From b8a0680b3f22539e38090583c1ab7be854bf6c22 Mon Sep 17 00:00:00 2001 From: Yurii Kostyukov Date: Fri, 3 Nov 2023 13:50:09 +0300 Subject: [PATCH] [feat] Single-file run script --- scripts/kleef | 432 ++++++++++++++++++++++++++ test/Industry/btor2c-lazyMod.mul6.c | 260 ++++++++++++++++ test/Industry/coverage-error-call.prp | 2 + tools/klee/CMakeLists.txt | 3 + 4 files changed, 697 insertions(+) create mode 100755 scripts/kleef create mode 100644 test/Industry/btor2c-lazyMod.mul6.c create mode 100644 test/Industry/coverage-error-call.prp diff --git a/scripts/kleef b/scripts/kleef new file mode 100755 index 0000000000..be47bde285 --- /dev/null +++ b/scripts/kleef @@ -0,0 +1,432 @@ +#!/usr/bin/env python3 +import argparse +import os +import subprocess +import shutil +import tempfile +import hashlib +from functools import partial +from pathlib import Path + + +def klee_options( + max_memory, + test_output_dir, + source, + hexhash, + max_time, + compiled_file, + is32, + f_err, + f_cov, +): + if max_time and int(max_time) > 30: + MAX_SOLVER_TIME = 10 + else: + MAX_SOLVER_TIME = 5 + cmd = [ + "--strip-unwanted-calls", # removes llvm.dbg.* instructions, exponentially reduces time on some benchmarks + "--delete-dead-loops=false", # without this optimizer removes some code, which decreases coverage + "--emit-all-errors", # without this we generate only one test for assertion failures, which decreases coverage + "--mock-all-externals", # this helps for some linux benchmarks, which have unused extern globals. without this flag we will not even start on them. + "--use-forked-solver=false", + # "--solver-backend=stp", + "--solver-backend=z3-tree", + "--max-solvers-approx-tree-inc=16", + f"--max-memory={int(max_memory * 0.9)}", # Just use half of the memory in case we have to fork + "--optimize", + "--skip-not-lazy-initialized", + f"--output-dir={test_output_dir}", # Output files into specific directory + "--output-source=false", # Do not output assembly.ll - it can be too large + "--output-stats=false", + "--output-istats=false", + # "--istats-write-interval=90s", # Istats file can be large as well + "--write-xml-tests", # Write tests in XML format + f"--xml-metadata-programfile={source.name}", # Provide the name of the original source file + f"--xml-metadata-programhash={hexhash}", # Provide sha256 hash of source file + # "--use-guided-search=none", + "--use-sym-size-alloc=true", + "--cex-cache-validity-cores", + # "--libc=uclibc", + # "--posix-runtime", + # "--fp-runtime", + # "--max-sym-array-size=4096", + "--symbolic-allocation-threshold=8192", + # "--dump-all-states=false", + # "--search=nurs:covnew", + # "--search=nurs:md2u", "--search=random-path", + # "-const-array-opt", + ] + + if is32: + cmd += [ + "--allocate-determ", + f"--allocate-determ-size={min(int(max_memory * 0.6), 3 * 1024)}", + "--allocate-determ-start-address=0x00030000000", + ] + + if f_err: + cmd += [ + "--use-alpha-equivalence=false", + "--function-call-reproduce=reach_error", + # "--max-cycles=0", + # "--tc-type=bug", + "--dump-states-on-halt=false", # Explicitly do not dump states + "--exit-on-error-type=Assert", # Only generate test cases of type assert + # "--dump-test-case-type=Assert", # Only dump test cases of type assert + "--search=dfs", + # "--search=nurs:covnew", "--search=random-path","--search=dfs", "--use-batching-search", + # "--search=distance","--search=random-path","--use-batching-search", + # "--target-assert", # Target + ] + if max_time: + cmd += [ + f"--max-time={int(max_time)}", # Use the whole time + ] + + if f_cov: + cmd += [ + "--mem-trigger-cof", # Start on the fly tests generation after approaching memory cup + "--use-alpha-equivalence=true", + "--track-coverage=all", # Only branches and only instructions are wrong in real life. E.g., ternary operators are sometimes counted as different branches, while we stick to look at them as a single instruction from a single branch + "--use-iterative-deepening-search=max-cycles", + f"--max-solver-time={MAX_SOLVER_TIME}s", + # "--tc-type=cov", + "--only-output-states-covering-new", # Don't generate all test cases + "--dump-states-on-halt=true", # Check in case we missed some oncovered instructions + "--search=dfs", + "--search=random-state", + ] + if max_time: + max_time = float(max_time) + late_time = int(max_time * 0.9) + last_time = int(max_time * 0.97) + cmd += [ + "--cover-on-the-fly=true", + f"--delay-cover-on-the-fly={late_time}", + f"--max-time={last_time}", + ] + + cmd += [compiled_file] # Finally add the file to be tested + return cmd + + +def normalize_command(cmd, shell=False): + if shell: + out = cmd + else: + cmd2 = [x.as_posix() if isinstance(x, Path) else x for x in cmd] + out = " ".join(cmd2) + print("Running:", out) + return out + + +def check_call(cmd, shell=False): + normalize_command(cmd, shell) + subprocess.check_call(cmd, shell=shell) + # p = subprocess.Popen(cmd, stdout=subprocess.PIPE) + # p.communicate() + # print(p.returncode) + + +def locateBinaryOrFail(binary, err_mess=""): + output = shutil.which(binary) + if output is not None: + return Path(output) + print(f"Command '{binary}' not found{err_mess}") + exit(1) + + +def tryFind(folder, binary): + output = folder / binary + if output.exists(): + return output + return locateBinaryOrFail(binary) + + +def printNotNone(s): + if s is not None: + print(s.decode("utf-8")) + + +class KLEEF(object): + """ + Wrapper to run KLEEF within BenchExec + Compiles source and executes KLEEF + """ + + def __init__( + self, + source=None, + is32=False, + f_cov=False, + f_err=False, + max_memory=0, + max_time=0, + use_perf=False, + use_valgrind=False, + ): + self.source = Path(source) if source else None + self.is32 = is32 + self.tempdir = None + self.compiled_file = None + self.f_cov = f_cov + self.f_err = f_err + self.max_memory = max_memory / 1024 / 1024 # Convert to MB + self.max_time = max_time + self.use_perf = use_perf + self.use_valgrind = use_valgrind + + # This file is inside the bin directory - use the root as base + self.bin_directory = Path(__file__).parent + self.base_directory = self.bin_directory.parent + self.klee_path = self.bin_directory / "klee" + self.compiler_path = tryFind(self.bin_directory, "clang") + self.linker_path = tryFind(self.bin_directory, "llvm-link") + self.library_path = self.base_directory / "libraries" + self.runtime_library_path = self.base_directory / "runtime/lib" + self.test_results_path = Path.cwd() / "test-suite" + self.test_results_path.mkdir(exist_ok=True) + + self.callEnv = os.environ.copy() + self.callEnv["LD_LIBRARY_PATH"] = self.library_path + self.callEnv["KLEE_RUNTIME_LIBRARY_PATH"] = self.runtime_library_path + + def compile(self): + self.tempdir = Path(tempfile.mkdtemp()) + + # Compile file for testing + self.compiled_file = self.tempdir / (self.source.name + ".bc") + + compiler_options = [ + self.compiler_path, + "-O0", + "-Xclang", + "-disable-O0-optnone", + "-fbracket-depth=1024", + "-c", + "-g", + "-emit-llvm", + ] + if self.is32: + compiler_options += ["-m32"] + if self.use_perf: + compiler_options += ["-gdwarf-4"] + cmd = compiler_options + [ + "-Wno-everything", # do not print any error statements - we are not allowed to change the code + "-fno-default-inline", + "-o", + self.compiled_file, + self.source, + ] + check_call(cmd) + + # Compile library + compiled_library = self.tempdir / "library.bc" + include_path = self.base_directory / "include/klee-test-comp.c" + cmd = compiler_options + [ + "-o", + compiled_library, + include_path, + ] + check_call(cmd) + + # Link both together to final + cmd = [ + self.linker_path, + "-o", + self.compiled_file, + compiled_library, + self.compiled_file, + ] + check_call(cmd) + + def isModifyingUlimitPermitted(self): + out = subprocess.run( + "ulimit -s unlimited", + shell=True, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ).returncode + return not out + + def run(self): + test_output_dir = self.test_results_path / self.source.name + # Clean-up from previous runs if needed + shutil.rmtree(test_output_dir, ignore_errors=True) + + # Calculate hashsum of original source file + with open(self.source, mode="rb") as f: + h = hashlib.sha256() + for buf in iter(partial(f.read, 128), b""): + h.update(buf) + + cmd = [self.klee_path] + if self.use_perf: + cmd = ["perf", "record", "-g", "--call-graph", "dwarf"] + cmd + elif self.use_valgrind: + cmd = ["valgrind", "--tool=massif"] + cmd + + # Add common arguments + cmd += klee_options( + self.max_memory, + test_output_dir, + self.source, + h.hexdigest(), + self.max_time, + self.compiled_file, + self.is32, + self.f_err, + self.f_cov, + ) + if self.isModifyingUlimitPermitted(): + cmd = ["ulimit -s unlimited", "&&"] + cmd + cmd = normalize_command(cmd) + + p = subprocess.Popen( + cmd, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + shell=True, + env=self.callEnv, + ) + s_out, s_err = p.communicate() + if not self.use_perf: + printNotNone(s_out) + printNotNone(s_err) + + if self.use_perf: + cmd = "perf script | c++filt | gprof2dot -f perf -s | dot -Tpdf -o output.pdf" + check_call(cmd, shell=True) + + return test_output_dir + + def version(self): + cmd = [self.klee_path, "--version"] + p = subprocess.Popen( + cmd, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env=self.callEnv, + ) + s_out, s_err = p.communicate() + printNotNone(s_out) + + +def run(args): + if args.version: + wrapper = KLEEF() + wrapper.version() + exit(0) + + # Validation of arguments + if not args.source or not os.path.isfile(args.source): + print("File does not exist", args.source) + exit(1) + + if args.property_file: + with open(args.property_file, "r") as f: + for line in f: + if "@DECISIONEDGE" in line: + args.coverage_only = True + if "@CALL(reach_error)" in line: + args.error_only = True + # Generate wrapper + time = 0 + if args.max_cputime_soft: # Use soft timeout if available + time = args.max_cputime_soft + elif args.max_cputime_hard: + time = args.max_cputime_hard + elif args.max_walltime: + time = args.max_walltime + elif args.max_time: + time = args.max_time + + is32 = None + if vars(args).get("32"): + is32 = True + if vars(args).get("64"): + if is32: + print("Cannot set --64 and --32 simultanously") + exit(1) + is32 = False + + if is32 is None: + print("No architecture set. Assume 64bit") + is32 = False + optAndUsed = [ + (args.perf, "perf", ["perf", "c++filt", "gprof2dot", "dot"]), + (args.valgrind, "valgrind", ["valgrind"]), + ] + for opt, name, used_by_opt in optAndUsed: + if not opt: + continue + for tool in used_by_opt: + locateBinaryOrFail(tool, err_mess=f", so cannot run with option --{name}") + + if args.perf and args.valgrind: + print("Cannot use perf and valgrind at the same time") + exit(1) + wrapper = KLEEF( + source=args.source, + is32=is32, + f_cov=args.coverage_only, + f_err=args.error_only, + max_memory=args.max_memory, + max_time=time, + use_perf=args.perf, + use_valgrind=args.valgrind, + ) + wrapper.compile() + return wrapper.run() + + +def main(): + # Initialize argparse + parser = argparse.ArgumentParser(description="KLEEF single-file runner") + parser.add_argument( + "source", help="klee-out directory to parse", nargs="?", default=None + ) + parser.add_argument("--version", help="print version of klee", action="store_true") + parser.add_argument("--32", help="Compile 32bit binaries", action="store_true") + parser.add_argument("--64", help="Compile 64bit binaries", action="store_true") + parser.add_argument( + "--error-only", help="Focus on searching errors", action="store_true" + ) + parser.add_argument( + "--perf", help="Measure speed with perf", action="store_true", default=False + ) + parser.add_argument( + "--valgrind", + help="Measure memory with valgrind", + action="store_true", + default=False, + ) + parser.add_argument( + "--coverage-only", help="Focus on coverage", action="store_true" + ) + parser.add_argument( + "--max-memory", help="Maximum memory in byte ", type=int, default=2000 + ) + parser.add_argument("--max-time", help="Maximum time in s", type=int, default=0) + parser.add_argument( + "--max-walltime", help="Maximum walltime in s", type=int, default=0 + ) + parser.add_argument( + "--max-cputime-soft", help="Maximum cputime in s (soft)", type=int, default=0 + ) + parser.add_argument( + "--max-cputime-hard", help="Maximum cputime in s (hard)", type=int, default=0 + ) + parser.add_argument( + "--property-file", + help="Property file for test goal description", + type=str, + default=None, + ) + args = parser.parse_args() + run(args) + + +if __name__ == "__main__": + main() diff --git a/test/Industry/btor2c-lazyMod.mul6.c b/test/Industry/btor2c-lazyMod.mul6.c new file mode 100644 index 0000000000..0a1b1dcd5e --- /dev/null +++ b/test/Industry/btor2c-lazyMod.mul6.c @@ -0,0 +1,260 @@ +// It requires Z3 because the script currently runs with Z3 solver backend +//REQUIRES: z3 +//RUN: %kleef --property-file=%S/coverage-error-call.prp --max-memory=7000000000 --max-cputime-soft=30 --64 %s 2>&1 | FileCheck %s +//CHECK: KLEE: WARNING: 100.00% Reachable Reachable + +// This file is part of the SV-Benchmarks collection of verification tasks: +// https://gitlab.com/sosy-lab/benchmarking/sv-benchmarks +// +// SPDX-FileCopyrightText: 2020 Aman Goel +// SPDX-FileCopyrightText: 2022 The SV-Benchmarks Community +// +// SPDX-License-Identifier: GPL-3.0-or-later + +// This C program is converted from Btor2 by Btor2C version bfcfb8b +// with arguments: { architecture=64, lazy_modulo=true, use_memmove=false, unroll_inner_loops=false, shortest_type=true, diff_type=true, decimal_constant=true, zero_init=false, sra_extend_sign=true } +// Comments from the original Btor2 file: +// ; source: https://github.com/aman-goel/avr/tree/92362931700b66684418a991d018c9fbdbebc06f/tests +// ; BTOR description generated by Yosys 0.9+431 (git sha1 4a3b5437, clang 4.0.1-6 -fPIC -Os) for module main. +extern void abort(void); +void reach_error() {} +extern unsigned char __VERIFIER_nondet_uchar(); +extern unsigned short __VERIFIER_nondet_ushort(); +extern unsigned int __VERIFIER_nondet_uint(); +extern unsigned long __VERIFIER_nondet_ulong(); +extern unsigned __int128 __VERIFIER_nondet_uint128(); +void __VERIFIER_assert(int cond) { if (!(cond)) { ERROR: { reach_error(); abort(); } } } +void assume_abort_if_not(int cond) { if (!cond) { abort(); } } +int main() { + // Defining sorts ... + typedef unsigned char SORT_1; // BV with 1 bits + const SORT_1 mask_SORT_1 = (SORT_1)-1 >> (sizeof(SORT_1) * 8 - 1); + const SORT_1 msb_SORT_1 = (SORT_1)1 << (1 - 1); + typedef unsigned long SORT_5; // BV with 64 bits + const SORT_5 mask_SORT_5 = (SORT_5)-1 >> (sizeof(SORT_5) * 8 - 64); + const SORT_5 msb_SORT_5 = (SORT_5)1 << (64 - 1); + typedef unsigned short SORT_8; // BV with 10 bits + const SORT_8 mask_SORT_8 = (SORT_8)-1 >> (sizeof(SORT_8) * 8 - 10); + const SORT_8 msb_SORT_8 = (SORT_8)1 << (10 - 1); + typedef unsigned __int128 SORT_14; // BV with 128 bits + const SORT_14 mask_SORT_14 = (SORT_14)-1 >> (sizeof(SORT_14) * 8 - 128); + const SORT_14 msb_SORT_14 = (SORT_14)1 << (128 - 1); + typedef unsigned int SORT_57; // BV with 32 bits + const SORT_57 mask_SORT_57 = (SORT_57)-1 >> (sizeof(SORT_57) * 8 - 32); + const SORT_57 msb_SORT_57 = (SORT_57)1 << (32 - 1); + // Initializing constants ... + const SORT_1 var_10 = 0; + const SORT_14 var_15 = 0; + const SORT_1 var_24 = 1; + const SORT_5 var_28 = 0; + const SORT_8 var_35 = 0; + const SORT_57 var_58 = 1; + const SORT_57 var_62 = 1000; + const SORT_5 var_64 = 9223372036854775807; + const SORT_5 var_67 = 12245771; + // Collecting input declarations ... + SORT_1 input_2; + SORT_1 input_3; + SORT_1 input_4; + SORT_5 input_6; + SORT_5 input_7; + SORT_8 input_9; + // Collecting state declarations ... + SORT_1 state_11 = __VERIFIER_nondet_uchar() & mask_SORT_1; + SORT_14 state_16 = __VERIFIER_nondet_uint128() & mask_SORT_14; + SORT_14 state_18 = __VERIFIER_nondet_uint128() & mask_SORT_14; + SORT_5 state_29 = __VERIFIER_nondet_ulong() & mask_SORT_5; + SORT_5 state_31 = __VERIFIER_nondet_ulong() & mask_SORT_5; + SORT_8 state_36 = __VERIFIER_nondet_ushort() & mask_SORT_8; + SORT_1 state_38 = __VERIFIER_nondet_uchar() & mask_SORT_1; + SORT_1 state_40 = __VERIFIER_nondet_uchar() & mask_SORT_1; + SORT_5 state_42 = __VERIFIER_nondet_ulong() & mask_SORT_5; + SORT_5 state_44 = __VERIFIER_nondet_ulong() & mask_SORT_5; + // Initializing states ... + SORT_1 init_12_arg_1 = var_10; + state_11 = init_12_arg_1; + SORT_14 init_17_arg_1 = var_15; + state_16 = init_17_arg_1; + SORT_14 init_19_arg_1 = var_15; + state_18 = init_19_arg_1; + SORT_5 init_30_arg_1 = var_28; + state_29 = init_30_arg_1; + SORT_5 init_32_arg_1 = var_28; + state_31 = init_32_arg_1; + SORT_8 init_37_arg_1 = var_35; + state_36 = init_37_arg_1; + SORT_1 init_39_arg_1 = var_24; + state_38 = init_39_arg_1; + SORT_1 init_41_arg_1 = var_24; + state_40 = init_41_arg_1; + SORT_5 init_43_arg_1 = var_28; + state_42 = init_43_arg_1; + SORT_5 init_45_arg_1 = var_28; + state_44 = init_45_arg_1; + for (;;) { + // Getting external input values ... + input_2 = __VERIFIER_nondet_uchar(); + input_3 = __VERIFIER_nondet_uchar(); + input_3 = input_3 & mask_SORT_1; + input_4 = __VERIFIER_nondet_uchar(); + input_4 = input_4 & mask_SORT_1; + input_6 = __VERIFIER_nondet_ulong(); + input_6 = input_6 & mask_SORT_5; + input_7 = __VERIFIER_nondet_ulong(); + input_7 = input_7 & mask_SORT_5; + input_9 = __VERIFIER_nondet_ushort(); + // Assuming invariants ... + // Asserting properties ... + SORT_1 var_13_arg_0 = state_11; + SORT_1 var_13 = ~var_13_arg_0; + SORT_14 var_20_arg_0 = state_16; + SORT_14 var_20_arg_1 = state_18; + SORT_1 var_20 = var_20_arg_0 == var_20_arg_1; + SORT_1 var_21_arg_0 = var_13; + SORT_1 var_21_arg_1 = var_20; + SORT_1 var_21 = var_21_arg_0 | var_21_arg_1; + SORT_1 var_25_arg_0 = var_21; + SORT_1 var_25 = ~var_25_arg_0; + SORT_1 var_26_arg_0 = var_24; + SORT_1 var_26_arg_1 = var_25; + SORT_1 var_26 = var_26_arg_0 & var_26_arg_1; + var_26 = var_26 & mask_SORT_1; + SORT_1 bad_27_arg_0 = var_26; + __VERIFIER_assert(!(bad_27_arg_0)); + // Computing next states ... + SORT_1 next_51_arg_1 = var_24; + SORT_1 var_33_arg_0 = state_11; + SORT_1 var_33 = ~var_33_arg_0; + var_33 = var_33 & mask_SORT_1; + SORT_5 var_52_arg_0 = state_29; + var_52_arg_0 = var_52_arg_0 & mask_SORT_5; + SORT_14 var_52 = var_52_arg_0; + SORT_5 var_53_arg_0 = state_31; + var_53_arg_0 = var_53_arg_0 & mask_SORT_5; + SORT_14 var_53 = var_53_arg_0; + SORT_14 var_54_arg_0 = var_52; + SORT_14 var_54_arg_1 = var_53; + SORT_14 var_54 = var_54_arg_0 * var_54_arg_1; + SORT_1 var_55_arg_0 = var_33; + SORT_14 var_55_arg_1 = var_15; + SORT_14 var_55_arg_2 = var_54; + SORT_14 var_55 = var_55_arg_0 ? var_55_arg_1 : var_55_arg_2; + var_55 = var_55 & mask_SORT_14; + SORT_14 next_56_arg_1 = var_55; + SORT_1 var_71_arg_0 = state_38; + SORT_1 var_71_arg_1 = state_40; + SORT_1 var_71 = var_71_arg_0 | var_71_arg_1; + var_71 = var_71 & mask_SORT_1; + SORT_8 var_61_arg_0 = state_36; + var_61_arg_0 = var_61_arg_0 & mask_SORT_8; + SORT_57 var_61 = var_61_arg_0; + SORT_57 var_63_arg_0 = var_61; + SORT_57 var_63_arg_1 = var_62; + SORT_1 var_63 = var_63_arg_0 > var_63_arg_1; + SORT_5 var_65_arg_0 = input_6; + SORT_5 var_65_arg_1 = var_64; + SORT_1 var_65 = var_65_arg_0 == var_65_arg_1; + SORT_1 var_66_arg_0 = var_63; + SORT_1 var_66_arg_1 = var_65; + SORT_1 var_66 = var_66_arg_0 & var_66_arg_1; + SORT_5 var_68_arg_0 = input_7; + SORT_5 var_68_arg_1 = var_67; + SORT_1 var_68 = var_68_arg_0 == var_68_arg_1; + SORT_1 var_69_arg_0 = var_66; + SORT_1 var_69_arg_1 = var_68; + SORT_1 var_69 = var_69_arg_0 & var_69_arg_1; + var_69 = var_69 & mask_SORT_1; + SORT_5 var_46_arg_0 = state_42; + var_46_arg_0 = var_46_arg_0 & mask_SORT_5; + SORT_14 var_46 = var_46_arg_0; + SORT_5 var_47_arg_0 = state_44; + var_47_arg_0 = var_47_arg_0 & mask_SORT_5; + SORT_14 var_47 = var_47_arg_0; + SORT_14 var_48_arg_0 = var_46; + SORT_14 var_48_arg_1 = var_47; + SORT_14 var_48 = var_48_arg_0 * var_48_arg_1; + SORT_57 var_59_arg_0 = var_58; + var_59_arg_0 = var_59_arg_0 & mask_SORT_57; + SORT_14 var_59 = var_59_arg_0; + SORT_14 var_60_arg_0 = var_48; + SORT_14 var_60_arg_1 = var_59; + SORT_14 var_60 = var_60_arg_0 + var_60_arg_1; + SORT_1 var_70_arg_0 = var_69; + SORT_14 var_70_arg_1 = var_60; + SORT_14 var_70_arg_2 = var_48; + SORT_14 var_70 = var_70_arg_0 ? var_70_arg_1 : var_70_arg_2; + SORT_1 var_72_arg_0 = var_71; + SORT_14 var_72_arg_1 = var_70; + SORT_14 var_72_arg_2 = state_18; + SORT_14 var_72 = var_72_arg_0 ? var_72_arg_1 : var_72_arg_2; + SORT_1 var_73_arg_0 = var_33; + SORT_14 var_73_arg_1 = var_15; + SORT_14 var_73_arg_2 = var_72; + SORT_14 var_73 = var_73_arg_0 ? var_73_arg_1 : var_73_arg_2; + var_73 = var_73 & mask_SORT_14; + SORT_14 next_74_arg_1 = var_73; + SORT_1 var_75_arg_0 = input_3; + SORT_5 var_75_arg_1 = input_6; + SORT_5 var_75_arg_2 = state_29; + SORT_5 var_75 = var_75_arg_0 ? var_75_arg_1 : var_75_arg_2; + SORT_1 var_76_arg_0 = var_33; + SORT_5 var_76_arg_1 = var_28; + SORT_5 var_76_arg_2 = var_75; + SORT_5 var_76 = var_76_arg_0 ? var_76_arg_1 : var_76_arg_2; + SORT_5 next_77_arg_1 = var_76; + SORT_1 var_78_arg_0 = input_4; + SORT_5 var_78_arg_1 = input_7; + SORT_5 var_78_arg_2 = state_31; + SORT_5 var_78 = var_78_arg_0 ? var_78_arg_1 : var_78_arg_2; + SORT_1 var_79_arg_0 = var_33; + SORT_5 var_79_arg_1 = var_28; + SORT_5 var_79_arg_2 = var_78; + SORT_5 var_79 = var_79_arg_0 ? var_79_arg_1 : var_79_arg_2; + SORT_5 next_80_arg_1 = var_79; + SORT_1 var_81_arg_0 = var_33; + SORT_8 var_81_arg_1 = input_9; + SORT_8 var_81_arg_2 = state_36; + SORT_8 var_81 = var_81_arg_0 ? var_81_arg_1 : var_81_arg_2; + SORT_8 next_82_arg_1 = var_81; + SORT_1 var_83_arg_0 = var_33; + SORT_1 var_83_arg_1 = var_24; + SORT_1 var_83_arg_2 = input_3; + SORT_1 var_83 = var_83_arg_0 ? var_83_arg_1 : var_83_arg_2; + SORT_1 next_84_arg_1 = var_83; + SORT_1 var_85_arg_0 = var_33; + SORT_1 var_85_arg_1 = var_24; + SORT_1 var_85_arg_2 = input_4; + SORT_1 var_85 = var_85_arg_0 ? var_85_arg_1 : var_85_arg_2; + SORT_1 next_86_arg_1 = var_85; + SORT_1 var_87_arg_0 = input_3; + SORT_5 var_87_arg_1 = input_6; + SORT_5 var_87_arg_2 = state_42; + SORT_5 var_87 = var_87_arg_0 ? var_87_arg_1 : var_87_arg_2; + SORT_1 var_88_arg_0 = var_33; + SORT_5 var_88_arg_1 = var_28; + SORT_5 var_88_arg_2 = var_87; + SORT_5 var_88 = var_88_arg_0 ? var_88_arg_1 : var_88_arg_2; + SORT_5 next_89_arg_1 = var_88; + SORT_1 var_90_arg_0 = input_4; + SORT_5 var_90_arg_1 = input_7; + SORT_5 var_90_arg_2 = state_44; + SORT_5 var_90 = var_90_arg_0 ? var_90_arg_1 : var_90_arg_2; + SORT_1 var_91_arg_0 = var_33; + SORT_5 var_91_arg_1 = var_28; + SORT_5 var_91_arg_2 = var_90; + SORT_5 var_91 = var_91_arg_0 ? var_91_arg_1 : var_91_arg_2; + SORT_5 next_92_arg_1 = var_91; + // Assigning next states ... + state_11 = next_51_arg_1; + state_16 = next_56_arg_1; + state_18 = next_74_arg_1; + state_29 = next_77_arg_1; + state_31 = next_80_arg_1; + state_36 = next_82_arg_1; + state_38 = next_84_arg_1; + state_40 = next_86_arg_1; + state_42 = next_89_arg_1; + state_44 = next_92_arg_1; + } + return 0; +} diff --git a/test/Industry/coverage-error-call.prp b/test/Industry/coverage-error-call.prp new file mode 100644 index 0000000000..496ed998fa --- /dev/null +++ b/test/Industry/coverage-error-call.prp @@ -0,0 +1,2 @@ +COVER( init(main()), FQL(COVER EDGES(@CALL(reach_error))) ) + diff --git a/tools/klee/CMakeLists.txt b/tools/klee/CMakeLists.txt index cabdfdfcbd..5d63f93901 100644 --- a/tools/klee/CMakeLists.txt +++ b/tools/klee/CMakeLists.txt @@ -20,6 +20,9 @@ target_compile_options(klee PRIVATE ${KLEE_COMPONENT_CXX_FLAGS}) target_compile_definitions(klee PRIVATE ${KLEE_COMPONENT_CXX_DEFINES}) +# Copy run script +configure_file(${CMAKE_SOURCE_DIR}/scripts/kleef ${CMAKE_BINARY_DIR}/bin/kleef COPYONLY) + install(TARGETS klee RUNTIME DESTINATION bin) # The KLEE binary depends on the runtimes