Skip to content

Commit 07f8d55

Browse files
misonijnikmisonijnik
committed
[feat] Add UninitMemoryTestMultiplier`
1 parent 0bbe6d7 commit 07f8d55

File tree

5 files changed

+3725
-20
lines changed

5 files changed

+3725
-20
lines changed

include/klee/ADT/KTest.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@ struct KTest {
4646

4747
unsigned numObjects;
4848
KTestObject *objects;
49+
unsigned uninitCoeff;
4950
};
5051

5152
/* returns the current .ktest file format version */

lib/Core/Executor.cpp

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -255,6 +255,13 @@ cl::opt<unsigned> DelayCoverOnTheFly(
255255
"(default=10000)"),
256256
cl::cat(TestGenCat));
257257

258+
cl::opt<unsigned> UninitMemoryTestMultiplier(
259+
"uninit-memory-test-multiplier", cl::init(6),
260+
cl::desc("Generate additional number of duplicate tests due to "
261+
"irreproducibility of uninitialized memory "
262+
"(default=6)"),
263+
cl::cat(TestGenCat));
264+
258265
/* Constraint solving options */
259266

260267
cl::opt<unsigned> MaxSymArraySize(
@@ -7122,6 +7129,15 @@ bool isReproducible(const klee::Symbolic &symb) {
71227129
return !bad;
71237130
}
71247131

7132+
bool isUninitialized(const klee::Array *array) {
7133+
bool bad = isa<UninitializedSource>(array->source);
7134+
if (bad)
7135+
klee_warning_once(array->source.get(),
7136+
"A uninitialized array %s reaches a test",
7137+
array->getIdentifier().c_str());
7138+
return bad;
7139+
}
7140+
71257141
bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) {
71267142
solver->setTimeout(coreSolverTimeout);
71277143

@@ -7158,6 +7174,13 @@ bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) {
71587174
}
71597175
}
71607176

7177+
std::vector<const Array *> allObjects;
7178+
findSymbolicObjects(state.constraints.cs().cs().begin(),
7179+
state.constraints.cs().cs().end(), allObjects);
7180+
std::vector<const Array *> uninitObjects;
7181+
std::copy_if(allObjects.begin(), allObjects.end(),
7182+
std::back_inserter(uninitObjects), isUninitialized);
7183+
71617184
std::vector<klee::Symbolic> symbolics;
71627185
std::copy_if(state.symbolics.begin(), state.symbolics.end(),
71637186
std::back_inserter(symbolics), isReproducible);
@@ -7180,6 +7203,7 @@ bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) {
71807203

71817204
res.numObjects = symbolics.size();
71827205
res.objects = new KTestObject[res.numObjects];
7206+
res.uninitCoeff = uninitObjects.empty() ? 0 : UninitMemoryTestMultiplier;
71837207

71847208
{
71857209
size_t i = 0;

0 commit comments

Comments
 (0)