/lib/Solver/FastCexSolver.cpp +++ b/lib/Solver/FastCexSolver.cpp @@ -389,7 +389,7 @@ class CexRangeEvaluator : public ExprRangeEvaluator { if (array.isConstantArray() && index.isFixed()) { if (ref constantSource = dyn_cast(array.source)) { - if (auto value = constantSource->constantValues.load(index.min())) { + if (auto value = constantSource->constantValues->load(index.min())) { return ValueRange(value->getZExtValue(8)); } } @@ -895,8 +895,8 @@ class CexData { if (!isa(array->size)) { assert(0 && "Unimplemented"); } - propagateExactValues(constantSource->constantValues.load(index.min()), - range); + propagateExactValues( + constantSource->constantValues->load(index.min()), range); } else { CexValueData cvd = cod.getExactValues(index.min()); if (range.min() > cvd.min()) { @@ -1059,10 +1059,10 @@ class FastCexSolver : public IncompleteSolver { PartialValidity computeTruth(const Query &); bool computeValue(const Query &, ref &result); - bool computeInitialValues(const Query &, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool + computeInitialValues(const Query &, const std::vector &objects, + std::vector> &values, + bool &hasSolution); }; FastCexSolver::FastCexSolver() {} @@ -1169,7 +1169,7 @@ bool FastCexSolver::computeValue(const Query &query, ref &result) { bool FastCexSolver::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { CexData cd; bool isValid; @@ -1187,7 +1187,7 @@ bool FastCexSolver::computeInitialValues( for (unsigned i = 0; i != objects.size(); ++i) { const Array *array = objects[i]; assert(array); - SparseStorage data; + SparseStorageImpl data; ref arrayConstantSize = dyn_cast(cd.evaluatePossible(array->size)); assert(arrayConstantSize && diff --git a/lib/Solver/IncompleteSolver.cpp b/lib/Solver/IncompleteSolver.cpp index 85ad5a8d6d..cfdac3375f 100644 --- a/lib/Solver/IncompleteSolver.cpp +++ b/lib/Solver/IncompleteSolver.cpp @@ -110,7 +110,7 @@ bool StagedSolverImpl::computeValue(const Query &query, ref &result) { bool StagedSolverImpl::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { if (primary->computeInitialValues(query, objects, values, hasSolution)) return true; @@ -121,7 +121,7 @@ bool StagedSolverImpl::computeInitialValues( bool StagedSolverImpl::check(const Query &query, ref &result) { std::vector objects; findSymbolicObjects(query, objects); - std::vector> values; + std::vector> values; bool hasSolution; diff --git a/lib/Solver/IndependentSolver.cpp b/lib/Solver/IndependentSolver.cpp index 56cf4d043c..3eff03047c 100644 --- a/lib/Solver/IndependentSolver.cpp +++ b/lib/Solver/IndependentSolver.cpp @@ -18,6 +18,7 @@ #include "klee/Expr/Expr.h" #include "klee/Expr/ExprHashMap.h" #include "klee/Expr/ExprUtil.h" +#include "klee/Expr/IndependentConstraintSetUnion.h" #include "klee/Expr/IndependentSet.h" #include "klee/Solver/SolverImpl.h" #include "klee/Support/Debug.h" @@ -50,10 +51,9 @@ class IndependentSolver : public SolverImpl { bool computeTruth(const Query &, bool &isValid); bool computeValidity(const Query &, PartialValidity &result); bool computeValue(const Query &, ref &result); - bool computeInitialValues(const Query &query, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool computeInitialValues( + const Query &query, const std::vector &objects, + std::vector> &values, bool &hasSolution); bool check(const Query &query, ref &result); bool computeValidityCore(const Query &query, ValidityCore &validityCore, bool &isValid); @@ -67,21 +67,24 @@ bool IndependentSolver::computeValidity(const Query &query, PartialValidity &result) { std::vector> factors; query.getAllDependentConstraintsSets(factors); - ConstraintSet tmp(factors); + ConstraintSet tmp(factors, + query.constraints.independentElements().concretizedExprs); return solver->impl->computeValidity(query.withConstraints(tmp), result); } bool IndependentSolver::computeTruth(const Query &query, bool &isValid) { std::vector> factors; query.getAllDependentConstraintsSets(factors); - ConstraintSet tmp(factors); + ConstraintSet tmp(factors, + query.constraints.independentElements().concretizedExprs); return solver->impl->computeTruth(query.withConstraints(tmp), isValid); } bool IndependentSolver::computeValue(const Query &query, ref &result) { std::vector> factors; query.getAllDependentConstraintsSets(factors); - ConstraintSet tmp(factors); + ConstraintSet tmp(factors, + query.constraints.independentElements().concretizedExprs); return solver->impl->computeValue(query.withConstraints(tmp), result); } @@ -90,7 +93,7 @@ bool IndependentSolver::computeValue(const Query &query, ref &result) { // in the case ``objects`` doesn't contain all the assignments needed. bool assertCreatedPointEvaluatesToTrue( const Query &query, const std::vector &objects, - std::vector> &values, + std::vector> &values, Assignment::bindings_ty &retMap) { // _allowFreeValues is set to true so that if there are missing bytes in the // assignment we will end up with a non ConstantExpr after evaluating the @@ -132,7 +135,7 @@ bool assertCreatedPointEvaluatesToTrue(const Query &query, Assignment::bindings_ty &bindings, Assignment::bindings_ty &retMap) { std::vector objects; - std::vector> values; + std::vector> values; objects.reserve(bindings.size()); values.reserve(bindings.size()); for (auto &ovp : bindings) { @@ -144,7 +147,7 @@ bool assertCreatedPointEvaluatesToTrue(const Query &query, bool IndependentSolver::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { // We assume the query has a solution except proven differently // This is important in case we don't have any constraints but // we need initial values for requested array objects. @@ -160,14 +163,16 @@ bool IndependentSolver::computeInitialValues( hasSolution); } - ConstraintSet dependentConstriants(dependentFactors); + ConstraintSet dependentConstriants( + dependentFactors, + query.constraints.independentElements().concretizedExprs); std::vector dependentFactorsObjects; calculateArraysInFactors(dependentFactors, query.expr, dependentFactorsObjects); if (dependentFactorsObjects.size() != 0) { - std::vector> dependentFactorsValues; + std::vector> dependentFactorsValues; if (!solver->impl->computeInitialValues( query.withConstraints(dependentConstriants), @@ -188,19 +193,25 @@ bool IndependentSolver::computeInitialValues( it->calculateArrayReferences(arraysInFactor); // Going to use this as the "fresh" expression for the Query() invocation // below - assert(it->exprs.size() >= 1 && "No null/empty factors"); + ConstraintSet tmp(it); + std::vector> tempValues; if (arraysInFactor.size() == 0) { continue; + } else if (it->exprs.size() == 0) { + ref tempResult = new InvalidResponse(); + bool success = + tempResult->tryGetInitialValuesFor(arraysInFactor, tempValues); + assert(success && "Can not get initial values (Independent solver)!"); + } else { + if (!solver->impl->computeInitialValues( + Query(tmp, Expr::createFalse(), query.id), arraysInFactor, + tempValues, hasSolution)) { + values.clear(); + return false; + } } - ConstraintSet tmp(it); - std::vector> tempValues; - if (!solver->impl->computeInitialValues( - Query(tmp, Expr::createFalse(), query.id), arraysInFactor, - tempValues, hasSolution)) { - values.clear(); - return false; - } else if (!hasSolution) { + if (!hasSolution) { values.clear(); return true; @@ -225,7 +236,7 @@ bool IndependentSolver::computeInitialValues( dyn_cast(retMap.evaluate(arr->size)); assert(arrayConstantSize && "Array of symbolic size had not receive value for size!"); - SparseStorage ret(0); + SparseStorageImpl ret(0); values.push_back(ret); } else { values.push_back(retMap.bindings.at(arr)); @@ -254,10 +265,12 @@ bool IndependentSolver::check(const Query &query, ref &result) { return solver->impl->check(query, result); } - ConstraintSet dependentConstriants(dependentFactors); + ConstraintSet dependentConstriants( + dependentFactors, + query.constraints.independentElements().concretizedExprs); std::vector dependentFactorsObjects; - std::vector> dependentFactorsValues; + std::vector> dependentFactorsValues; ref dependentFactorsResult; calculateArraysInFactors(dependentFactors, query.expr, @@ -284,17 +297,21 @@ bool IndependentSolver::check(const Query &query, ref &result) { it->calculateArrayReferences(arraysInFactor); // Going to use this as the "fresh" expression for the Query() invocation // below - assert(it->exprs.size() >= 1 && "No null/empty factors"); + ref tempResult; + std::vector> tempValues; if (arraysInFactor.size() == 0) { continue; + } else if (it->exprs.size() == 0) { + tempResult = new InvalidResponse(); + } else { + if (!solver->impl->check( + Query(ConstraintSet(it), Expr::createFalse(), query.id), + tempResult)) { + return false; + } } - ref tempResult; - std::vector> tempValues; - if (!solver->impl->check( - Query(ConstraintSet(it), Expr::createFalse(), query.id), - tempResult)) { - return false; - } else if (isa(tempResult)) { + + if (isa(tempResult)) { result = tempResult; return true; } else { @@ -324,7 +341,8 @@ bool IndependentSolver::computeValidityCore(const Query &query, bool &isValid) { std::vector> factors; query.getAllDependentConstraintsSets(factors); - ConstraintSet tmp(factors); + ConstraintSet tmp(factors, + query.constraints.independentElements().concretizedExprs); return solver->impl->computeValidityCore(query.withConstraints(tmp), validityCore, isValid); } diff --git a/lib/Solver/MetaSMTBuilder.h b/lib/Solver/MetaSMTBuilder.h index 6944402788..5f225ead82 100644 --- a/lib/Solver/MetaSMTBuilder.h +++ b/lib/Solver/MetaSMTBuilder.h @@ -235,7 +235,7 @@ MetaSMTBuilder::getInitialArray(const Array *root) { metaSMT::logic::Array::store( array_expr, construct(ConstantExpr::alloc(i, root->getDomain()), 0), - construct(constantSource->constantValues.load(i), 0))); + construct(constantSource->constantValues->load(i), 0))); array_expr = tmp; } } @@ -655,6 +655,10 @@ MetaSMTBuilder::constructActual(ref e, int *width_out) { // llvm::errs() << "\n"; switch (e->getKind()) { + case Expr::Pointer: + case Expr::ConstantPointer: { + assert(0 && "unreachable"); + } case Expr::Constant: { ConstantExpr *coe = cast(e); @@ -710,9 +714,9 @@ MetaSMTBuilder::constructActual(ref e, int *width_out) { if (auto constantSource = dyn_cast(re->updates.root->source)) { if (!isa(re->updates.root->size)) { - ref selectExpr = constantSource->constantValues.defaultV(); + ref selectExpr = constantSource->constantValues->defaultV(); for (const auto &[index, value] : - constantSource->constantValues.storage()) { + constantSource->constantValues->storage()) { selectExpr = SelectExpr::create( EqExpr::create(re->index, ConstantExpr::create( index, re->index->getWidth())), diff --git a/lib/Solver/MetaSMTSolver.cpp b/lib/Solver/MetaSMTSolver.cpp index 55ba6a4b4a..1ef1448aed 100644 --- a/lib/Solver/MetaSMTSolver.cpp +++ b/lib/Solver/MetaSMTSolver.cpp @@ -100,20 +100,19 @@ template class MetaSMTSolverImpl : public SolverImpl { bool computeTruth(const Query &, bool &isValid); bool computeValue(const Query &, ref &result); - bool computeInitialValues(const Query &query, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool computeInitialValues( + const Query &query, const std::vector &objects, + std::vector> &values, bool &hasSolution); SolverImpl::SolverRunStatus runAndGetCex(const Query &query, const std::vector &objects, - std::vector> &values, + std::vector> &values, bool &hasSolution); SolverImpl::SolverRunStatus runAndGetCexForked(const Query &query, const std::vector &objects, - std::vector> &values, + std::vector> &values, bool &hasSolution, time::Span timeout); SolverRunStatus getOperationStatusCode(); @@ -154,7 +153,7 @@ bool MetaSMTSolverImpl::computeTruth(const Query &query, bool success = false; std::vector objects; - std::vector> values; + std::vector> values; bool hasSolution; if (computeInitialValues(query, objects, values, hasSolution)) { @@ -172,7 +171,7 @@ bool MetaSMTSolverImpl::computeValue(const Query &query, bool success = false; std::vector objects; - std::vector> values; + std::vector> values; bool hasSolution; // Find the object used in the expression, and compute an assignment for them. @@ -191,7 +190,7 @@ bool MetaSMTSolverImpl::computeValue(const Query &query, template bool MetaSMTSolverImpl::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { _runStatusCode = SOLVER_RUN_STATUS_FAILURE; @@ -226,7 +225,7 @@ bool MetaSMTSolverImpl::computeInitialValues( template SolverImpl::SolverRunStatus MetaSMTSolverImpl::runAndGetCex( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { // assume the constraints of the query for (auto &constraint : query.constraints.cs()) @@ -261,7 +260,7 @@ SolverImpl::SolverRunStatus MetaSMTSolverImpl::runAndGetCex( typename SolverContext::result_type array_exp = _builder->getInitialArray(array); - SparseStorage data(0); + SparseStorageImpl data(0); for (unsigned offset : readOffsets.at(array)) { typename SolverContext::result_type elem_exp = evaluate( @@ -288,7 +287,7 @@ template SolverImpl::SolverRunStatus MetaSMTSolverImpl::runAndGetCexForked( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution, + std::vector> &values, bool &hasSolution, time::Span timeout) { unsigned char *pos = shared_memory_ptr; // unsigned sum = 0; @@ -405,9 +404,9 @@ MetaSMTSolverImpl::runAndGetCexForked( } if (hasSolution) { - values = std::vector>(objects.size()); + values = std::vector>(objects.size()); for (unsigned i = 0; i < objects.size(); ++i) { - SparseStorage &data = values[i]; + SparseStorageImpl &data = values[i]; data.store(0, pos, pos + shared_memory_sizes_ptr[i]); pos += shared_memory_sizes_ptr[i]; } diff --git a/lib/Solver/QueryLoggingSolver.cpp b/lib/Solver/QueryLoggingSolver.cpp index 45b6af359d..8527547295 100644 --- a/lib/Solver/QueryLoggingSolver.cpp +++ b/lib/Solver/QueryLoggingSolver.cpp @@ -168,7 +168,7 @@ bool QueryLoggingSolver::computeValue(const Query &query, ref &result) { bool QueryLoggingSolver::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { startQuery(query, "InitialValues", 0, &objects); ExprHashSet expressions; @@ -178,7 +178,7 @@ bool QueryLoggingSolver::computeInitialValues( std::vector allObjects; findSymbolicObjects(expressions.begin(), expressions.end(), allObjects); - std::vector> allValues; + std::vector> allValues; bool success = solver->impl->computeInitialValues(query, allObjects, allValues, hasSolution); @@ -194,7 +194,7 @@ bool QueryLoggingSolver::computeInitialValues( success = invalidResponse->tryGetInitialValuesFor(objects, values); assert(success); Assignment allSolutionAssignment(allObjects, allValues); - std::vector>::iterator values_it = + std::vector>::iterator values_it = values.begin(); Assignment solutionAssignment(objects, values); @@ -202,7 +202,7 @@ bool QueryLoggingSolver::computeInitialValues( e = objects.end(); i != e; ++i, ++values_it) { const Array *array = *i; - SparseStorage &data = *values_it; + SparseStorageImpl &data = *values_it; logBuffer << queryCommentSign << " " << array->getIdentifier() << " = ["; ref arrayConstantSize = @@ -249,7 +249,7 @@ bool QueryLoggingSolver::check(const Query &query, e = initialValues.end(); i != e; ++i) { const Array *array = i->first; - const SparseStorage &data = i->second; + const SparseStorageImpl &data = i->second; logBuffer << queryCommentSign << " " << array->getIdentifier() << " = ["; ref arrayConstantSize = diff --git a/lib/Solver/QueryLoggingSolver.h b/lib/Solver/QueryLoggingSolver.h index 3dd2f1a357..4cc5395ecd 100644 --- a/lib/Solver/QueryLoggingSolver.h +++ b/lib/Solver/QueryLoggingSolver.h @@ -71,10 +71,9 @@ class QueryLoggingSolver : public SolverImpl { bool computeTruth(const Query &query, bool &isValid); bool computeValidity(const Query &query, PartialValidity &result); bool computeValue(const Query &query, ref &result); - bool computeInitialValues(const Query &query, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool computeInitialValues( + const Query &query, const std::vector &objects, + std::vector> &values, bool &hasSolution); bool check(const Query &query, ref &result); bool computeValidityCore(const Query &query, ValidityCore &validityCore, bool &isValid); diff --git a/lib/Solver/STPBuilder.cpp b/lib/Solver/STPBuilder.cpp index b766111ed7..f2890de0f8 100644 --- a/lib/Solver/STPBuilder.cpp +++ b/lib/Solver/STPBuilder.cpp @@ -453,12 +453,12 @@ ::VCExpr STPBuilder::getInitialArray(const Array *root) { // to work correctly in that case. auto constSize = cast(root->size)->getZExtValue(); - // TODO: usage of `constantValues.size()` seems unconvinient. + // TODO: usage of `constantValues->size()` seems unconvinient. for (unsigned i = 0; i < constSize; i++) { ::VCExpr prev = array_expr; array_expr = vc_writeExpr( vc, prev, construct(ConstantExpr::alloc(i, root->getDomain()), 0), - construct(constantSource->constantValues.load(i), 0)); + construct(constantSource->constantValues->load(i), 0)); vc_DeleteExpr(prev); } } @@ -535,6 +535,14 @@ ExprHandle STPBuilder::constructActual(ref e, int *width_out) { ++stats::queryConstructs; switch (e->getKind()) { + // FIXME: There shouldn't be pointer exprs building here, but due to an bug + // occurring in the optimized runtime job at, it's here + case Expr::Pointer: + case Expr::ConstantPointer: { + PointerExpr *pe = cast(e); + return construct(pe->getValue(), width_out); + } + case Expr::Constant: { ConstantExpr *CE = cast(e); *width_out = CE->getWidth(); @@ -574,9 +582,9 @@ ExprHandle STPBuilder::constructActual(ref e, int *width_out) { if (auto constantSource = dyn_cast(re->updates.root->source)) { if (!isa(re->updates.root->size)) { - ref selectExpr = constantSource->constantValues.defaultV(); + ref selectExpr = constantSource->constantValues->defaultV(); for (const auto &[index, value] : - constantSource->constantValues.storage()) { + constantSource->constantValues->storage()) { selectExpr = SelectExpr::create( EqExpr::create(re->index, ConstantExpr::create( index, re->index->getWidth())), diff --git a/lib/Solver/STPSolver.cpp b/lib/Solver/STPSolver.cpp index 86679cc898..5390a0191a 100644 --- a/lib/Solver/STPSolver.cpp +++ b/lib/Solver/STPSolver.cpp @@ -108,10 +108,10 @@ class STPSolverImpl : public SolverImpl { bool computeTruth(const Query &, bool &isValid) override; bool computeValue(const Query &, ref &result) override; - bool computeInitialValues(const Query &, - const std::vector &objects, - std::vector> &values, - bool &hasSolution) override; + bool + computeInitialValues(const Query &, const std::vector &objects, + std::vector> &values, + bool &hasSolution) override; SolverRunStatus getOperationStatusCode() override; }; @@ -221,7 +221,7 @@ char *STPSolverImpl::getConstraintLog(const Query &query) { bool STPSolverImpl::computeTruth(const Query &query, bool &isValid) { std::vector objects; - std::vector> values; + std::vector> values; bool hasSolution; if (!computeInitialValues(query, objects, values, hasSolution)) @@ -233,7 +233,7 @@ bool STPSolverImpl::computeTruth(const Query &query, bool &isValid) { bool STPSolverImpl::computeValue(const Query &query, ref &result) { std::vector objects; - std::vector> values; + std::vector> values; bool hasSolution; // Find the object used in the expression, and compute an assignment @@ -253,7 +253,7 @@ bool STPSolverImpl::computeValue(const Query &query, ref &result) { static SolverImpl::SolverRunStatus runAndGetCex(::VC vc, STPBuilder *builder, ::VCExpr q, const std::vector &objects, - std::vector> &values, + std::vector> &values, bool &hasSolution) { // XXX I want to be able to timeout here, safely hasSolution = !vc_query(vc, q); @@ -291,7 +291,7 @@ static void stpTimeoutHandler(int x) { _exit(52); } static SolverImpl::SolverRunStatus runAndGetCexForked(::VC vc, STPBuilder *builder, ::VCExpr q, const std::vector &objects, - std::vector> &values, + std::vector> &values, bool &hasSolution, time::Span timeout) { unsigned char *pos = shared_memory_ptr; // unsigned sum = 0; @@ -425,7 +425,7 @@ runAndGetCexForked(::VC vc, STPBuilder *builder, ::VCExpr q, bool STPSolverImpl::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { runStatusCode = SOLVER_RUN_STATUS_FAILURE; TimerStatIncrementer t(stats::queryTime); diff --git a/lib/Solver/Solver.cpp b/lib/Solver/Solver.cpp index f6b0652235..fe018ea03f 100644 --- a/lib/Solver/Solver.cpp +++ b/lib/Solver/Solver.cpp @@ -10,6 +10,7 @@ #include "klee/Solver/Solver.h" #include "klee/Expr/Constraints.h" +#include "klee/Expr/Expr.h" #include "klee/Expr/ExprUtil.h" #include "klee/Solver/SolverImpl.h" #include "klee/Solver/SolverUtil.h" @@ -85,11 +86,21 @@ bool Solver::mayBeFalse(const Query &query, bool &result) { return true; } -bool Solver::getValue(const Query &query, ref &result) { - // Maintain invariants implementation expect. - if (ConstantExpr *CE = dyn_cast(query.expr)) { - result = CE; - return true; +template +bool Solver::getValue(const Query &query, ref &result) { + static_assert(std::is_base_of::value); + if constexpr (std::is_base_of::value) { + // Maintain invariants implementation expect. + if (ConstantExpr *CE = dyn_cast(query.expr)) { + result = CE; + return true; + } + } + if constexpr (std::is_base_of::value) { + if (ConstantPointerExpr *CP = dyn_cast(query.expr)) { + result = CP; + return true; + } } // FIXME: Push ConstantExpr requirement down. @@ -97,10 +108,17 @@ bool Solver::getValue(const Query &query, ref &result) { if (!impl->computeValue(query, tmp)) return false; - result = cast(tmp); + assert(isa(tmp)); + result = cast(tmp); return true; } +template bool Solver::getValue(const Query &, ref &); +template bool Solver::getValue(const Query &, + ref &); +template bool Solver::getValue(const Query &, + ref &); + bool Solver::getMinimalUnsignedValue(const Query &query, ref &result) { if (ConstantExpr *CE = dyn_cast(query.expr)) { @@ -147,7 +165,7 @@ bool Solver::getValidityCore(const Query &query, ValidityCore &validityCore, bool Solver::getInitialValues( const Query &query, const std::vector &objects, - std::vector> &values) { + std::vector> &values) { bool hasSolution; bool success = impl->computeInitialValues(query, objects, values, hasSolution); diff --git a/lib/Solver/SolverImpl.cpp b/lib/Solver/SolverImpl.cpp index e1d3ab3513..535ae69bad 100644 --- a/lib/Solver/SolverImpl.cpp +++ b/lib/Solver/SolverImpl.cpp @@ -58,7 +58,7 @@ bool SolverImpl::computeValidity(const Query &query, bool SolverImpl::check(const Query &query, ref &result) { std::vector objects; findSymbolicObjects(query, objects); - std::vector> values; + std::vector> values; bool hasSolution; diff --git a/lib/Solver/ValidatingSolver.cpp b/lib/Solver/ValidatingSolver.cpp index 7e065f77bb..5681febb58 100644 --- a/lib/Solver/ValidatingSolver.cpp +++ b/lib/Solver/ValidatingSolver.cpp @@ -33,10 +33,10 @@ class ValidatingSolver : public SolverImpl { bool computeValidity(const Query &, PartialValidity &result); bool computeTruth(const Query &, bool &isValid); bool computeValue(const Query &, ref &result); - bool computeInitialValues(const Query &, - const std::vector &objects, - std::vector> &values, - bool &hasSolution); + bool + computeInitialValues(const Query &, const std::vector &objects, + std::vector> &values, + bool &hasSolution); bool check(const Query &query, ref &result); bool computeValidityCore(const Query &query, ValidityCore &validityCore, bool &isValid); @@ -94,7 +94,7 @@ bool ValidatingSolver::computeValue(const Query &query, ref &result) { bool ValidatingSolver::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { bool answer; if (!solver->impl->computeInitialValues(query, objects, values, hasSolution)) @@ -116,12 +116,10 @@ bool ValidatingSolver::computeInitialValues( for (unsigned j = 0; j < arrayConstantSize->getZExtValue(); j++) { unsigned char value = values[i].load(j); - bindings.addConstraint( - EqExpr::create( - ReadExpr::create(UpdateList(array, 0), - ConstantExpr::alloc(j, array->getDomain())), - ConstantExpr::alloc(value, array->getRange())), - {}); + bindings.addConstraint(EqExpr::create( + ReadExpr::create(UpdateList(array, 0), + ConstantExpr::alloc(j, array->getDomain())), + ConstantExpr::alloc(value, array->getRange()))); } } ref constraints = Expr::createIsZero(query.expr); @@ -173,12 +171,10 @@ bool ValidatingSolver::check(const Query &query, ref &result) { for (unsigned j = 0; j < arrayConstantSize->getZExtValue(); j++) { unsigned char value = arrayValues.second.load(j); - bindings.addConstraint( - EqExpr::create( - ReadExpr::create(UpdateList(array, 0), - ConstantExpr::alloc(j, array->getDomain())), - ConstantExpr::alloc(value, array->getRange())), - {}); + bindings.addConstraint(EqExpr::create( + ReadExpr::create(UpdateList(array, 0), + ConstantExpr::alloc(j, array->getDomain())), + ConstantExpr::alloc(value, array->getRange()))); } } ref constraints = Expr::createIsZero(query.expr); diff --git a/lib/Solver/Z3BitvectorBuilder.cpp b/lib/Solver/Z3BitvectorBuilder.cpp index 881f41a701..aa957b450a 100644 --- a/lib/Solver/Z3BitvectorBuilder.cpp +++ b/lib/Solver/Z3BitvectorBuilder.cpp @@ -277,6 +277,11 @@ Z3ASTHandle Z3BitvectorBuilder::constructActual(ref e, int *width_out) { width_out = &width; ++stats::queryConstructs; switch (e->getKind()) { + case Expr::Pointer: + case Expr::ConstantPointer: { + assert(0 && "unreachable"); + } + case Expr::Constant: { ConstantExpr *CE = cast(e); *width_out = CE->getWidth(); diff --git a/lib/Solver/Z3Builder.cpp b/lib/Solver/Z3Builder.cpp index 7cc873980c..9b3b042466 100644 --- a/lib/Solver/Z3Builder.cpp +++ b/lib/Solver/Z3Builder.cpp @@ -255,7 +255,7 @@ Z3ASTHandle Z3Builder::getInitialArray(const Array *root) { std::string unique_name = root->getIdentifier() + unique_id; auto source = dyn_cast(root->source); - auto value = (source ? source->constantValues.defaultV() : nullptr); + auto value = (source ? source->constantValues->defaultV() : nullptr); if (source) { assert(value); } @@ -302,7 +302,7 @@ Z3ASTHandle Z3Builder::getInitialArray(const Array *root) { if (auto constSize = dyn_cast(root->size)) { std::vector array_assertions; for (size_t i = 0; i < constSize->getZExtValue(); i++) { - auto value = source->constantValues.load(i); + auto value = source->constantValues->load(i); // construct(= (select i root) root->value[i]) to be asserted in // Z3Solver.cpp int width_out; @@ -315,7 +315,7 @@ Z3ASTHandle Z3Builder::getInitialArray(const Array *root) { } constant_array_assertions[root] = std::move(array_assertions); } else { - for (auto &[index, value] : source->constantValues.storage()) { + for (const auto &[index, value] : source->constantValues->storage()) { int width_out; Z3ASTHandle array_value = construct(value, &width_out); assert(width_out == (int)root->getRange() && @@ -398,6 +398,11 @@ Z3ASTHandle Z3Builder::constructActual(ref e, int *width_out) { ++stats::queryConstructs; switch (e->getKind()) { + case Expr::Pointer: + case Expr::ConstantPointer: { + assert(0 && "unreachable"); + } + case Expr::Constant: { ConstantExpr *CE = cast(e); *width_out = CE->getWidth(); diff --git a/lib/Solver/Z3CoreBuilder.cpp b/lib/Solver/Z3CoreBuilder.cpp index 687c0e47db..f1d454ea9b 100644 --- a/lib/Solver/Z3CoreBuilder.cpp +++ b/lib/Solver/Z3CoreBuilder.cpp @@ -210,6 +210,11 @@ Z3ASTHandle Z3CoreBuilder::constructActual(ref e, int *width_out) { ++stats::queryConstructs; switch (e->getKind()) { + case Expr::Pointer: + case Expr::ConstantPointer: { + assert(0 && "unreachable"); + } + case Expr::Constant: { ConstantExpr *CE = cast(e); *width_out = CE->getWidth(); diff --git a/lib/Solver/Z3Solver.cpp b/lib/Solver/Z3Solver.cpp index a485ebe83e..a27938d41b 100644 --- a/lib/Solver/Z3Solver.cpp +++ b/lib/Solver/Z3Solver.cpp @@ -225,7 +225,7 @@ class Z3SolverImpl : public SolverImpl { bool internalRunSolver(const ConstraintQuery &query, Z3SolverEnv &env, ObjectAssignment needObjects, - std::vector> *values, + std::vector> *values, ValidityCore *validityCore, bool &hasSolution); bool validateZ3Model(::Z3_solver &theSolver, ::Z3_model &theModel); @@ -233,7 +233,7 @@ class Z3SolverImpl : public SolverImpl { SolverImpl::SolverRunStatus handleSolverResponse(::Z3_solver theSolver, ::Z3_lbool satisfiable, const Z3SolverEnv &env, ObjectAssignment needObjects, - std::vector> *values, + std::vector> *values, bool &hasSolution); protected: @@ -248,9 +248,10 @@ class Z3SolverImpl : public SolverImpl { bool computeTruth(const ConstraintQuery &, Z3SolverEnv &env, bool &isValid); bool computeValue(const ConstraintQuery &, Z3SolverEnv &env, ref &result); - bool computeInitialValues(const ConstraintQuery &, Z3SolverEnv &env, - std::vector> &values, - bool &hasSolution); + bool + computeInitialValues(const ConstraintQuery &, Z3SolverEnv &env, + std::vector> &values, + bool &hasSolution); bool check(const ConstraintQuery &query, Z3SolverEnv &env, ref &result); bool computeValidityCore(const ConstraintQuery &query, Z3SolverEnv &env, @@ -436,7 +437,7 @@ bool Z3SolverImpl::computeTruth(const ConstraintQuery &query, Z3SolverEnv &env, bool Z3SolverImpl::computeValue(const ConstraintQuery &query, Z3SolverEnv &env, ref &result) { - std::vector> values; + std::vector> values; bool hasSolution; // Find the object used in the expression, and compute an assignment @@ -455,7 +456,7 @@ bool Z3SolverImpl::computeValue(const ConstraintQuery &query, Z3SolverEnv &env, bool Z3SolverImpl::computeInitialValues( const ConstraintQuery &query, Z3SolverEnv &env, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { return internalRunSolver(query, env, ObjectAssignment::NeededForObjectsFromEnv, &values, /*validityCore=*/NULL, hasSolution); @@ -463,7 +464,7 @@ bool Z3SolverImpl::computeInitialValues( bool Z3SolverImpl::check(const ConstraintQuery &query, Z3SolverEnv &env, ref &result) { - std::vector> values; + std::vector> values; ValidityCore validityCore; bool hasSolution = false; bool status = @@ -492,7 +493,7 @@ bool Z3SolverImpl::computeValidityCore(const ConstraintQuery &query, bool Z3SolverImpl::internalRunSolver( const ConstraintQuery &query, Z3SolverEnv &env, ObjectAssignment needObjects, - std::vector> *values, + std::vector> *values, ValidityCore *validityCore, bool &hasSolution) { if (ProduceUnsatCore && validityCore) { @@ -624,7 +625,9 @@ bool Z3SolverImpl::internalRunSolver( if (z3_ast_expr_unsat_core.find(z3_constraint) != z3_ast_expr_unsat_core.end()) { ref constraint = env.z3_ast_expr_to_klee_expr[z3_constraint]; - unsatCore.insert(constraint); + if (Expr::createIsZero(constraint) != query.getOriginalQueryExpr()) { + unsatCore.insert(constraint); + } } } assert(validityCore && "validityCore cannot be nullptr"); @@ -670,7 +673,7 @@ bool Z3SolverImpl::internalRunSolver( SolverImpl::SolverRunStatus Z3SolverImpl::handleSolverResponse( ::Z3_solver theSolver, ::Z3_lbool satisfiable, const Z3SolverEnv &env, ObjectAssignment needObjects, - std::vector> *values, bool &hasSolution) { + std::vector> *values, bool &hasSolution) { switch (satisfiable) { case Z3_L_TRUE: { hasSolution = true; @@ -686,7 +689,7 @@ SolverImpl::SolverRunStatus Z3SolverImpl::handleSolverResponse( Z3_model_inc_ref(builder->ctx, theModel); values->reserve(objects->size()); for (auto array : *objects) { - SparseStorage data; + SparseStorageImpl data; ::Z3_ast arraySizeExpr; Z3_model_eval(builder->ctx, theModel, builder->construct(array->size), @@ -896,10 +899,11 @@ class Z3NonIncSolverImpl final : public Z3SolverImpl { return Z3SolverImpl::computeValue(ConstraintQuery(query, false), env, result); } - bool computeInitialValues(const Query &query, - const std::vector &objects, - std::vector> &values, - bool &hasSolution) override { + bool + computeInitialValues(const Query &query, + const std::vector &objects, + std::vector> &values, + bool &hasSolution) override { Z3SolverEnv env(objects); return Z3SolverImpl::computeInitialValues(ConstraintQuery(query, false), env, values, hasSolution); @@ -1081,10 +1085,11 @@ class Z3TreeSolverImpl final : public Z3SolverImpl { /// implementation of the SolverImpl interface bool computeTruth(const Query &query, bool &isValid) override; bool computeValue(const Query &query, ref &result) override; - bool computeInitialValues(const Query &query, - const std::vector &objects, - std::vector> &values, - bool &hasSolution) override; + bool + computeInitialValues(const Query &query, + const std::vector &objects, + std::vector> &values, + bool &hasSolution) override; bool check(const Query &query, ref &result) override; bool computeValidityCore(const Query &query, ValidityCore &validityCore, bool &isValid) override; @@ -1161,7 +1166,7 @@ bool Z3TreeSolverImpl::computeValue(const Query &query, ref &result) { bool Z3TreeSolverImpl::computeInitialValues( const Query &query, const std::vector &objects, - std::vector> &values, bool &hasSolution) { + std::vector> &values, bool &hasSolution) { auto q = prepare(query); currentSolver->env.objectsForGetModel = objects; return Z3SolverImpl::computeInitialValues(q, currentSolver->env, values, diff --git a/runtime/Runtest/intrinsics.c b/runtime/Runtest/intrinsics.c index 5402908de2..16766ca91f 100644 --- a/runtime/Runtest/intrinsics.c +++ b/runtime/Runtest/intrinsics.c @@ -69,8 +69,9 @@ void recursively_allocate(KTestObject *obj, size_t index, void *addr, obj->pointers[i].index, 0, 1); } void *offset_addr = (void *)(addresses[index] + (obj->pointers[i].offset)); - memcpy(offset_addr, &addresses[obj->pointers[i].index], sizeof(void *)); - *((char *)offset_addr) += obj->pointers[i].indexOffset; + void *pointee_addr = (void *)(addresses[obj->pointers[i].index]); + pointee_addr += obj->pointers[i].indexOffset; + memcpy(offset_addr, &pointee_addr, sizeof(void *)); } return; } diff --git a/scripts/build/p-immer-linux-ubuntu.inc b/scripts/build/p-immer-linux-ubuntu.inc new file mode 100644 index 0000000000..0d3df36b98 --- /dev/null +++ b/scripts/build/p-immer-linux-ubuntu.inc @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +install_build_dependencies_immer() { + source "${DIR}/common-functions" + with_sudo apt update -y + + dependencies=( + ca-certificates + wget + unzip + git + ) + + #Install essential dependencies + with_sudo apt -y --no-install-recommends install "${dependencies[@]}" +} diff --git a/scripts/build/p-immer-osx.inc b/scripts/build/p-immer-osx.inc new file mode 100644 index 0000000000..654f944f14 --- /dev/null +++ b/scripts/build/p-immer-osx.inc @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +install_build_dependencies_immer() { + # Install essential dependency + # Ignore if already installed + brew install wget || /usr/bin/true +} diff --git a/scripts/build/p-immer.inc b/scripts/build/p-immer.inc new file mode 100644 index 0000000000..b7b65fbba5 --- /dev/null +++ b/scripts/build/p-immer.inc @@ -0,0 +1,46 @@ +#!/usr/bin/env bash +setup_build_variables_immer() { + IMMER_INSTALL_PATH="${BASE}/immer-${IMMER_VERSION}" + immer_url="https://github.com/arximboldi/immer.git" + return 0 +} + +download_immer() { + source "${DIR}/common-functions" + # Download immer + git_clone_or_update "${immer_url}" "${IMMER_INSTALL_PATH}" "${IMMER_VERSION}" + touch "${IMMER_INSTALL_PATH}"/.is_installed +} + +build_immer() { + return 0 +} + +install_immer() { + return 0 +} + +is_installed_immer() { + ( + setup_build_variables_immer + [[ -f "${IMMER_INSTALL_PATH}"/.is_installed ]] + ) || return 1 +} + +get_build_artifacts_immer() { + ( + setup_build_variables_immer + echo "${IMMER_INSTALL_PATH}" + ) +} + +setup_artifact_variables_immer() { + setup_build_variables_immer +} + +get_docker_config_id_immer() { + ( + setup_build_variables_immer + echo "${IMMER_VERSION}" + ) +} diff --git a/scripts/build/p-klee.inc b/scripts/build/p-klee.inc index 83379129a6..c3ba6b12f9 100644 --- a/scripts/build/p-klee.inc +++ b/scripts/build/p-klee.inc @@ -4,7 +4,7 @@ validate_build_config_klee() { setup_build_variables_klee() { source "${DIR}/common-functions" - KLEE_SUFFIX="${LLVM_VERSION_SHORT}${SOLVER_SUFFIX}${SANITIZER_SUFFIX}" + KLEE_SUFFIX="${LLVM_VERSION_SHORT}${SOLVER_SUFFIX}${SANITIZER_SUFFIX}${BUILD_SUFFIX}" KLEE_BUILD_DIR="${BASE}/klee_build${KLEE_SUFFIX}" KLEE_SRC="$DIR/../../" } @@ -20,9 +20,11 @@ build_klee() { "-DLLVM_DIR=${LLVM_INSTALL}" "-DGTEST_SRC_DIR=${GTEST_INSTALL_PATH}" "-DJSON_SRC_DIR=${JSON_INSTALL_PATH}" + "-DIMMER_SRC_DIR=${IMMER_INSTALL_PATH}" "-DENABLE_UNIT_TESTS=TRUE" "-DENABLE_SYSTEM_TESTS=TRUE" "-DENABLE_DOXYGEN=${ENABLE_DOXYGEN}" + "-DBUILD_SUFFIX=${BUILD_SUFFIX}" "-DLIT_ARGS=\"-v;--time-tests\"" ) diff --git a/scripts/build/v-immer.inc b/scripts/build/v-immer.inc new file mode 100644 index 0000000000..b66dada6e0 --- /dev/null +++ b/scripts/build/v-immer.inc @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +# shellcheck disable=SC2034 +# Build information for immer +required_variables_immer=( + "IMMER_VERSION" +) + +# Artifacts immer depends on +artifact_dependency_immer=("") diff --git a/scripts/build/v-klee.inc b/scripts/build/v-klee.inc index eb5815dc53..86103d60cb 100644 --- a/scripts/build/v-klee.inc +++ b/scripts/build/v-klee.inc @@ -2,6 +2,7 @@ required_variables_klee=( "COVERAGE" "KLEE_RUNTIME_BUILD" + "BUILD_SUFFIX" "USE_TCMALLOC" "USE_LIBCXX" "ENABLE_DOXYGEN" @@ -16,7 +17,7 @@ required_variables_check_klee() { # On which artifacts does KLEE depend on artifact_dependency_klee(){ - local dependencies=("llvm" "solvers" "gtest" "sqlite" "cmake" "json") + local dependencies=("llvm" "solvers" "gtest" "sqlite" "cmake" "json" "immer") if [[ "${OS}" != "osx" ]]; then dependencies+=(uclibc) fi @@ -34,7 +35,7 @@ runtime_artifact_dependency_klee(){ if [[ "${OS}" != "osx" ]]; then echo "uclibc" fi - dependencies+=("llvm" "solvers" "gtest" "sqlite" "json") + dependencies+=("llvm" "solvers" "gtest" "sqlite" "json" "immer") [[ "${USE_TCMALLOC:-}" -eq 1 ]] && dependencies+=("tcmalloc") [[ "${USE_LIBCXX:-}" -eq 1 ]] && dependencies+=("libcxx") diff --git a/scripts/kleef b/scripts/kleef index 969b6c4460..a5a99fcc23 100755 --- a/scripts/kleef +++ b/scripts/kleef @@ -61,6 +61,9 @@ def klee_options( # "--search=nurs:covnew", # "--search=nurs:md2u", "--search=random-path", # "-const-array-opt", + "--only-output-make-symbolic-arrays", + "--memory-backend=mixed", + "--max-fixed-size-structures-size=64", ] if is32: diff --git a/scripts/replay.sh b/scripts/replay.sh index 8a4a426efb..621860b376 100755 --- a/scripts/replay.sh +++ b/scripts/replay.sh @@ -9,10 +9,11 @@ # # ===----------------------------------------------------------------------===## +timeout_name="" if [[ "$OSTYPE" == "linux-gnu"* ]]; then - TIMEOUT="timeout" + timeout_name="timeout" else - TIMEOUT="gtimeout" + timeout_name="gtimeout" fi -find $1 -name "*.ktest" -type f -exec bash -c 'KLEE_RUN_TEST_ERRORS_NON_FATAL=STOP KTEST_FILE=$1 $3 1 $2' bash {} $2 $TIMEOUT \; +find $1 -name "*.ktest" -type f -exec bash -c 'KLEE_RUN_TEST_ERRORS_NON_FATAL=STOP KTEST_FILE=$1 $3 1 $2' bash {} $2 $timeout_name \; exit 0 diff --git a/test/Expr/print-smt-let.smt2.good b/test/Expr/print-smt-let.smt2.good index 05ea45d94e..a171432574 100644 --- a/test/Expr/print-smt-let.smt2.good +++ b/test/Expr/print-smt-let.smt2.good @@ -392,7 +392,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (not (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (not (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult ?B1 (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -404,7 +404,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (not (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -416,7 +416,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (not (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -428,7 +428,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (not (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) ) (and (not (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -440,7 +440,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (not (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (not (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -452,7 +452,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (= false (= (_ bv18446744073657921168 64) ?B1 ) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (= false (= (_ bv18446744073657921168 64) ?B1 ) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -464,7 +464,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744069414584319 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744069414584319 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -476,7 +476,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744071562067967 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744071562067967 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -488,7 +488,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744072635809791 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744072635809791 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -500,7 +500,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073172680703 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073172680703 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -512,7 +512,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073441116159 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073441116159 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -524,7 +524,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073575333887 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073575333887 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -536,7 +536,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073642442751 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073642442751 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -548,7 +548,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073675997183 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073675997183 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -560,7 +560,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073692774399 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073692774399 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -572,7 +572,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073701163007 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073701163007 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -584,7 +584,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073705357311 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073705357311 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -596,7 +596,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073707454463 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073707454463 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -608,7 +608,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073708503039 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073708503039 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -620,7 +620,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709027327 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709027327 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -632,7 +632,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709289471 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709289471 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -644,7 +644,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709420543 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709420543 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -656,7 +656,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709486079 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709486079 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -668,7 +668,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709518847 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709518847 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -680,7 +680,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709535231 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709535231 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -692,7 +692,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709543423 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709543423 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -704,7 +704,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709547519 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709547519 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -716,7 +716,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709549567 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709549567 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -728,7 +728,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709550591 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709550591 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -740,7 +740,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551103 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551103 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -752,7 +752,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551359 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551359 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -764,7 +764,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551487 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551487 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -776,7 +776,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551551 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551551 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -788,7 +788,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551583 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551583 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -800,7 +800,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551599 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551599 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -812,7 +812,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551607 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551607 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -824,7 +824,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551611 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551611 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -836,7 +836,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551613 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551613 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -848,7 +848,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551612 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (and (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551612 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -866,7 +866,7 @@ (assert (= (select constant0 (_ bv1 32) ) (_ bv101 8) ) ) (assert (= (select constant0 (_ bv2 32) ) (_ bv115 8) ) ) (assert (= (select constant0 (_ bv3 32) ) (_ bv0 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv31312 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant0 (bvadd (_ bv3 32) ?B3 ) ) (concat (select constant0 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant0 (bvadd (_ bv1 32) ?B3 ) ) (select constant0 ?B3 ) ) ) ) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (bvult ?B2 (_ bv1 64) ) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv31312 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant0 (bvadd (_ bv3 32) ?B3 ) ) (concat (select constant0 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant0 (bvadd (_ bv1 32) ?B3 ) ) (select constant0 ?B3 ) ) ) ) ) ) ) (and (bvult ?B2 (_ bv1 64) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic1 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic1 (_ bv1 32) ) ) ) @@ -883,7 +883,7 @@ (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) (declare-fun makeSymbolic1 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv18446744073709533360 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (and (and (and (and (not (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic1 (bvadd (_ bv3 32) ?B3 ) ) (concat (select makeSymbolic1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select makeSymbolic1 (bvadd (_ bv1 32) ?B3 ) ) (select makeSymbolic1 ?B3 ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) (bvult ?B2 (_ bv1 64) ) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv18446744073709533360 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (not (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic1 (bvadd (_ bv3 32) ?B3 ) ) (concat (select makeSymbolic1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select makeSymbolic1 (bvadd (_ bv1 32) ?B3 ) ) (select makeSymbolic1 ?B3 ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (and (bvult ?B2 (_ bv1 64) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -905,7 +905,7 @@ (assert (= (select constant1 (_ bv1 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv2 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv3 32) ) (_ bv171 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv18446744073709533328 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (and (and (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv1 32) ?B3 ) ) (select constant1 ?B3 ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) (bvult ?B2 (_ bv1 64) ) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv18446744073709533328 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv1 32) ?B3 ) ) (select constant1 ?B3 ) ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (and (= false (bvult ?B1 (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) (and (bvult ?B2 (_ bv1 64) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -961,7 +961,7 @@ (assert (= (select constant1 (_ bv1 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv2 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv3 32) ) (_ bv171 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv111120 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv1 32) ?B3 ) ) (select constant1 ?B3 ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (bvult ?B2 (_ bv1 64) ) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv111120 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv1 32) ?B3 ) ) (select constant1 ?B3 ) ) ) ) ) ) ) (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (and (bvult ?B2 (_ bv1 64) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -995,7 +995,7 @@ (assert (= (select constant2 (_ bv13 32) ) (_ bv0 8) ) ) (assert (= (select constant2 (_ bv14 32) ) (_ bv0 8) ) ) (assert (= (select constant2 (_ bv15 32) ) (_ bv0 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv31760 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant2 (bvadd (_ bv3 32) ?B3 ) ) (concat (select constant2 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant2 (bvadd (_ bv1 32) ?B3 ) ) (select constant2 ?B3 ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (bvult ?B2 (_ bv13 64) ) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv31760 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant2 (bvadd (_ bv3 32) ?B3 ) ) (concat (select constant2 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant2 (bvadd (_ bv1 32) ?B3 ) ) (select constant2 ?B3 ) ) ) ) ) ) ) (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (and (bvult ?B2 (_ bv13 64) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic1 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic1 (_ bv1 32) ) ) ) @@ -1012,7 +1012,7 @@ (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) (declare-fun makeSymbolic1 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv18446744073709532800 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (and (and (and (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic0 (bvadd (_ bv3 32) ?B3 ) ) (concat (select makeSymbolic0 (bvadd (_ bv2 32) ?B3 ) ) (concat (select makeSymbolic0 (bvadd (_ bv1 32) ?B3 ) ) (select makeSymbolic0 ?B3 ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) (bvult ?B2 (_ bv1 64) ) ) ) ) ) ) +(assert (let ( (?B1 (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) (let ( (?B2 (bvadd (_ bv18446744073709532800 64) ?B1 ) ) ) (let ( (?B3 ((_ extract 31 0) ?B2 ) ) ) (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic0 (bvadd (_ bv3 32) ?B3 ) ) (concat (select makeSymbolic0 (bvadd (_ bv2 32) ?B3 ) ) (concat (select makeSymbolic0 (bvadd (_ bv1 32) ?B3 ) ) (select makeSymbolic0 ?B3 ) ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) ) (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (and (bvult ?B2 (_ bv1 64) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) diff --git a/test/Expr/print-smt-named.smt2.good b/test/Expr/print-smt-named.smt2.good index fd7e2061ee..00ab0fc558 100644 --- a/test/Expr/print-smt-named.smt2.good +++ b/test/Expr/print-smt-named.smt2.good @@ -392,7 +392,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (not (= false (bvult (bvadd (_ bv31760 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) +(assert (and (not (= false (bvult (bvadd (_ bv31760 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv13 64) ) ) ) (and (= false (bvult ?B1 (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -404,7 +404,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (not (= false (bvult (bvadd (_ bv111120 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) +(assert (and (and (= false (bvult (bvadd (_ bv31312 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult ?B1 (_ bv13 64) ) ) (not (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -416,7 +416,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (not (= false (bvult (bvadd (_ bv18446744073709533360 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -428,7 +428,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (not (= false (bvult (bvadd (_ bv18446744073709533328 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (= false (bvult (bvadd (_ bv18446744073709533360 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv1 64) ) ) (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) ) (and (not (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -440,7 +440,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (not (= false (bvult (bvadd (_ bv18446744073709532800 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (not (= false (bvult (bvadd (_ bv18446744073709532800 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv1 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -452,7 +452,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (= false (= (_ bv18446744073657921168 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (= false (= (_ bv18446744073657921168 64) ?B1 ) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -464,7 +464,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744069414584319 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744069414584319 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -476,7 +476,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744071562067967 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744071562067967 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -488,7 +488,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744072635809791 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744072635809791 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -500,7 +500,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073172680703 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073172680703 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -512,7 +512,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073441116159 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073441116159 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -524,7 +524,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073575333887 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073575333887 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -536,7 +536,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073642442751 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073642442751 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -548,7 +548,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073675997183 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073675997183 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -560,7 +560,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073692774399 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073692774399 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -572,7 +572,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073701163007 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073701163007 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -584,7 +584,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073705357311 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073705357311 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -596,7 +596,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073707454463 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073707454463 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -608,7 +608,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073708503039 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073708503039 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -620,7 +620,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709027327 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709027327 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -632,7 +632,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709289471 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709289471 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -644,7 +644,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709420543 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709420543 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -656,7 +656,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709486079 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709486079 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -668,7 +668,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709518847 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709518847 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -680,7 +680,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709535231 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709535231 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -692,7 +692,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709543423 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709543423 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -704,7 +704,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709547519 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709547519 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -716,7 +716,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709549567 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709549567 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -728,7 +728,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709550591 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709550591 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -740,7 +740,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709551103 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551103 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -752,7 +752,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709551359 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551359 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -764,7 +764,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709551487 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551487 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -776,7 +776,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709551551 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551551 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -788,7 +788,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709551583 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551583 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -800,7 +800,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709551599 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551599 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -812,7 +812,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709551607 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551607 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -824,7 +824,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709551611 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551611 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -836,7 +836,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709551613 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551613 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -848,7 +848,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) (_ bv18446744073709551612 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) ?B1 ) (_ bv18446744073709551612 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -866,7 +866,7 @@ (assert (= (select constant0 (_ bv1 32) ) (_ bv101 8) ) ) (assert (= (select constant0 (_ bv2 32) ) (_ bv115 8) ) ) (assert (= (select constant0 (_ bv3 32) ) (_ bv0 8) ) ) -(assert (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant0 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv31312 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select constant0 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant0 (bvadd (_ bv1 32) ?B3 ) ) (select constant0 ?B3 ) ) ) ) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (bvult ?B2 (_ bv1 64) ) ) ) +(assert (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant0 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv31312 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select constant0 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant0 (bvadd (_ bv1 32) ?B3 ) ) (select constant0 ?B3 ) ) ) ) ) ) ) (and (bvult ?B2 (_ bv1 64) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic1 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic1 (_ bv1 32) ) ) ) @@ -883,7 +883,7 @@ (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) (declare-fun makeSymbolic1 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (not (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic1 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv18446744073709533360 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select makeSymbolic1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select makeSymbolic1 (bvadd (_ bv1 32) ?B3 ) ) (select makeSymbolic1 ?B3 ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) (bvult ?B2 (_ bv1 64) ) ) ) +(assert (and (not (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic1 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv18446744073709533360 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select makeSymbolic1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select makeSymbolic1 (bvadd (_ bv1 32) ?B3 ) ) (select makeSymbolic1 ?B3 ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (and (bvult ?B2 (_ bv1 64) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -905,7 +905,7 @@ (assert (= (select constant1 (_ bv1 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv2 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv3 32) ) (_ bv171 8) ) ) -(assert (and (and (and (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv18446744073709533328 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select constant1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv1 32) ?B3 ) ) (select constant1 ?B3 ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) (bvult ?B2 (_ bv1 64) ) ) ) +(assert (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv18446744073709533328 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select constant1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv1 32) ?B3 ) ) (select constant1 ?B3 ) ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (and (= false (bvult ?B1 (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) ) (and (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) (and (bvult ?B2 (_ bv1 64) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -961,7 +961,7 @@ (assert (= (select constant1 (_ bv1 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv2 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv3 32) ) (_ bv171 8) ) ) -(assert (and (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv111120 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select constant1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv1 32) ?B3 ) ) (select constant1 ?B3 ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (bvult ?B2 (_ bv1 64) ) ) ) +(assert (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv111120 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select constant1 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant1 (bvadd (_ bv1 32) ?B3 ) ) (select constant1 ?B3 ) ) ) ) ) ) ) (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (and (bvult ?B2 (_ bv1 64) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -995,7 +995,7 @@ (assert (= (select constant2 (_ bv13 32) ) (_ bv0 8) ) ) (assert (= (select constant2 (_ bv14 32) ) (_ bv0 8) ) ) (assert (= (select constant2 (_ bv15 32) ) (_ bv0 8) ) ) -(assert (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant2 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv31760 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select constant2 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant2 (bvadd (_ bv1 32) ?B3 ) ) (select constant2 ?B3 ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (bvult ?B2 (_ bv13 64) ) ) ) +(assert (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant2 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv31760 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select constant2 (bvadd (_ bv2 32) ?B3 ) ) (concat (select constant2 (bvadd (_ bv1 32) ?B3 ) ) (select constant2 ?B3 ) ) ) ) ) ) ) (and (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) (and (bvult ?B2 (_ bv13 64) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic1 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic1 (_ bv1 32) ) ) ) @@ -1012,7 +1012,7 @@ (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) (declare-fun makeSymbolic1 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic0 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv18446744073709532800 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select makeSymbolic0 (bvadd (_ bv2 32) ?B3 ) ) (concat (select makeSymbolic0 (bvadd (_ bv1 32) ?B3 ) ) (select makeSymbolic0 ?B3 ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult ?B1 (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) ) (bvult ?B2 (_ bv1 64) ) ) ) +(assert (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic0 (bvadd (_ bv3 32) (! ((_ extract 31 0) (! (bvadd (_ bv18446744073709532800 64) (! (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) :named ?B1) ) :named ?B2) ) :named ?B3) ) ) (concat (select makeSymbolic0 (bvadd (_ bv2 32) ?B3 ) ) (concat (select makeSymbolic0 (bvadd (_ bv1 32) ?B3 ) ) (select makeSymbolic0 ?B3 ) ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv111120 64) ?B1 ) (_ bv1 64) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533360 64) ?B1 ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) ?B1 ) (_ bv13 64) ) ) ) ) (and (and (= false (bvult ?B1 (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) ?B1 ) (_ bv1 64) ) ) ) (and (bvult ?B2 (_ bv1 64) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) ?B1 ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) diff --git a/test/Expr/print-smt-none.smt2.good b/test/Expr/print-smt-none.smt2.good index 1fe23264f3..843a103bad 100644 --- a/test/Expr/print-smt-none.smt2.good +++ b/test/Expr/print-smt-none.smt2.good @@ -392,7 +392,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (not (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) +(assert (and (not (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -404,7 +404,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (not (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) +(assert (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -416,7 +416,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (not (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -428,7 +428,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (not (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) (and (not (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -440,7 +440,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (not (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (not (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -452,7 +452,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (= false (= (_ bv18446744073657921168 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (= false (= (_ bv18446744073657921168 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -464,7 +464,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744069414584319 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744069414584319 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -476,7 +476,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744071562067967 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744071562067967 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -488,7 +488,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744072635809791 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744072635809791 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -500,7 +500,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073172680703 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073172680703 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -512,7 +512,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073441116159 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073441116159 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -524,7 +524,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073575333887 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073575333887 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -536,7 +536,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073642442751 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073642442751 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -548,7 +548,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073675997183 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073675997183 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -560,7 +560,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073692774399 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073692774399 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -572,7 +572,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073701163007 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073701163007 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -584,7 +584,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073705357311 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073705357311 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -596,7 +596,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073707454463 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073707454463 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -608,7 +608,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073708503039 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073708503039 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -620,7 +620,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709027327 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709027327 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -632,7 +632,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709289471 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709289471 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -644,7 +644,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709420543 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709420543 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -656,7 +656,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709486079 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709486079 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -668,7 +668,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709518847 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709518847 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -680,7 +680,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709535231 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709535231 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -692,7 +692,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709543423 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709543423 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -704,7 +704,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709547519 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709547519 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -716,7 +716,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709549567 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709549567 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -728,7 +728,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709550591 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709550591 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -740,7 +740,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551103 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551103 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -752,7 +752,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551359 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551359 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -764,7 +764,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551487 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551487 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -776,7 +776,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551551 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551551 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -788,7 +788,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551583 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551583 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -800,7 +800,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551599 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551599 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -812,7 +812,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551607 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551607 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -824,7 +824,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551611 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551611 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -836,7 +836,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551613 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551613 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -848,7 +848,7 @@ (set-option :produce-models true) (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551612 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) +(assert (and (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (not (bvule (bvadd (_ bv51630448 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv18446744073709551612 64) ) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -866,7 +866,7 @@ (assert (= (select constant0 (_ bv1 32) ) (_ bv101 8) ) ) (assert (= (select constant0 (_ bv2 32) ) (_ bv115 8) ) ) (assert (= (select constant0 (_ bv3 32) ) (_ bv0 8) ) ) -(assert (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant0 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant0 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant0 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select constant0 ((_ extract 31 0) (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) +(assert (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant0 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant0 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant0 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select constant0 ((_ extract 31 0) (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (and (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic1 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic1 (_ bv1 32) ) ) ) @@ -883,7 +883,7 @@ (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) (declare-fun makeSymbolic1 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (not (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic1 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select makeSymbolic1 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select makeSymbolic1 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select makeSymbolic1 ((_ extract 31 0) (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) +(assert (and (not (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic1 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select makeSymbolic1 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select makeSymbolic1 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select makeSymbolic1 ((_ extract 31 0) (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (and (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -905,7 +905,7 @@ (assert (= (select constant1 (_ bv1 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv2 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv3 32) ) (_ bv171 8) ) ) -(assert (and (and (and (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant1 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant1 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select constant1 ((_ extract 31 0) (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) +(assert (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant1 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant1 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select constant1 ((_ extract 31 0) (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) (and (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) (and (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -961,7 +961,7 @@ (assert (= (select constant1 (_ bv1 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv2 32) ) (_ bv171 8) ) ) (assert (= (select constant1 (_ bv3 32) ) (_ bv171 8) ) ) -(assert (and (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant1 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant1 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select constant1 ((_ extract 31 0) (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) +(assert (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant1 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant1 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant1 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select constant1 ((_ extract 31 0) (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (and (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) @@ -995,7 +995,7 @@ (assert (= (select constant2 (_ bv13 32) ) (_ bv0 8) ) ) (assert (= (select constant2 (_ bv14 32) ) (_ bv0 8) ) ) (assert (= (select constant2 (_ bv15 32) ) (_ bv0 8) ) ) -(assert (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant2 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant2 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant2 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select constant2 ((_ extract 31 0) (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) +(assert (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select constant2 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant2 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select constant2 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select constant2 ((_ extract 31 0) (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (and (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (and (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic1 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic1 (_ bv1 32) ) ) ) @@ -1012,7 +1012,7 @@ (set-logic QF_AUFBV ) (declare-fun makeSymbolic0 () (Array (_ BitVec 32) (_ BitVec 8) ) ) (declare-fun makeSymbolic1 () (Array (_ BitVec 32) (_ BitVec 8) ) ) -(assert (and (and (and (and (and (and (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic0 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select makeSymbolic0 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select makeSymbolic0 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select makeSymbolic0 ((_ extract 31 0) (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) +(assert (and (not (= false (= (concat (select makeSymbolic1 (_ bv3 32) ) (concat (select makeSymbolic1 (_ bv2 32) ) (concat (select makeSymbolic1 (_ bv1 32) ) (select makeSymbolic1 (_ bv0 32) ) ) ) ) (concat (select makeSymbolic0 (bvadd (_ bv3 32) ((_ extract 31 0) (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select makeSymbolic0 (bvadd (_ bv2 32) ((_ extract 31 0) (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (concat (select makeSymbolic0 (bvadd (_ bv1 32) ((_ extract 31 0) (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) (select makeSymbolic0 ((_ extract 31 0) (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) (and (and (= false (bvult (bvadd (_ bv111120 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (and (= false (bvult (bvadd (_ bv18446744073709533360 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) (= false (bvult (bvadd (_ bv31760 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv13 64) ) ) ) ) (and (and (= false (bvult (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) (_ bv13 64) ) ) (= false (bvult (bvadd (_ bv31312 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) (and (bvult (bvadd (_ bv18446744073709532800 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) (= false (bvult (bvadd (_ bv18446744073709533328 64) (bvmul (_ bv4 64) ((_ sign_extend 32) (concat (select makeSymbolic0 (_ bv3 32) ) (concat (select makeSymbolic0 (_ bv2 32) ) (concat (select makeSymbolic0 (_ bv1 32) ) (select makeSymbolic0 (_ bv0 32) ) ) ) ) ) ) ) (_ bv1 64) ) ) ) ) ) ) ) (check-sat) (get-value ( (select makeSymbolic0 (_ bv0 32) ) ) ) (get-value ( (select makeSymbolic0 (_ bv1 32) ) ) ) diff --git a/test/Feature/Annotation/Deref.c b/test/Feature/Annotation/Deref.c index 7a1048f644..fe4804e131 100644 --- a/test/Feature/Annotation/Deref.c +++ b/test/Feature/Annotation/Deref.c @@ -56,7 +56,7 @@ int main() { // CHECK-DEREF1: memory error: null pointer exception maybeDeref1(a); // CHECK-DEREF1: memory error: out of bound pointer - maybeDeref1((int *)42); + maybeDeref1(&c + 42); // CHECK-DEREF1: partially completed paths = 2 // CHECK-DEREF1: generated tests = 3 #endif diff --git a/test/Feature/Annotation/InitNull.c b/test/Feature/Annotation/InitNull.c index ff7e152c71..3b94dd4f35 100644 --- a/test/Feature/Annotation/InitNull.c +++ b/test/Feature/Annotation/InitNull.c @@ -19,7 +19,7 @@ // RUN: rm -rf %t5.klee-out-1 // RUN: %klee --solver-backend=z3 --output-dir=%t5.klee-out-1 --annotations=%S/InitNullEmpty.json --mock-policy=all -emit-all-errors=true %t5.bc 2>&1 | FileCheck %s -check-prefix=CHECK-EMPTY // CHECK-EMPTY: ASSERTION FAIL -// CHECK-EMPTY: partially completed paths = {{[1-2]}} +// CHECK-EMPTY: partially completed paths = {{[1-4]}} // RUN: %clang -DMustInitNull5 %s -g -emit-llvm %O0opt -c -o %t6.bc // RUN: rm -rf %t6.klee-out-1 @@ -64,7 +64,7 @@ int main() { #ifdef InitNull4 a = *maybeInitNull2(); // CHECK-INITNULL4: ASSERTION FAIL - // CHECK-INITNULL4: partially completed paths = {{[2-3]}} + // CHECK-INITNULL4: partially completed paths = {{[2-4]}} #endif #ifdef MustInitNull5 diff --git a/test/Feature/DefineFixedObject.c b/test/Feature/DefineFixedObject.c index 38d8f9d16c..40ac5e066d 100644 --- a/test/Feature/DefineFixedObject.c +++ b/test/Feature/DefineFixedObject.c @@ -2,15 +2,13 @@ // RUN: rm -rf %t.klee-out // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t1.bc +#include "klee/klee.h" #include #define ADDRESS ((int *)0x0080) int main() { - klee_define_fixed_object(ADDRESS, 4); - - int *p = ADDRESS; - + int *p = klee_define_fixed_object(ADDRESS, 4); *p = 10; printf("*p: %d\n", *p); diff --git a/test/Feature/EntryPoint.c b/test/Feature/EntryPoint.c index 48442659fc..f636fe7ad1 100644 --- a/test/Feature/EntryPoint.c +++ b/test/Feature/EntryPoint.c @@ -1,13 +1,13 @@ // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --entry-point=other_main %t.bc | FileCheck -check-prefix=CHECK-OTHER_MAIN %s +// RUN: %klee --output-dir=%t.klee-out --entry-points=other_main %t.bc | FileCheck -check-prefix=CHECK-OTHER_MAIN %s // RUN: rm -rf %t.klee-out // RUN: %clang -emit-llvm -g -c -DMAIN %s -o %t.bc -// RUN: %klee --output-dir=%t.klee-out --entry-point=other_main %t.bc | FileCheck -check-prefix=CHECK-OTHER_MAIN %s +// RUN: %klee --output-dir=%t.klee-out --entry-points=other_main %t.bc | FileCheck -check-prefix=CHECK-OTHER_MAIN %s // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --entry-point="" %t.bc 2>%t.stderr.log || echo "Exit status must be 0" +// RUN: %klee --output-dir=%t.klee-out --entry-points="" %t.bc 2>%t.stderr.log || echo "Exit status must be 0" // RUN: FileCheck -check-prefix=CHECK-EMPTY --input-file=%t.stderr.log %s #include diff --git a/test/Feature/EntryPointMissing.c b/test/Feature/EntryPointMissing.c index e54aa92526..08e070cdd5 100644 --- a/test/Feature/EntryPointMissing.c +++ b/test/Feature/EntryPointMissing.c @@ -3,53 +3,53 @@ // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=missing %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=missing %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=missing --libc=uclibc %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=missing --libc=uclibc %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=missing %t.bc --posix-runtime 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=missing %t.bc --posix-runtime 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=missing %t.bc --libc=uclibc --posix-runtime 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=missing %t.bc --libc=uclibc --posix-runtime 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=missing --libc=klee %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=missing --libc=klee %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=missing --libc=klee --posix-runtime %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=missing --libc=klee --posix-runtime %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MISSING %s /* Missing main */ // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=main %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=main %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=main --libc=uclibc %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=main --libc=uclibc %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=main --posix-runtime %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=main --posix-runtime %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=main --libc=uclibc --posix-runtime %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=main --libc=uclibc --posix-runtime %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=main --libc=klee %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=main --libc=klee %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --output-dir=%t.klee-out --entry-point=main --libc=klee --posix-runtime %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s +// RUN: not %klee --output-dir=%t.klee-out --entry-points=main --libc=klee --posix-runtime %t.bc 2>&1 | FileCheck -check-prefix=CHECK-MAIN %s #include diff --git a/test/Feature/EntryPointUclibcPosix.c b/test/Feature/EntryPointUclibcPosix.c index 6ed4e1c9c7..0c76af8329 100644 --- a/test/Feature/EntryPointUclibcPosix.c +++ b/test/Feature/EntryPointUclibcPosix.c @@ -7,27 +7,27 @@ // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --libc=uclibc --posix-runtime --output-dir=%t.klee-out --entry-point=other_main %t.bc | FileCheck %s +// RUN: %klee --libc=uclibc --posix-runtime --output-dir=%t.klee-out --entry-points=other_main %t.bc | FileCheck %s -// RUN: rm -rf %t.klee-out // RUN: %clang -emit-llvm -g -c -DMAIN %s -o %t.bc -// RUN: %klee --libc=uclibc --posix-runtime --output-dir=%t.klee-out --entry-point=other_main %t.bc | FileCheck %s +// RUN: rm -rf %t.klee-out +// RUN: %klee --libc=uclibc --posix-runtime --output-dir=%t.klee-out --entry-points=other_main %t.bc | FileCheck %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --libc=uclibc --output-dir=%t.klee-out --entry-point=other_main %t.bc | FileCheck %s +// RUN: %klee --libc=uclibc --output-dir=%t.klee-out --entry-points=other_main %t.bc | FileCheck %s -// RUN: rm -rf %t.klee-out // RUN: %clang -emit-llvm -g -c -DMAIN %s -o %t.bc -// RUN: %klee --libc=uclibc --output-dir=%t.klee-out --entry-point=other_main %t.bc | FileCheck %s +// RUN: rm -rf %t.klee-out +// RUN: %klee --libc=uclibc --output-dir=%t.klee-out --entry-points=other_main %t.bc | FileCheck %s // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --posix-runtime --output-dir=%t.klee-out --entry-point=other_main %t.bc | FileCheck %s +// RUN: %klee --posix-runtime --output-dir=%t.klee-out --entry-points=other_main %t.bc | FileCheck %s -// RUN: rm -rf %t.klee-out // RUN: %clang -emit-llvm -g -c -DMAIN %s -o %t.bc -// RUN: %klee --posix-runtime --output-dir=%t.klee-out --entry-point=other_main %t.bc | FileCheck %s +// RUN: rm -rf %t.klee-out +// RUN: %klee --posix-runtime --output-dir=%t.klee-out --entry-points=other_main %t.bc | FileCheck %s #include diff --git a/test/Feature/LazyInitialization/ImpossibleAddressForLI.c b/test/Feature/LazyInitialization/ImpossibleAddressForLI.c deleted file mode 100644 index f0d9f25bf6..0000000000 --- a/test/Feature/LazyInitialization/ImpossibleAddressForLI.c +++ /dev/null @@ -1,19 +0,0 @@ -// RUN: %clang %s -emit-llvm -g -c -o %t.bc -// RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --skip-not-symbolic-objects %t.bc 2>&1 | FileCheck %s - -#include "klee/klee.h" - -int main() { - int *x; - klee_make_symbolic(&x, sizeof(x), "*x"); - if ((uintptr_t)x < (uintptr_t)10) { - // CHECK: ImpossibleAddressForLI.c:[[@LINE+1]]: memory error: null pointer exception - *x = 20; - } - // CHECK-NOT: ImpossibleAddressForLI.c:[[@LINE+1]]: memory error: null pointer exception - *x = 30; -} - -// CHECK: KLEE: done: completed paths = 1 -// CHECK: KLEE: done: generated tests = 3 diff --git a/test/Feature/LazyInitialization/LazyInitialization.c b/test/Feature/LazyInitialization/LazyInitialization.c index 31e82a124e..ca055d7d32 100644 --- a/test/Feature/LazyInitialization/LazyInitialization.c +++ b/test/Feature/LazyInitialization/LazyInitialization.c @@ -1,4 +1,4 @@ -// RUN: %clang %s -emit-llvm %O0opt -c -o %t.bc +// RUN: %clang %s -emit-llvm %O0opt -c -g -o %t.bc // RUN: rm -rf %t.klee-out // RUN: %klee --output-dir=%t.klee-out --skip-not-symbolic-objects --use-timestamps=false --use-guided-search=none %t.bc > %t.log // RUN: FileCheck %s -input-file=%t.log diff --git a/test/Feature/LazyInitialization/NullPointerDereference.c b/test/Feature/LazyInitialization/NullPointerDereference.c new file mode 100644 index 0000000000..29e34510ff --- /dev/null +++ b/test/Feature/LazyInitialization/NullPointerDereference.c @@ -0,0 +1,23 @@ +// RUN: %clang %s -emit-llvm -g -c -o %t.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out --skip-local --skip-global %t.bc 2>&1 | FileCheck %s + +#include "klee/klee.h" + +int main() { + int *x; + klee_make_symbolic(&x, sizeof(x), "*x"); + if ((uintptr_t)x < (uintptr_t)10) { + // CHECK: NullPointerDereference.c:[[@LINE+1]]: memory error: null pointer exception + x[0] = 20; + } else { + // CHECK: NullPointerDereference.c:[[@LINE+1]]: memory error: null pointer exception + x[0] = 30; + } + + // CHECK-NOT: NullPointerDereference.c:[[@LINE+1]]: memory error: null pointer exception + x[1] = 40; +} + +// CHECK: KLEE: done: completed paths = 2 +// CHECK: KLEE: done: generated tests = 7 diff --git a/test/Feature/LazyInitialization/PointerOffset.c b/test/Feature/LazyInitialization/PointerOffset.c index 2d0b7a4321..3575b02173 100644 --- a/test/Feature/LazyInitialization/PointerOffset.c +++ b/test/Feature/LazyInitialization/PointerOffset.c @@ -5,6 +5,8 @@ // RUN: FileCheck %s -input-file=%t.log // CHECK: pointers: [(0, 1, 4)] +#include "klee/klee.h" + int main() { int *index; int a[2]; diff --git a/test/Feature/LazyInitialization/SingleInitializationAndAccess.c b/test/Feature/LazyInitialization/SingleInitializationAndAccess.c index 4c2413aa9e..b185a6071e 100644 --- a/test/Feature/LazyInitialization/SingleInitializationAndAccess.c +++ b/test/Feature/LazyInitialization/SingleInitializationAndAccess.c @@ -25,4 +25,4 @@ int main() { } // CHECK: KLEE: done: completed paths = 1 -// CHECK: KLEE: done: generated tests = 4 +// CHECK: KLEE: done: generated tests = 5 diff --git a/test/Feature/MemoryBackends.c b/test/Feature/MemoryBackends.c new file mode 100644 index 0000000000..c686ca8d57 --- /dev/null +++ b/test/Feature/MemoryBackends.c @@ -0,0 +1,55 @@ +// RUN: %clang %s -emit-llvm %O0opt -c -o %t2.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out %t2.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out --memory-backend=fixed %t2.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out --memory-backend=dynamic %t2.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out --memory-backend=persistent %t2.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out --memory-backend=mixed %t2.bc + +/* this test is basically just for coverage and doesn't really do any + correctness check (aside from testing that the various combinations + don't crash) */ + +#include + +int validate(char *buf, int N) { + + int i; + + for (i = 0; i < N; i++) { + if (buf[i] == 0) { + return 0; + } + } + + return 1; +} + +#ifndef SYMBOLIC_SIZE +#define SYMBOLIC_SIZE 15 +#endif +int main(int argc, char **argv) { + int N = SYMBOLIC_SIZE; + unsigned char *buf = malloc(N); + int i; + + klee_make_symbolic(buf, N, "buf"); + if (validate(buf, N)) + return buf[0]; + return 0; +} + +int other_main(int argc, char **argv) { + int N = SYMBOLIC_SIZE; + unsigned char *buf = malloc(N); + int i; + + klee_make_symbolic(buf, N, "buf"); + if (validate(buf, N + 1)) + return buf[0]; + return 0; +} diff --git a/test/Feature/MultipleReallocResolution.c b/test/Feature/MultipleReallocResolution.c index d7a182ab11..1401e7bc36 100644 --- a/test/Feature/MultipleReallocResolution.c +++ b/test/Feature/MultipleReallocResolution.c @@ -1,4 +1,4 @@ -// RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc +// RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc // RUN: rm -rf %t.klee-out // RUN: %klee --use-guided-search=none --output-dir=%t.klee-out %t1.bc // RUN: ls %t.klee-out/ | grep .err | wc -l | grep 2 diff --git a/test/Feature/MultipleWriteResolution.c b/test/Feature/MultipleWriteResolution.c index 7e2befc35e..70cb841d2f 100644 --- a/test/Feature/MultipleWriteResolution.c +++ b/test/Feature/MultipleWriteResolution.c @@ -1,5 +1,5 @@ // RUN: echo "x" > %t1.res -// RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc +// RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc // RUN: rm -rf %t.klee-out // RUN: %klee --output-dir=%t.klee-out --use-timestamps=false --use-merged-pointer-dereference=true %t1.bc > %t1.log // RUN: diff %t1.res %t1.log diff --git a/test/Feature/Searchers.c b/test/Feature/Searchers.c index aacb09de59..e8606e99bb 100644 --- a/test/Feature/Searchers.c +++ b/test/Feature/Searchers.c @@ -25,6 +25,8 @@ // RUN: %klee --output-dir=%t.klee-out --use-iterative-deepening-search=max-time --use-batching-search --search=nurs:depth %t2.bc // RUN: rm -rf %t.klee-out // RUN: %klee --output-dir=%t.klee-out --use-iterative-deepening-search=max-time --use-batching-search --search=nurs:qc %t2.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out --use-fair-search --entry-points=main --entry-points=other_main %t2.bc /* this test is basically just for coverage and doesn't really do any correctness check (aside from testing that the various combinations @@ -58,3 +60,14 @@ int main(int argc, char **argv) { return buf[0]; return 0; } + +int other_main(int argc, char **argv) { + int N = SYMBOLIC_SIZE; + unsigned char *buf = malloc(N); + int i; + + klee_make_symbolic(buf, N, "buf"); + if (validate(buf, N + 1)) + return buf[0]; + return 0; +} diff --git a/test/Feature/SymbolicSizes/FirstAndLastElements.c b/test/Feature/SymbolicSizes/FirstAndLastElements.c index ff9f612e77..4ec5dbad8d 100644 --- a/test/Feature/SymbolicSizes/FirstAndLastElements.c +++ b/test/Feature/SymbolicSizes/FirstAndLastElements.c @@ -1,6 +1,6 @@ // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --check-out-of-memory --use-sym-size-alloc --use-merged-pointer-dereference=true --max-sym-alloc=128 %t1.bc 2>&1 | FileCheck %s +// RUN: %klee --output-dir=%t.klee-out --check-out-of-memory --use-sym-size-alloc --use-merged-pointer-dereference=true --max-sym-size-alloc=128 %t1.bc 2>&1 | FileCheck %s #include "klee/klee.h" #include diff --git a/test/Feature/SymbolicSizes/LazyInstantiationOfSymbolicSize.c b/test/Feature/SymbolicSizes/LazyInstantiationOfSymbolicSize.c index be244f9ae0..e5ce7713a0 100644 --- a/test/Feature/SymbolicSizes/LazyInstantiationOfSymbolicSize.c +++ b/test/Feature/SymbolicSizes/LazyInstantiationOfSymbolicSize.c @@ -20,4 +20,4 @@ int main() { } // CHECK: KLEE: done: completed paths = 1 -// CHECK: KLEE: done: generated tests = 4 +// CHECK: KLEE: done: generated tests = 5 diff --git a/test/Feature/SymbolicSizes/VoidStar.c b/test/Feature/SymbolicSizes/VoidStar.c index 8770065d7a..9e735497e4 100644 --- a/test/Feature/SymbolicSizes/VoidStar.c +++ b/test/Feature/SymbolicSizes/VoidStar.c @@ -25,11 +25,10 @@ void foo(void *s) { int main() { int n = klee_int("n"); void *s = malloc(n); - // KLEE: ERROR: VoidStar.c:28: memory error: invalid pointer: make_symbolic klee_make_symbolic(s, n, "s"); foo(s); } // CHECK: KLEE: done: completed paths = 1 -// CHECK: KLEE: done: partially completed paths = 4 -// CHECK: KLEE: done: generated tests = 5 +// CHECK: KLEE: done: partially completed paths = 5 +// CHECK: KLEE: done: generated tests = 6 diff --git a/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_null_pointer.c b/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_null_pointer.c index 5fb711b6ea..9f6f6a5548 100644 --- a/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_null_pointer.c +++ b/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_null_pointer.c @@ -2,7 +2,7 @@ // RUN: %clang %s -fsanitize=pointer-overflow -emit-llvm -g %O0opt -c -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --emit-all-errors --ubsan-runtime %t.bc 2>&1 | FileCheck %s +// RUN: %klee --output-dir=%t.klee-out --emit-all-errors --ubsan-runtime --use-lazy-initialization=none %t.bc 2>&1 | FileCheck %s // RUN: ls %t.klee-out/ | grep .ktest | wc -l | grep 1 // RUN: ls %t.klee-out/ | grep .ptr.err | wc -l | grep 1 diff --git a/test/Industry/BadCase01_SecB_ForwardNull.c b/test/Industry/BadCase01_SecB_ForwardNull.c index 80b17cbf9b..45b827de61 100644 --- a/test/Industry/BadCase01_SecB_ForwardNull.c +++ b/test/Industry/BadCase01_SecB_ForwardNull.c @@ -142,6 +142,6 @@ void badbad(char *ptr) // RUN: %clang %s -emit-llvm -c -g -O0 -Xclang -disable-O0-optnone -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --use-guided-search=error --annotations=%annotations --mock-policy=all --libc=klee --skip-not-symbolic-objects --skip-not-lazy-initialized --check-out-of-memory --use-lazy-initialization=only --analysis-reproduce=%s.json %t1.bc > %t1.log 2>&1 +// RUN: %klee --output-dir=%t.klee-out --use-fair-search --use-guided-search=error --annotations=%annotations --mock-policy=all --libc=klee --skip-not-symbolic-objects --skip-not-lazy-initialized --check-out-of-memory --use-lazy-initialization=only --analysis-reproduce=%s.json %t1.bc > %t1.log 2>&1 // RUN: FileCheck -input-file=%t1.log %s // CHECK: KLEE: WARNING: No paths were given to trace verify diff --git a/test/Industry/CoverageBranches/ChenFlurMukhopadhyay-2012SAS-Fig1-alloca.c b/test/Industry/CoverageBranches/ChenFlurMukhopadhyay-2012SAS-Fig1-alloca.c index fe61b84c59..bad6302663 100644 --- a/test/Industry/CoverageBranches/ChenFlurMukhopadhyay-2012SAS-Fig1-alloca.c +++ b/test/Industry/CoverageBranches/ChenFlurMukhopadhyay-2012SAS-Fig1-alloca.c @@ -1,6 +1,6 @@ // RUN: %clang -Wno-everything %s -emit-llvm %O0opt -g -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --optimize-aggressive=false --track-coverage=branches --optimize=true --delete-dead-loops=false --use-forked-solver=false -max-memory=6008 --cex-cache-validity-cores --only-output-states-covering-new=true --dump-states-on-halt=all %t1.bc 2>&1 | FileCheck -check-prefix=CHECK %s +// RUN: %klee --output-dir=%t.klee-out --optimize-aggressive=false --track-coverage=branches --optimize=true --delete-dead-loops=false --use-forked-solver=false --max-memory=6008 --cex-cache-validity-cores --only-output-states-covering-new=true --dump-states-on-halt=all %t1.bc 2>&1 | FileCheck -check-prefix=CHECK %s // RUN: rm -f ./%gcov-files-path*.gcda ./%gcov-files-path*.gcno ./%gcov-files-path*.gcov // RUN: %cc -DGCOV %s %libkleeruntest -Wl,-rpath %libkleeruntestdir -o %t_runner --coverage diff --git a/test/Industry/CoverageBranches/matrix-2-2.c b/test/Industry/CoverageBranches/matrix-2-2.c index 879b4560ac..0825666ea0 100644 --- a/test/Industry/CoverageBranches/matrix-2-2.c +++ b/test/Industry/CoverageBranches/matrix-2-2.c @@ -1,6 +1,6 @@ // RUN: %clang -Wno-everything %s -emit-llvm %O0opt -g -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --optimize-aggressive=false --track-coverage=all --max-cycles=2 --optimize=true --emit-all-errors --delete-dead-loops=false --use-forked-solver=false -max-memory=6008 --cex-cache-validity-cores --only-output-states-covering-new=true --dump-states-on-halt=all --use-sym-size-alloc=true --symbolic-allocation-threshold=8192 %t1.bc 2>&1 +// RUN: %klee --output-dir=%t.klee-out --optimize-aggressive=false --track-coverage=all --max-cycles=2 --optimize=true --emit-all-errors --delete-dead-loops=false --use-forked-solver=false --max-memory=6008 --cex-cache-validity-cores --only-output-states-covering-new=true --dump-states-on-halt=all --use-sym-size-alloc=true --symbolic-allocation-threshold=8192 %t1.bc 2>&1 // RUN: rm -f ./%gcov-files-path*.gcda ./%gcov-files-path*.gcno ./%gcov-files-path*.gcov // RUN: %cc -DGCOV %s %libkleeruntest -Wl,-rpath %libkleeruntestdir -o %t_runner --coverage diff --git a/test/Industry/CoverageBranches/pals_lcr.3.ufo.UNBOUNDED.pals+Problem12_label00.c b/test/Industry/CoverageBranches/pals_lcr.3.ufo.UNBOUNDED.pals+Problem12_label00.c index 104daa6402..e261e72ccd 100644 --- a/test/Industry/CoverageBranches/pals_lcr.3.ufo.UNBOUNDED.pals+Problem12_label00.c +++ b/test/Industry/CoverageBranches/pals_lcr.3.ufo.UNBOUNDED.pals+Problem12_label00.c @@ -1,6 +1,6 @@ // RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --optimize-aggressive=false --track-coverage=branches --delete-dead-loops=false --emit-all-errors --mock-policy=all --use-forked-solver=false --optimize --skip-not-lazy-initialized --output-source=false --output-stats=true --output-istats=true -istats-write-interval=3s --use-sym-size-alloc=true --cex-cache-validity-cores --symbolic-allocation-threshold=8192 --cover-on-the-fly=false --delay-cover-on-the-fly=400000 --only-output-states-covering-new --dump-states-on-halt=all --search=dfs --search=random-state --use-iterative-deepening-search=max-cycles --max-cycles=4 %t1.bc +// RUN: %klee --output-dir=%t.klee-out --optimize-aggressive=false --track-coverage=branches --delete-dead-loops=false --emit-all-errors --mock-policy=all --use-forked-solver=false --optimize --skip-not-lazy-initialized --output-source=false --output-stats=false --output-istats=false -istats-write-interval=3s --use-sym-size-alloc=true --cex-cache-validity-cores --symbolic-allocation-threshold=8192 --cover-on-the-fly=false --delay-cover-on-the-fly=400000 --only-output-states-covering-new --dump-states-on-halt=all --search=dfs --search=random-state --use-iterative-deepening-search=max-cycles --max-cycles=4 %t1.bc // RUN: rm -f ./%gcov-files-path*.gcda ./%gcov-files-path*.gcno ./%gcov-files-path*.gcov // RUN: %cc -DGCOV %s %libkleeruntest -Wl,-rpath %libkleeruntestdir -o %t_runner --coverage diff --git a/test/Industry/NullReturn_Scene_BadCase08.cpp b/test/Industry/NullReturn_Scene_BadCase08.cpp index d066fdc474..2de9c19bb0 100644 --- a/test/Industry/NullReturn_Scene_BadCase08.cpp +++ b/test/Industry/NullReturn_Scene_BadCase08.cpp @@ -41,4 +41,4 @@ void TestBad9() // RUN: rm -rf %t.klee-out // RUN: %klee --output-dir=%t.klee-out --write-kqueries --use-guided-search=error --location-accuracy --annotations=%annotations --mock-policy=failed --check-out-of-memory --libc=klee --skip-not-symbolic-objects --skip-not-lazy-initialized --use-lazy-initialization=only --analysis-reproduce=%s.json %t1.bc // RUN: FileCheck -input-file=%t.klee-out/warnings.txt %s -// CHECK: KLEE: WARNING: 100.00% NullPointerException False Positive at trace 2 \ No newline at end of file +// CHECK: KLEE: WARNING: 100.00% NullPointerException False Positive at trace 2 diff --git a/test/Industry/wrapped_btor2c-lazyMod.adding.1.prop1-back-serstep.c b/test/Industry/wrapped_btor2c-lazyMod.adding.1.prop1-back-serstep.c index 8314734367..663532f9d1 100644 --- a/test/Industry/wrapped_btor2c-lazyMod.adding.1.prop1-back-serstep.c +++ b/test/Industry/wrapped_btor2c-lazyMod.adding.1.prop1-back-serstep.c @@ -2,7 +2,7 @@ // Disabling msan because it times out on CI // RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --use-forked-solver=false -max-memory=6008 --optimize=true --skip-not-lazy-initialized -output-source=true --output-stats=false --output-istats=false --write-xml-tests --write-ktests=false --xml-metadata-programfile=wrapped_btor2c-lazyMod.adding.1.prop1-back-serstep.c --xml-metadata-programhash=a18daeacf63b42ad6e1cb490555b7cdecd71ad6e58b167ed0f5626c03bc3d772 --use-sym-size-alloc=true --cex-cache-validity-cores --symbolic-allocation-threshold=8192 --function-call-reproduce=reach_error --dump-states-on-halt=all -exit-on-error-type=Assert --search=dfs --search=random-path -max-time=20 %t1.bc 2>&1 | FileCheck -check-prefix=CHECK-VERDICT %s +// RUN: %klee --output-dir=%t.klee-out --use-forked-solver=false --max-memory=6008 --optimize=true --skip-not-lazy-initialized --output-source=true --output-stats=false --output-istats=false --write-xml-tests --write-ktests=false --xml-metadata-programfile=wrapped_btor2c-lazyMod.adding.1.prop1-back-serstep.c --xml-metadata-programhash=a18daeacf63b42ad6e1cb490555b7cdecd71ad6e58b167ed0f5626c03bc3d772 --use-sym-size-alloc=true --cex-cache-validity-cores --symbolic-allocation-threshold=8192 --function-call-reproduce=reach_error --dump-states-on-halt=all -exit-on-error-type=Assert --search=dfs --search=random-path --max-time=20 %t1.bc 2>&1 | FileCheck -check-prefix=CHECK-VERDICT %s // RUN: test -f %t.klee-out/test000001.xml // RUN: not test -f %t.klee-out/test000001.ktest @@ -563,4 +563,4 @@ int main() { state_27 = next_174_arg_1; } return 0; -} \ No newline at end of file +} diff --git a/test/Replay/libkleeruntest/replay_float.c b/test/Replay/libkleeruntest/replay_float.c index 0342321f43..3202a31410 100644 --- a/test/Replay/libkleeruntest/replay_float.c +++ b/test/Replay/libkleeruntest/replay_float.c @@ -1,3 +1,4 @@ +// Something is wrong in the replaying process, compiled binary evalaluates fmin of nan and number as nan // REQUIRES: floating-point // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc // RUN: rm -rf %t.klee-out @@ -7,8 +8,10 @@ // Now try to replay with libkleeRuntest // RUN: %cc %s %libkleeruntest -Wl,-rpath %libkleeruntestdir -lm -o %t_runner -// RUN: env KTEST_FILE=%t.klee-out/test000001.ktest %t_runner | FileCheck -check-prefix=TESTONE %s -// RUN: env KTEST_FILE=%t.klee-out/test000002.ktest %t_runner | FileCheck -check-prefix=TESTTWO %s +// RUN: rm -f %t_runner.log +// RUN: env KTEST_FILE=%t.klee-out/test000001.ktest %t_runner >> %t_runner.log +// RUN: env KTEST_FILE=%t.klee-out/test000002.ktest %t_runner >> %t_runner.log +// RUN: FileCheck %s -check-prefix=CHECK -input-file=%t_runner.log #include "klee/klee.h" #include @@ -26,5 +29,5 @@ int main() { return 0; } -// TESTONE: fmin(a, b) != a -// TESTTWO: fmin(a, b) == a +// CHECK-DAG: fmin(a, b) != a +// CHECK-DAG: fmin(a, b) == a diff --git a/test/Runtime/POSIX/SymFileConsistency.c b/test/Runtime/POSIX/SymFileConsistency.c index d97f65f0fb..9c0376b8dc 100644 --- a/test/Runtime/POSIX/SymFileConsistency.c +++ b/test/Runtime/POSIX/SymFileConsistency.c @@ -1,7 +1,7 @@ // REQUIRES: posix-runtime // RUN: %clang %s -emit-llvm %O0opt -c -g -o %t.bc // RUN: rm -rf %t.klee-out-tmp -// RUN: %klee --output-dir=%t.klee-out-tmp --libc=uclibc --posix-runtime --exit-on-error %t.bc --sym-files 1 1 > %t1.log +// RUN: %klee --output-dir=%t.klee-out-tmp --libc=uclibc --use-query-log=solver:kquery --posix-runtime --exit-on-error %t.bc --sym-files 1 1 > %t1.log // This test checks that symbolic files can be resolved both with a relative path // ie. 'A' or by its full path ie. '/full/path/to/cwd/A' diff --git a/test/Runtime/Uclibc/FunctionNotFound.c b/test/Runtime/Uclibc/FunctionNotFound.c index d332352305..0a43e92114 100644 --- a/test/Runtime/Uclibc/FunctionNotFound.c +++ b/test/Runtime/Uclibc/FunctionNotFound.c @@ -1,6 +1,6 @@ // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: not %klee --entry-point=main --output-dir=%t.klee-out --libc=uclibc --exit-on-error %t1.bc 2>&1 | FileCheck %s +// RUN: not %klee --entry-points=main --output-dir=%t.klee-out --libc=uclibc --exit-on-error %t1.bc 2>&1 | FileCheck %s int foo(int argc, char *argv[]) { return 0; diff --git a/test/SARIF/Generic/LazyInitialization/LazyInitialization.c b/test/SARIF/Generic/LazyInitialization/LazyInitialization.c index 56008f2436..b75639291a 100644 --- a/test/SARIF/Generic/LazyInitialization/LazyInitialization.c +++ b/test/SARIF/Generic/LazyInitialization/LazyInitialization.c @@ -1,6 +1,6 @@ // RUN: %clang -emit-llvm -g -c %s -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: %klee -write-sarifs --use-sym-size-alloc --use-sym-size-li --skip-not-symbolic-objects --posix-runtime --libc=uclibc -cex-cache-validity-cores --output-dir=%t.klee-out %t.bc > %t.log +// RUN: %klee --write-sarifs --use-sym-size-alloc --use-sym-size-li --skip-not-symbolic-objects --posix-runtime --libc=uclibc -cex-cache-validity-cores --output-dir=%t.klee-out %t.bc > %t.log // RUN: %checker %t.klee-out/report.sarif %S/pattern.sarif #include "klee/klee.h" diff --git a/test/SARIF/Generic/LazyInitialization/pattern.sarif b/test/SARIF/Generic/LazyInitialization/pattern.sarif index 7144bfb4a2..c40aaa74af 100644 --- a/test/SARIF/Generic/LazyInitialization/pattern.sarif +++ b/test/SARIF/Generic/LazyInitialization/pattern.sarif @@ -24,7 +24,39 @@ "startLine": 14 } } - } + }, + "metadata": null + } + ] + } + ] + } + ] + }, + { + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "message": { + "text": "memory error: out of bound pointer" + }, + "physicalLocation": { + "artifactLocation": { + "uri": "LazyInitialization.c" + }, + "region": { + "endColumn": null, + "endLine": null, + "startColumn": 6, + "startLine": 14 + } + } + }, + "metadata": null } ] } @@ -54,7 +86,8 @@ "startLine": 15 } } - } + }, + "metadata": null } ] } diff --git a/test/SARIF/Generic/SymbolicSizeArray/pattern.sarif b/test/SARIF/Generic/SymbolicSizeArray/pattern.sarif index 29cd7288af..91bad669eb 100644 --- a/test/SARIF/Generic/SymbolicSizeArray/pattern.sarif +++ b/test/SARIF/Generic/SymbolicSizeArray/pattern.sarif @@ -2,6 +2,37 @@ "runs": [ { "results": [ + { + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "message": { + "text": "memory error: null pointer exception" + }, + "physicalLocation": { + "artifactLocation": { + "uri": "SymbolicSizeArray.c" + }, + "region": { + "endColumn": null, + "endLine": null, + "startColumn": 8, + "startLine": 15 + } + } + }, + "metadata": null + } + ] + } + ] + } + ] + }, { "codeFlows": [ { @@ -43,7 +74,8 @@ "startLine": 15 } } - } + }, + "metadata": null } ] } @@ -73,7 +105,8 @@ "startLine": 14 } } - } + }, + "metadata": null }, { "location": { @@ -91,7 +124,8 @@ "startLine": 16 } } - } + }, + "metadata": null } ] } diff --git a/test/Solver/CallComputeValue.c b/test/Solver/CallComputeValue.c index 36ca85cf1e..140e3689a4 100644 --- a/test/Solver/CallComputeValue.c +++ b/test/Solver/CallComputeValue.c @@ -1,7 +1,7 @@ // REQUIRES: z3 // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --search=bfs --solver-backend=z3-tree --max-solvers-approx-tree-inc=4 --debug-crosscheck-core-solver=z3 --debug-z3-validate-models --debug-assignment-validating-solver --use-cex-cache=false --use-lazy-initialization=only %t1.bc 2>&1 | FileCheck %s +// RUN: %klee --output-dir=%t.klee-out --skip-local --search=bfs --solver-backend=z3-tree --max-solvers-approx-tree-inc=4 --debug-crosscheck-core-solver=z3 --debug-z3-validate-models --debug-assignment-validating-solver --use-cex-cache=false --use-lazy-initialization=only %t1.bc 2>&1 | FileCheck %s #include "klee/klee.h" @@ -18,4 +18,4 @@ int main() { } // CHECK: KLEE: done: completed paths = {{3|5}} -// CHECK: KLEE: done: partially completed paths = 0 +// CHECK: KLEE: done: partially completed paths = 2 diff --git a/test/Solver/Z3ConstantArray.c b/test/Solver/Z3ConstantArray.c index 419c67d124..d40d1c507b 100644 --- a/test/Solver/Z3ConstantArray.c +++ b/test/Solver/Z3ConstantArray.c @@ -9,14 +9,14 @@ #include "klee/klee.h" int main(int argc, char **argv) { - // CHECK-DAG: (assert (= (select constant01 #x00000000) #x67)) - // CHECK-DAG: (assert (= (select constant01 #x00000001) #x79)) - // CHECK-DAG: (assert (= (select constant01 #x00000002) #x7a)) - // CHECK-DAG: (assert (= (select constant01 #x00000003) #x00)) - // TEST-CASE-DAG: (assert (= (select constant0 (_ bv0 32) ) (_ bv103 8) ) ) - // TEST-CASE-DAG: (assert (= (select constant0 (_ bv1 32) ) (_ bv121 8) ) ) - // TEST-CASE-DAG: (assert (= (select constant0 (_ bv2 32) ) (_ bv122 8) ) ) - // TEST-CASE-DAG: (assert (= (select constant0 (_ bv3 32) ) (_ bv0 8) ) ) + // CHECK-DAG: (assert (= (select constant1{{[0-9]*}} #x00000000) #x67)) + // CHECK-DAG: (assert (= (select constant1{{[0-9]*}} #x00000001) #x79)) + // CHECK-DAG: (assert (= (select constant1{{[0-9]*}} #x00000002) #x7a)) + // CHECK-DAG: (assert (= (select constant1{{[0-9]*}} #x00000003) #x00)) + // TEST-CASE-DAG: (assert (= (select constant1{{[0-9]*}} (_ bv0 32) ) (_ bv103 8) ) ) + // TEST-CASE-DAG: (assert (= (select constant1{{[0-9]*}} (_ bv1 32) ) (_ bv121 8) ) ) + // TEST-CASE-DAG: (assert (= (select constant1{{[0-9]*}} (_ bv2 32) ) (_ bv122 8) ) ) + // TEST-CASE-DAG: (assert (= (select constant1{{[0-9]*}} (_ bv3 32) ) (_ bv0 8) ) ) char c[4] = {'g', 'y', 'z', '\0'}; unsigned i; klee_make_symbolic(&i, sizeof i, "i"); diff --git a/test/Solver/pals_floodmax.5.2.ufo.BOUNDED-10.pals.c b/test/Solver/pals_floodmax.5.2.ufo.BOUNDED-10.pals.c index fb8ace55c5..b38b21f35d 100644 --- a/test/Solver/pals_floodmax.5.2.ufo.BOUNDED-10.pals.c +++ b/test/Solver/pals_floodmax.5.2.ufo.BOUNDED-10.pals.c @@ -1,7 +1,7 @@ // REQUIRES: z3 // RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --use-forked-solver=false --solver-backend=z3-tree --max-solvers-approx-tree-inc=16 --optimize-aggressive=false --track-coverage=branches -max-memory=6008 --optimize --skip-not-lazy-initialized -output-source=false --output-stats=false --use-sym-size-alloc=true --cex-cache-validity-cores --symbolic-allocation-threshold=8192 --function-call-reproduce=reach_error -dump-states-on-halt=all -exit-on-error-type=Assert --search=dfs -max-instructions=6000 --debug-crosscheck-core-solver=z3 --debug-z3-validate-models --debug-assignment-validating-solver --use-cex-cache=false %t1.bc 2>&1 | FileCheck -check-prefix=CHECK-VERDICT %s +// RUN: %klee --output-dir=%t.klee-out --use-forked-solver=false --solver-backend=z3-tree --max-solvers-approx-tree-inc=16 --optimize-aggressive=false --track-coverage=branches --max-memory=6008 --optimize --skip-not-lazy-initialized --output-source=false --output-stats=false --use-sym-size-alloc=true --cex-cache-validity-cores --symbolic-allocation-threshold=8192 --function-call-reproduce=reach_error --dump-states-on-halt=all --exit-on-error-type=Assert --search=dfs --max-instructions=6000 --debug-crosscheck-core-solver=z3 --debug-z3-validate-models --debug-assignment-validating-solver --use-cex-cache=false %t1.bc 2>&1 | FileCheck -check-prefix=CHECK-VERDICT %s // CHECK-VERDICT: KLEE: done: total instructions = 6000 #include "klee-test-comp.c" diff --git a/test/lit.cfg b/test/lit.cfg index 79f071b5c0..94c94e0059 100644 --- a/test/lit.cfg +++ b/test/lit.cfg @@ -23,7 +23,7 @@ config.test_format = lit.formats.ShTest(execute_external=False) # suffixes: A list of file extensions to treat as test files # Note this can be overridden by lit.local.cfg files -config.suffixes = ['.ll', '.c', '.cpp', '.kquery'] +config.suffixes = ['.ll', '.c', '.i', '.cpp', '.kquery'] config.excludes = [ 'GenBout.c', @@ -189,6 +189,10 @@ config.substitutions.append( ('%annotations', os.path.join(klee_src_root, 'configs/annotations.json')) ) +config.substitutions.append( + ('%testcomp_defs', os.path.join(klee_src_root, 'include/klee-test-comp.c')) +) + config.substitutions.append( ('%libcxx_include', getattr(config, 'libcxx_include_dir', None))) diff --git a/test/regression/2016-08-11-entry-point-internalize-pass.c b/test/regression/2016-08-11-entry-point-internalize-pass.c index 45705c9822..ba380a425e 100644 --- a/test/regression/2016-08-11-entry-point-internalize-pass.c +++ b/test/regression/2016-08-11-entry-point-internalize-pass.c @@ -1,6 +1,6 @@ // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --entry-point=entry %t.bc +// RUN: %klee --output-dir=%t.klee-out --entry-points=entry %t.bc int entry() { return 0; diff --git a/test/regression/2023-02-01-replay-test-with-lazy-initialized-objects.c b/test/regression/2023-02-01-replay-test-with-lazy-initialized-objects.c index 6befbf686c..500b9febc3 100644 --- a/test/regression/2023-02-01-replay-test-with-lazy-initialized-objects.c +++ b/test/regression/2023-02-01-replay-test-with-lazy-initialized-objects.c @@ -1,7 +1,7 @@ // REQUIRES: not-darwin // RUN: %clang %s -emit-llvm %O0opt -c -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --libc=klee --posix-runtime --skip-not-lazy-initialized --skip-not-symbolic-objects %t.bc > %t.log +// RUN: %klee --output-dir=%t.klee-out --libc=klee --posix-runtime --skip-not-lazy-initialized --min-number-elements-li=4 %t.bc > %t.log // RUN: %cc %s %libkleeruntest -Wl,-rpath %libkleeruntestdir -o %t_runner @@ -9,6 +9,8 @@ // RUN: %replay %t.klee-out %t_runner > %t_runner.log // RUN: FileCheck -input-file=%t_runner.log %s +#include "klee/klee.h" +#include #include struct Data { diff --git a/test/regression/2023-10-12-inner-types-fix.c b/test/regression/2023-10-12-inner-types-fix.c index 2484dc6a1f..755c422961 100644 --- a/test/regression/2023-10-12-inner-types-fix.c +++ b/test/regression/2023-10-12-inner-types-fix.c @@ -1,7 +1,7 @@ // RUN: %clang -Wno-everything %s -emit-llvm %O0opt -g -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --entry-point=klee_entry --skip-not-lazy-initialized --min-number-elements-li=1 %t1.bc 2>&1 -// RUN: %ktest-tool %t.klee-out/test000003.ktest | FileCheck %s +// RUN: %klee --output-dir=%t.klee-out --skip-not-lazy-initialized --use-lazy-initialization=only --min-number-elements-li=1 %t1.bc 2>&1 +// RUN: %ktest-tool %t.klee-out/*.ktest | FileCheck %s #include "klee/klee.h" @@ -75,7 +75,7 @@ int sumStructComplex(struct StructComplex par) { } // CHECK: object 2: pointers: [(8, 3, 0)] -int klee_entry(int utbot_argc, char **utbot_argv, char **utbot_envp) { +int main(int utbot_argc, char **utbot_argv, char **utbot_envp) { struct StructComplex par; klee_make_symbolic(&par, sizeof(par), "par"); klee_prefer_cex(&par, par.x >= -10 & par.x <= 10); @@ -86,4 +86,4 @@ int klee_entry(int utbot_argc, char **utbot_argv, char **utbot_envp) { int utbot_tmp = sumStructComplex(par); klee_assume(utbot_tmp == utbot_result); return 0; -} \ No newline at end of file +} diff --git a/test/regression/2023-27-10-SimpleComparison.c b/test/regression/2023-27-10-SimpleComparison.c index def7647d8c..ac0a4c9d1c 100644 --- a/test/regression/2023-27-10-SimpleComparison.c +++ b/test/regression/2023-27-10-SimpleComparison.c @@ -1,7 +1,8 @@ -// RUN: %clang %s -emit-llvm %O0opt -c -o %t.bc +// RUN: %clang %s -emit-llvm %O0opt -g -c -o %t.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --debug-assignment-validating-solver=false --use-fast-cex-solver=false --use-cex-cache=false --use-branch-cache=false --use-alpha-equivalence=true --use-independent-solver=false --use-concretizing-solver=false --output-dir=%t.klee-out --skip-not-symbolic-objects --use-timestamps=false --use-guided-search=none %t.bc +// RUN: %klee --debug-assignment-validating-solver=false --use-lazy-initialization=only --use-fast-cex-solver=false --use-cex-cache=false --use-branch-cache=false --use-alpha-equivalence=true --use-independent-solver=false --use-concretizing-solver=false --output-dir=%t.klee-out --skip-not-symbolic-objects --use-timestamps=false --use-guided-search=none %t.bc 2>&1 | FileCheck -check-prefix=CHECK %s +#include "klee/klee.h" #include struct Node { @@ -11,10 +12,11 @@ struct Node { int main() { struct Node *nodeA; struct Node *nodeB; - klee_make_symbolic(&nodeA, sizeof(nodeA), "nodeA"); - klee_make_symbolic(&nodeB, sizeof(nodeB), "nodeB"); + klee_make_symbolic(&nodeA, sizeof(struct Node *), "nodeA"); + klee_make_symbolic(&nodeB, sizeof(struct Node *), "nodeB"); if (nodeA && nodeB && nodeA == nodeB && (*nodeA->x * 2) != (*nodeA->x + *nodeB->x)) { + // CHECK-NOT: 2023-27-10-SimpleComparison.c:[[@LINE+1]]: ASSERTION FAIL assert(0); } return 0; diff --git a/tools/kleaver/main.cpp b/tools/kleaver/main.cpp index 2deedb3c0b..712d3e5b5f 100644 --- a/tools/kleaver/main.cpp +++ b/tools/kleaver/main.cpp @@ -213,8 +213,7 @@ static bool EvaluateInputAST(const char *Filename, const llvm::MemoryBuffer *MB, std::move(coreSolver), getQueryLogPath(ALL_QUERIES_SMT2_FILE_NAME), getQueryLogPath(SOLVER_QUERIES_SMT2_FILE_NAME), getQueryLogPath(ALL_QUERIES_KQUERY_FILE_NAME), - getQueryLogPath(SOLVER_QUERIES_KQUERY_FILE_NAME), nullptr, - P->getArrayCache()); + getQueryLogPath(SOLVER_QUERIES_KQUERY_FILE_NAME)); unsigned Index = 0; for (std::vector::iterator it = Decls.begin(), ie = Decls.end(); @@ -256,7 +255,7 @@ static bool EvaluateInputAST(const char *Filename, const llvm::MemoryBuffer *MB, << ")"; } } else { - std::vector> result; + std::vector> result; constraints_ty constraints(QC->Constraints.begin(), QC->Constraints.end()); diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index 35fbd4de0d..48d1f85c06 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -30,6 +30,7 @@ #include "klee/Support/CompilerWarning.h" #include "llvm/Analysis/CallGraph.h" +#include "llvm/IR/Attributes.h" DISABLE_WARNING_PUSH DISABLE_WARNING_DEPRECATED_DECLARATIONS #include "llvm/ADT/APFloat.h" @@ -151,10 +152,10 @@ cl::opt cl::OptionCategory StartCat("Startup options", "These options affect how execution is started."); -cl::opt - EntryPoint("entry-point", - cl::desc("Function in which to start execution (default=main)"), - cl::init("main"), cl::cat(StartCat)); +cl::list + EntryPoints("entry-points", + cl::desc("Functions in which to start execution."), + cl::cat(StartCat)); cl::opt TimeoutPerFunction("timeout-per-function", cl::desc("Timeout per function in klee."), @@ -410,6 +411,20 @@ cl::opt AnnotateOnlyExternal( cl::desc("Ignore annotations for defined function (default=false)"), cl::init(false), cl::cat(MockCat)); +enum class SAMultiplexKind { + None, + Traces, + Module, + All, +}; + +cl::opt MultiplexForStaticAnalysis( + "multiplex-static-analysis", + cl::values(clEnumValN(SAMultiplexKind::None, "none", ""), + clEnumValN(SAMultiplexKind::Traces, "traces", ""), + clEnumValN(SAMultiplexKind::Module, "module", ""), + clEnumValN(SAMultiplexKind::All, "all", "")), + cl::desc(""), cl::init(SAMultiplexKind::None), cl::cat(StartCat)); } // namespace namespace klee { @@ -866,7 +881,7 @@ void KleeHandler::writeTestCaseXML(bool isError, const KTest &assignments, // Pointer types v.print(*file, false); } else if (name.find("float") == 0) { - llvm::APFloat(APFloatBase::IEEEhalf(), v).print(*file); + llvm::APFloat(APFloatBase::IEEEsingle(), v).print(*file); } else if (name.find("double") == 0) { llvm::APFloat(APFloatBase::IEEEdouble(), v).print(*file); } else if (name.rfind("_t") != std::string::npos) { @@ -1017,7 +1032,8 @@ static void parseArguments(int argc, char **argv) { } static void -preparePOSIX(std::vector> &loadedModules) { +preparePOSIX(std::vector> &loadedModules, + const std::string &EntryPoint) { // Get the main function from the main module and rename it such that it can // be called after the POSIX setup Function *mainFn = nullptr; @@ -1396,7 +1412,8 @@ createLibCWrapper(std::vector> &userModules, static void linkWithUclibc(StringRef libDir, std::string bit_suffix, std::string opt_suffix, std::vector> &userModules, - std::vector> &libsModules) { + std::vector> &libsModules, + const std::string &EntryPoint) { LLVMContext &ctx = userModules[0]->getContext(); std::string errorMsg; @@ -1454,10 +1471,8 @@ static int run_klee_on_function(int pArgc, char **pArgv, char **pEnvp, std::unique_ptr &handler, std::unique_ptr &interpreter, llvm::Module *finalModule, + llvm::Function *mainFn, std::vector &replayPath) { - - Function *mainFn = finalModule->getFunction(EntryPoint); - if (ReplayPathFile != "") { interpreter->setReplayPath(&replayPath); } @@ -1481,7 +1496,7 @@ static int run_klee_on_function(int pArgc, char **pArgv, char **pEnvp, *meta_file << "\t" << PACKAGE_STRING << "\n"; // Assume with early exit a bug finding mode and otherwise coverage - if (OptExitOnError) + if (UseGuidedSearch == Interpreter::GuidanceKind::ErrorGuidance) *meta_file << "\tCOVER( init(main()), FQL(COVER " "EDGES(@CALL(__VERIFIER_error))) )\n"; else @@ -1494,7 +1509,8 @@ static int run_klee_on_function(int pArgc, char **pArgv, char **pEnvp, << ".c\n"; *meta_file << "\t" << XMLMetadataProgramHash << "\n"; - *meta_file << "\t" << EntryPoint << "\n"; + *meta_file << "\t" << mainFn->getName().str() + << "\n"; *meta_file << "\t" << finalModule->getDataLayout().getPointerSizeInBits() << "bit\n"; @@ -1708,9 +1724,8 @@ llvm::Value *createStringArray(LLVMContext &ctx, const char *str) { return llvm::ConstantArray::get(type, chars); } -void multiplexEntryPoint(llvm::Module *m, LLVMContext &ctx, - std::vector entryFns) { - +std::string multiplexEntryPoint(llvm::Module *m, LLVMContext &ctx, + std::vector entryFns) { klee_message("Multiplexing entry point for the following functions:"); for (auto fn : entryFns) { klee_message("%s", fn->getName().data()); @@ -1805,8 +1820,7 @@ void multiplexEntryPoint(llvm::Module *m, LLVMContext &ctx, builder.CreateBr(exitBB); } - EntryPoint = multiplexedEntryName; - return; + return multiplexedEntryName; } struct FunctionReachability { @@ -1992,7 +2006,9 @@ int main(int argc, char **argv, char **envp) { // Load the bytecode... std::vector> loadedUserModules; std::vector> loadedLibsModules; - if (!klee::loadFileAsOneModule(InputFile, ctx, loadedUserModules, errorMsg)) { + Interpreter::FunctionsByModule functionsByModule; + if (!klee::loadArchiveAsOneModule(InputFile, ctx, loadedUserModules, + functionsByModule, errorMsg)) { klee_error("error loading program '%s': %s", InputFile.c_str(), errorMsg.c_str()); } @@ -2008,7 +2024,51 @@ int main(int argc, char **argv, char **envp) { llvm::Module *mainModule = loadedUserModules.front().get(); FLCtoOpcode origInstructions; + std::set mainModuleFunctions; + for (auto &Function : *mainModule) { + if (!Function.isDeclaration()) { + mainModuleFunctions.insert(Function.getName().str()); + } + } + + std::set mainModuleGlobals; + for (const auto &gv : mainModule->globals()) { + mainModuleGlobals.insert(gv.getName().str()); + } + + std::string EntryPoint; if (UseGuidedSearch == Interpreter::GuidanceKind::ErrorGuidance) { + MultiplexForStaticAnalysis = SAMultiplexKind::Traces; + klee_warning("ignore MultiplexForStaticAnalysis option."); + } else if (MultiplexForStaticAnalysis != SAMultiplexKind::None) { + klee_warning("ignore EntryPoints option."); + } + std::vector Fns; + + switch (MultiplexForStaticAnalysis) { + case SAMultiplexKind::All: { + for (auto &f : *mainModule) { + if (!f.isDeclaration()) { + Fns.push_back(&f); + } + } + break; + } + + case SAMultiplexKind::Module: { + for (const auto &mod : functionsByModule.modules) { + for (const auto &f : mod) { + if (functionsByModule.usesInModule[f] <= 1) { + Fns.push_back(f); + } + } + } + break; + } + + case SAMultiplexKind::Traces: { + assert(UseGuidedSearch == Interpreter::GuidanceKind::ErrorGuidance && + "Use Traces value only together with error guided search."); for (const auto &Func : *mainModule) { for (const auto &instr : llvm::instructions(Func)) { auto locationInfo = getLocationInfo(&instr); @@ -2018,8 +2078,6 @@ int main(int argc, char **argv, char **envp) { } } - std::vector entryFns; - auto paths = parseStaticAnalysisInput(); if (paths->empty()) { @@ -2044,30 +2102,46 @@ int main(int argc, char **argv, char **envp) { } auto entryFn = tryResolveEntryFunction(mainModule, trace); if (entryFn) { - if (std::find(entryFns.begin(), entryFns.end(), entryFn) == - entryFns.end()) { - entryFns.push_back(entryFn); + if (std::find(Fns.begin(), Fns.end(), entryFn) == Fns.end()) { + Fns.push_back(entryFn); } } else { klee_warning("Broken trace (entry fn not resolved)."); } } - if (entryFns.empty()) { + if (Fns.empty()) { klee_error("Entry function resolved for no trace"); } - multiplexEntryPoint(mainModule, ctx, entryFns); + break; } - std::set mainModuleFunctions; - for (auto &Function : *mainModule) { - if (!Function.isDeclaration()) { - mainModuleFunctions.insert(Function.getName().str()); + case SAMultiplexKind::None: { + if (EntryPoints.empty()) { + EntryPoint = "main"; + } else { + for (auto &entryPoint : EntryPoints) { + if (llvm::Function *entryFn = mainModule->getFunction(entryPoint)) { + if (std::find(Fns.begin(), Fns.end(), entryFn) == Fns.end()) { + Fns.push_back(entryFn); + } + } else if (entryPoint.empty()) { + klee_error("entry-point cannot be empty"); + } else { + klee_error("Entry function '%s' not found in module.", + entryPoint.c_str()); + } + } } + break; } - std::set mainModuleGlobals; - for (const auto &gv : mainModule->globals()) { - mainModuleGlobals.insert(gv.getName().str()); + + default: + assert(0); + } + + if (EntryPoint.empty()) { + EntryPoint = multiplexEntryPoint(mainModule, ctx, Fns); } const std::string &module_triple = mainModule->getTargetTriple(); @@ -2160,7 +2234,7 @@ int main(int argc, char **argv, char **envp) { } mainModuleFunctions.insert("__klee_posix_wrapped_main"); - preparePOSIX(loadedUserModules); + preparePOSIX(loadedUserModules, EntryPoint); } if (WithFPRuntime) { @@ -2235,7 +2309,7 @@ int main(int argc, char **argv, char **envp) { } case LibcType::UcLibc: linkWithUclibc(LibraryDir, bit_suffix, opt_suffix, loadedUserModules, - loadedLibsModules); + loadedLibsModules, EntryPoint); break; } @@ -2358,10 +2432,12 @@ int main(int argc, char **argv, char **envp) { klee_error("Entry function '%s' not found in module.", EntryPoint.c_str()); } + interpreter->setFunctionsByModule(std::move(functionsByModule)); + externalsAndGlobalsCheck(finalModule); run_klee_on_function(pArgc, pArgv, pEnvp, handler, interpreter, finalModule, - replayPath); + mainFn, replayPath); paths.reset(); diff --git a/tools/ktest-tool/ktest-tool b/tools/ktest-tool/ktest-tool index 846191c716..086f6e9d8d 100755 --- a/tools/ktest-tool/ktest-tool +++ b/tools/ktest-tool/ktest-tool @@ -65,9 +65,9 @@ class KTest: if version >= 4: numPointers, = struct.unpack('>i', f.read(4)) for _ in range(numPointers): - offset, = struct.unpack('>i', f.read(4)) - index, = struct.unpack('>i', f.read(4)) - indexOffset, = struct.unpack('>i', f.read(4)) + offset, = struct.unpack('>q', f.read(8)) + index, = struct.unpack('>q', f.read(8)) + indexOffset, = struct.unpack('>q', f.read(8)) pointers.append((offset, index, indexOffset)) objects.append((name, address, bytes, pointers)) diff --git a/unittests/Annotations/AnnotationsTest.cpp b/unittests/Annotations/AnnotationsTest.cpp index 7c3b90de3f..4899d69837 100644 --- a/unittests/Annotations/AnnotationsTest.cpp +++ b/unittests/Annotations/AnnotationsTest.cpp @@ -11,8 +11,11 @@ #include "klee/Module/Annotation.h" +#include "nlohmann/json.hpp" + #include +using json = nlohmann::json; using namespace klee; TEST(AnnotationsTest, Empty) { diff --git a/unittests/Assignment/AssignmentTest.cpp b/unittests/Assignment/AssignmentTest.cpp index 419a4d0956..0cef29239a 100644 --- a/unittests/Assignment/AssignmentTest.cpp +++ b/unittests/Assignment/AssignmentTest.cpp @@ -13,17 +13,17 @@ int finished = 0; using namespace klee; TEST(AssignmentTest, FoldNotOptimized) { - ArrayCache ac; - const Array *array = ac.CreateArray( + const Array *array = Array::create( /*size=*/ConstantExpr::create(1, sizeof(uint64_t) * CHAR_BIT), SourceBuilder::makeSymbolic("simple_array", 0)); // Create a simple assignment std::vector objects; - SparseStorage value(0); - std::vector> values; + SparseStorageImpl value(0); + std::vector> values; objects.push_back(array); value.store(0, 128); + value.dump(); values.push_back(value); // We want to simplify to a constant so allow free values so // if the assignment is incomplete we don't get back a constant. diff --git a/unittests/CMakeLists.txt b/unittests/CMakeLists.txt index edb1f46361..e08637aee2 100644 --- a/unittests/CMakeLists.txt +++ b/unittests/CMakeLists.txt @@ -277,6 +277,7 @@ add_subdirectory(Assignment) add_subdirectory(Expr) add_subdirectory(Ref) add_subdirectory(Solver) +add_subdirectory(Storage) add_subdirectory(Searcher) add_subdirectory(TreeStream) add_subdirectory(DiscretePDF) diff --git a/unittests/Expr/ArrayExprTest.cpp b/unittests/Expr/ArrayExprTest.cpp index c2c522007d..9d0811268a 100644 --- a/unittests/Expr/ArrayExprTest.cpp +++ b/unittests/Expr/ArrayExprTest.cpp @@ -37,18 +37,16 @@ ref getConstant(int value, Expr::Width width) { return ConstantExpr::create(trunc, width); } -static ArrayCache ac; - TEST(ArrayExprTest, HashCollisions) { klee::OptimizeArray = ALL; - SparseStorage> constVals( + SparseStorageImpl> constVals( ConstantExpr::create(5, Expr::Int8)); - const Array *array = ac.CreateArray( + const Array *array = Array::create( ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::constant(constVals), Expr::Int32, Expr::Int8); + SourceBuilder::constant(constVals.clone()), Expr::Int32, Expr::Int8); const Array *symArray = - ac.CreateArray(ConstantExpr::create(4, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::makeSymbolic("symIdx", 0)); + Array::create(ConstantExpr::create(4, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::makeSymbolic("symIdx", 0)); ref symIdx = Expr::createTempRead(symArray, Expr::Int32); UpdateList ul(array, 0); ul.extend(getConstant(3, Expr::Int32), getConstant(11, Expr::Int8)); @@ -62,10 +60,10 @@ TEST(ArrayExprTest, HashCollisions) { ASSERT_NE(updatedRead, firstRead); ASSERT_EQ(updatedRead->hash(), firstRead->hash()); - SparseStorage value({6, 0, 0, 0}); - std::vector> values = {value}; - std::vector assigmentArrays = {symArray}; - auto a = std::make_unique(assigmentArrays, values); + SparseStorageImpl value({6, 0, 0, 0}); + std::vector> values = {value}; + std::vector assignmentArrays = {symArray}; + auto a = std::make_unique(assignmentArrays, values); EXPECT_NE(a->evaluate(updatedRead), a->evaluate(firstRead)); EXPECT_EQ(a->evaluate(updatedRead), getConstant(42, Expr::Int8)); diff --git a/unittests/Expr/ExprTest.cpp b/unittests/Expr/ExprTest.cpp index f6d79683e7..67d2b0fbda 100644 --- a/unittests/Expr/ExprTest.cpp +++ b/unittests/Expr/ExprTest.cpp @@ -32,14 +32,13 @@ TEST(ExprTest, BasicConstruction) { TEST(ExprTest, ConcatExtract) { - ArrayCache ac; const Array *array = - ac.CreateArray(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::makeSymbolic("arr", 0)); + Array::create(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::makeSymbolic("arr", 0)); ref read8 = Expr::createTempRead(array, 8); const Array *array2 = - ac.CreateArray(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::makeSymbolic("arr", 1)); + Array::create(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::makeSymbolic("arr", 1)); ref read8_2 = Expr::createTempRead(array2, 8); ref c100 = getConstant(100, 8); @@ -91,15 +90,14 @@ TEST(ExprTest, ConcatExtract) { } TEST(ExprTest, ExtractConcat) { - ArrayCache ac; const Array *array = - ac.CreateArray(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::makeSymbolic("arr", 2)); + Array::create(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::makeSymbolic("arr", 2)); ref read64 = Expr::createTempRead(array, 64); const Array *array2 = - ac.CreateArray(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::makeSymbolic("arr", 3)); + Array::create(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::makeSymbolic("arr", 3)); ref read8_2 = Expr::createTempRead(array2, 8); ref extract1 = ExtractExpr::create(read64, 36, 4); @@ -128,15 +126,14 @@ TEST(ExprTest, ReadExprFoldingBasic) { unsigned size = 5; // Constant array - SparseStorage> Contents( + SparseStorageImpl> Contents( ConstantExpr::create(0, Expr::Int8)); for (unsigned i = 0; i < size; ++i) Contents.store(i, ConstantExpr::create(i + 1, Expr::Int8)); - ArrayCache ac; const Array *array = - ac.CreateArray(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::constant(Contents)); + Array::create(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::constant(Contents.clone())); // Basic constant folding rule UpdateList ul(array, 0); @@ -157,14 +154,13 @@ TEST(ExprTest, ReadExprFoldingIndexOutOfBound) { unsigned size = 5; // Constant array - SparseStorage> Contents( + SparseStorageImpl> Contents( ConstantExpr::create(0, Expr::Int8)); for (unsigned i = 0; i < size; ++i) Contents.store(i, ConstantExpr::create(i + 1, Expr::Int8)); - ArrayCache ac; const Array *array = - ac.CreateArray(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::constant(Contents)); + Array::create(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::constant(Contents.clone())); // Constant folding rule with index-out-of-bound // Constant index (128) @@ -180,15 +176,14 @@ TEST(ExprTest, ReadExprFoldingConstantUpdate) { unsigned size = 5; // Constant array - SparseStorage> Contents( + SparseStorageImpl> Contents( ConstantExpr::create(0, Expr::Int8)); for (unsigned i = 0; i < size; ++i) Contents.store(i, ConstantExpr::create(i + 1, Expr::Int8)); - ArrayCache ac; const Array *array = - ac.CreateArray(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::constant(Contents)); + Array::create(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::constant(Contents.clone())); // Constant folding rule with constant update // Constant index (0) @@ -208,15 +203,14 @@ TEST(ExprTest, ReadExprFoldingConstantMultipleUpdate) { unsigned size = 5; // Constant array - SparseStorage> Contents( + SparseStorageImpl> Contents( ConstantExpr::create(0, Expr::Int8)); for (unsigned i = 0; i < size; ++i) Contents.store(i, ConstantExpr::create(i + 1, Expr::Int8)); - ArrayCache ac; const Array *array = - ac.CreateArray(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::constant(Contents)); + Array::create(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::constant(Contents.clone())); // Constant folding rule with constant update // Constant index (0) @@ -238,23 +232,22 @@ TEST(ExprTest, ReadExprFoldingSymbolicValueUpdate) { unsigned size = 5; // Constant array - SparseStorage> Contents( + SparseStorageImpl> Contents( ConstantExpr::create(0, Expr::Int8)); for (unsigned i = 0; i < size; ++i) Contents.store(i, ConstantExpr::create(i + 1, Expr::Int8)); - ArrayCache ac; const Array *array = - ac.CreateArray(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::constant(Contents)); + Array::create(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::constant(Contents.clone())); // Constant folding rule with symbolic update (value) // Constant index (0) ref index = ConstantExpr::create(0, Expr::Int32); UpdateList ul(array, 0); const Array *array2 = - ac.CreateArray(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::makeSymbolic("arr", 2)); + Array::create(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::makeSymbolic("arr", 2)); ref updateValue = ReadExpr::createTempRead(array2, Expr::Int8); ul.extend(index, updateValue); ref read = ReadExpr::create(ul, index); @@ -268,21 +261,20 @@ TEST(ExprTest, ReadExprFoldingSymbolicIndexUpdate) { unsigned size = 5; // Constant array - SparseStorage> Contents( + SparseStorageImpl> Contents( ConstantExpr::create(0, Expr::Int8)); for (unsigned i = 0; i < size; ++i) Contents.store(i, ConstantExpr::create(i + 1, Expr::Int8)); - ArrayCache ac; const Array *array = - ac.CreateArray(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::constant(Contents)); + Array::create(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::constant(Contents.clone())); // Constant folding rule with symbolic update (index) UpdateList ul(array, 0); const Array *array2 = - ac.CreateArray(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::makeSymbolic("arr", 2)); + Array::create(ConstantExpr::create(256, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::makeSymbolic("arr", 2)); ref updateIndex = ReadExpr::createTempRead(array2, Expr::Int32); ref updateValue = ConstantExpr::create(12, Expr::Int8); ul.extend(updateIndex, updateValue); diff --git a/unittests/Solver/SolverTest.cpp b/unittests/Solver/SolverTest.cpp index a208376c7d..04cdddec05 100644 --- a/unittests/Solver/SolverTest.cpp +++ b/unittests/Solver/SolverTest.cpp @@ -38,11 +38,6 @@ ref getConstant(int value, Expr::Width width) { return ConstantExpr::create(trunc, width); } -// We have to have the cache globally scopped (and not in ``testOperation``) -// because the Solver (i.e. in STP's case the STPBuilder) holds on to pointers -// to allocated Arrays. -ArrayCache ac; - template void testOperation(Solver &solver, int value, Expr::Width operandWidth, Expr::Width resultWidth) { @@ -55,8 +50,8 @@ void testOperation(Solver &solver, int value, Expr::Width operandWidth, unsigned size = Expr::getMinBytesForWidth(operandWidth); static uint64_t id = 0; const Array *array = - ac.CreateArray(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::makeSymbolic("arr", ++id)); + Array::create(ConstantExpr::create(size, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::makeSymbolic("arr", ++id)); symbolicArgs.push_back( Expr::CreateArg(Expr::createTempRead(array, operandWidth))); } diff --git a/unittests/Solver/Z3SolverTest.cpp b/unittests/Solver/Z3SolverTest.cpp index a9a2581d89..8820263332 100644 --- a/unittests/Solver/Z3SolverTest.cpp +++ b/unittests/Solver/Z3SolverTest.cpp @@ -25,9 +25,6 @@ using namespace klee; -namespace { -ArrayCache AC; -} class Z3SolverTest : public ::testing::Test { protected: std::unique_ptr Z3Solver_; @@ -41,7 +38,7 @@ TEST_F(Z3SolverTest, GetConstraintLog) { constraints_ty Constraints; const std::vector ConstantValues{1, 2, 3, 4}; - SparseStorage> ConstantExpressions( + SparseStorageImpl> ConstantExpressions( ConstantExpr::create(0, Expr::Int8)); for (unsigned i = 0; i < ConstantValues.size(); ++i) { @@ -50,8 +47,8 @@ TEST_F(Z3SolverTest, GetConstraintLog) { } const Array *ConstantArray = - AC.CreateArray(ConstantExpr::create(4, sizeof(uint64_t) * CHAR_BIT), - SourceBuilder::constant(ConstantExpressions)); + Array::create(ConstantExpr::create(4, sizeof(uint64_t) * CHAR_BIT), + SourceBuilder::constant(ConstantExpressions.clone())); const UpdateList ConstantArrayUL(ConstantArray, nullptr); const ref Index = ConstantExpr::alloc(1, Expr::Int32); diff --git a/unittests/Storage/CMakeLists.txt b/unittests/Storage/CMakeLists.txt new file mode 100644 index 0000000000..0850ea4f5a --- /dev/null +++ b/unittests/Storage/CMakeLists.txt @@ -0,0 +1,7 @@ +add_klee_unit_test(StorageTest + StorageTest.cpp) +target_link_libraries(StorageTest PRIVATE kleaverExpr kleaverSolver) +target_compile_options(StorageTest PRIVATE ${KLEE_COMPONENT_CXX_FLAGS}) +target_compile_definitions(StorageTest PRIVATE ${KLEE_COMPONENT_CXX_DEFINES}) + +target_include_directories(StorageTest PRIVATE ${KLEE_INCLUDE_DIRS}) diff --git a/unittests/Storage/StorageTest.cpp b/unittests/Storage/StorageTest.cpp new file mode 100644 index 0000000000..a3456313f9 --- /dev/null +++ b/unittests/Storage/StorageTest.cpp @@ -0,0 +1,58 @@ +#include "gtest/gtest.h" + +#include "klee/ADT/FixedSizeStorageAdapter.h" +#include "klee/ADT/StorageAdapter.h" + +using namespace klee; + +TEST(StorageTest, StorageAdapter) { + std::unique_ptr> uma( + new UnorderedMapAdapder()); + std::unique_ptr> puma( + new PersistenUnorderedMapAdapder()); + std::unique_ptr> saa( + new SparseArrayAdapter(0, 12)); + uma->set(0, 1); + puma->set(0, 1); + saa->set(0, 1); + ASSERT_EQ(uma->at(0), 1); + ASSERT_EQ(puma->at(0), 1); + ASSERT_EQ(saa->at(0), 1); + char sum = 0; + for (const auto &val : *uma) { + sum += val.second; + } + for (const auto &val : *puma) { + sum += val.second; + } + for (const auto &val : *saa) { + sum += val.second; + } + ASSERT_EQ(sum, 3); +} + +TEST(StorageTest, FixedSizeStorageAdapter) { + std::unique_ptr> va( + new VectorAdapter(32)); + std::unique_ptr> pva( + new PersistentVectorAdapter(32)); + std::unique_ptr> aa( + new ArrayAdapter(32)); + va->set(0, 1); + pva->set(0, 1); + aa->set(0, 1); + ASSERT_EQ(va->at(0), 1); + ASSERT_EQ(pva->at(0), 1); + ASSERT_EQ(aa->at(0), 1); + char sum = 0; + for (const auto &val : *va) { + sum += val; + } + for (const auto &val : *pva) { + sum += val; + } + for (const auto &val : *aa) { + sum += val; + } + ASSERT_EQ(sum, 3); +}