├── .gitignore ├── Dockerfile ├── INSTALL.md ├── Makefile.common ├── README.md ├── include ├── tpot_annotations.h ├── tpot_malloc.h └── tpot_primitives.h ├── klee-2.3 ├── .cirrus.yml ├── .codecov.yml ├── .dockerignore ├── .gitattributes ├── .github │ ├── ISSUE_TEMPLATE │ │ ├── bug_report.md │ │ ├── feature_request.md │ │ └── question.md │ ├── pull_request_template.md │ └── workflows │ │ └── build.yaml ├── .gitignore ├── CMakeLists.txt ├── Dockerfile ├── LICENSE.TXT ├── NEWS ├── README-CMake.md ├── README.md ├── cmake │ ├── GetGitRevisionDescription.cmake │ ├── GetGitRevisionDescription.cmake.in │ ├── add_global_flag.cmake │ ├── c_flags_override.cmake │ ├── cmake_uninstall.cmake.in │ ├── compile_bitcode_library.cmake │ ├── compiler_warnings.cmake │ ├── cxx_flags_override.cmake │ ├── find_bitcode_compiler.cmake │ ├── find_llvm.cmake │ ├── find_metasmt.cmake │ ├── find_stp.cmake │ ├── find_z3.cmake │ ├── klee_add_component.cmake │ ├── klee_component_add_cxx_flag.cmake │ ├── modules │ │ ├── FindSQLite3.cmake │ │ └── FindZ3.cmake │ ├── string_to_list.cmake │ └── workaround_llvm_pr39177.cmake ├── docs │ ├── CMakeLists.txt │ ├── SMT-COMP │ │ ├── BitVector_ArraysEx.smt │ │ ├── BitVectors.smt │ │ ├── QF_AUFBV.smt │ │ └── QF_BV.smt │ ├── doxygen.cfg.in │ ├── intro │ └── overview ├── examples │ ├── get_sign │ │ └── get_sign.c │ ├── regexp │ │ ├── Regexp.c │ │ └── notes.txt │ └── sort │ │ └── sort.c ├── include │ └── klee │ │ ├── ADT │ │ ├── BitArray.h │ │ ├── Bits.h │ │ ├── DiscretePDF.h │ │ ├── DiscretePDF.inc │ │ ├── ImmutableMap.h │ │ ├── ImmutableSet.h │ │ ├── ImmutableTree.h │ │ ├── KTest.h │ │ ├── MapOfSets.h │ │ ├── RNG.h │ │ ├── Ref.h │ │ └── TreeStream.h │ │ ├── Config │ │ ├── CompileTimeInfo.h.cmin │ │ ├── Version.h │ │ └── config.h.cmin │ │ ├── Core │ │ ├── BranchTypes.h │ │ ├── Interpreter.h │ │ └── TerminationTypes.h │ │ ├── Expr │ │ ├── ArrayCache.h │ │ ├── ArrayExprHash.h │ │ ├── ArrayExprOptimizer.h │ │ ├── ArrayExprRewriter.h │ │ ├── ArrayExprVisitor.h │ │ ├── Assignment.h │ │ ├── AssignmentGenerator.h │ │ ├── Constraints.h │ │ ├── Expr.h │ │ ├── ExprBuilder.h │ │ ├── ExprEvaluator.h │ │ ├── ExprHashMap.h │ │ ├── ExprPPrinter.h │ │ ├── ExprRangeEvaluator.h │ │ ├── ExprSMTLIBPrinter.h │ │ ├── ExprUtil.h │ │ ├── ExprVisitor.h │ │ └── Parser │ │ │ ├── Lexer.h │ │ │ └── Parser.h │ │ ├── Module │ │ ├── Cell.h │ │ ├── InstructionInfoTable.h │ │ ├── KInstIterator.h │ │ ├── KInstruction.h │ │ └── KModule.h │ │ ├── Solver │ │ ├── Common.h │ │ ├── IncompleteSolver.h │ │ ├── Solver.h │ │ ├── SolverCmdLine.h │ │ ├── SolverImpl.h │ │ └── SolverStats.h │ │ ├── Statistics │ │ ├── Statistic.h │ │ ├── Statistics.h │ │ └── TimerStatIncrementer.h │ │ ├── Support │ │ ├── Casting.h │ │ ├── CompressionStream.h │ │ ├── Debug.h │ │ ├── ErrorHandling.h │ │ ├── FileHandling.h │ │ ├── FloatEvaluation.h │ │ ├── IntEvaluation.h │ │ ├── ModuleUtil.h │ │ ├── OptionCategories.h │ │ ├── PrintContext.h │ │ ├── PrintVersion.h │ │ └── Timer.h │ │ ├── System │ │ ├── MemoryUsage.h │ │ └── Time.h │ │ └── klee.h ├── lib │ ├── Basic │ │ ├── CMakeLists.txt │ │ ├── KTest.cpp │ │ ├── README.txt │ │ └── Statistics.cpp │ ├── CMakeLists.txt │ ├── Core │ │ ├── AddressSpace.cpp │ │ ├── AddressSpace.h │ │ ├── CMakeLists.txt │ │ ├── CallPathManager.cpp │ │ ├── CallPathManager.h │ │ ├── Context.cpp │ │ ├── Context.h │ │ ├── CoreStats.cpp │ │ ├── CoreStats.h │ │ ├── ExecutionState.cpp │ │ ├── ExecutionState.h │ │ ├── Executor.cpp │ │ ├── Executor.h │ │ ├── ExecutorUtil.cpp │ │ ├── ExternalDispatcher.cpp │ │ ├── ExternalDispatcher.h │ │ ├── GetElementPtrTypeIterator.h │ │ ├── ImpliedValue.cpp │ │ ├── ImpliedValue.h │ │ ├── Memory.cpp │ │ ├── Memory.h │ │ ├── MemoryManager.cpp │ │ ├── MemoryManager.h │ │ ├── MergeHandler.cpp │ │ ├── MergeHandler.h │ │ ├── PTree.cpp │ │ ├── PTree.h │ │ ├── Searcher.cpp │ │ ├── Searcher.h │ │ ├── SeedInfo.cpp │ │ ├── SeedInfo.h │ │ ├── SpecialFunctionHandler.cpp │ │ ├── SpecialFunctionHandler.h │ │ ├── StatsTracker.cpp │ │ ├── StatsTracker.h │ │ ├── TimingSolver.cpp │ │ ├── TimingSolver.h │ │ ├── UserSearcher.cpp │ │ └── UserSearcher.h │ ├── Expr │ │ ├── ArrayCache.cpp │ │ ├── ArrayExprOptimizer.cpp │ │ ├── ArrayExprRewriter.cpp │ │ ├── ArrayExprVisitor.cpp │ │ ├── Assignment.cpp │ │ ├── AssignmentGenerator.cpp │ │ ├── CMakeLists.txt │ │ ├── Constraints.cpp │ │ ├── Expr.cpp │ │ ├── ExprBuilder.cpp │ │ ├── ExprEvaluator.cpp │ │ ├── ExprPPrinter.cpp │ │ ├── ExprSMTLIBPrinter.cpp │ │ ├── ExprUtil.cpp │ │ ├── ExprVisitor.cpp │ │ ├── Lexer.cpp │ │ ├── Parser.cpp │ │ └── Updates.cpp │ ├── Module │ │ ├── CMakeLists.txt │ │ ├── Checks.cpp │ │ ├── FunctionAlias.cpp │ │ ├── InstructionInfoTable.cpp │ │ ├── InstructionOperandTypeCheckPass.cpp │ │ ├── IntrinsicCleaner.cpp │ │ ├── KInstruction.cpp │ │ ├── KLEEIRMetaData.h │ │ ├── KModule.cpp │ │ ├── LowerSwitch.cpp │ │ ├── ModuleUtil.cpp │ │ ├── OptNone.cpp │ │ ├── Optimize.cpp │ │ ├── Passes.h │ │ ├── PhiCleaner.cpp │ │ ├── RaiseAsm.cpp │ │ └── WorkaroundLLVMPR39177.cpp │ ├── README.txt │ ├── Solver │ │ ├── AssignmentValidatingSolver.cpp │ │ ├── CMakeLists.txt │ │ ├── CachingSolver.cpp │ │ ├── CexCachingSolver.cpp │ │ ├── ConstantDivision.cpp │ │ ├── ConstantDivision.h │ │ ├── ConstructSolverChain.cpp │ │ ├── CoreSolver.cpp │ │ ├── DummySolver.cpp │ │ ├── FastCexSolver.cpp │ │ ├── IncompleteSolver.cpp │ │ ├── IndependentSolver.cpp │ │ ├── KQueryLoggingSolver.cpp │ │ ├── MetaSMTBuilder.h │ │ ├── MetaSMTSolver.cpp │ │ ├── MetaSMTSolver.h │ │ ├── QueryLoggingSolver.cpp │ │ ├── QueryLoggingSolver.h │ │ ├── SMTLIBLoggingSolver.cpp │ │ ├── STPBuilder.cpp │ │ ├── STPBuilder.h │ │ ├── STPSolver.cpp │ │ ├── STPSolver.h │ │ ├── Solver.cpp │ │ ├── SolverCmdLine.cpp │ │ ├── SolverImpl.cpp │ │ ├── SolverStats.cpp │ │ ├── SytZ3Dumper.cpp │ │ ├── SytZ3Dumper.h │ │ ├── ValidatingSolver.cpp │ │ ├── Z3Builder.cpp │ │ ├── Z3Builder.h │ │ ├── Z3Solver.cpp │ │ └── Z3Solver.h │ └── Support │ │ ├── CMakeLists.txt │ │ ├── CompressionStream.cpp │ │ ├── ErrorHandling.cpp │ │ ├── FileHandling.cpp │ │ ├── MemoryUsage.cpp │ │ ├── PrintVersion.cpp │ │ ├── README.txt │ │ ├── RNG.cpp │ │ ├── Time.cpp │ │ ├── Timer.cpp │ │ └── TreeStream.cpp ├── runtime │ ├── CMakeLists.txt │ ├── Fortify │ │ ├── CMakeLists.txt │ │ └── fortify.c │ ├── Freestanding │ │ ├── CMakeLists.txt │ │ ├── fortify-fs.c │ │ ├── memcmp.c │ │ ├── memcpy.c │ │ ├── memmove.c │ │ └── memset.c │ ├── Intrinsic │ │ ├── CMakeLists.txt │ │ ├── dso_handle.c │ │ ├── klee_choose.c │ │ ├── klee_div_zero_check.c │ │ ├── klee_int.c │ │ ├── klee_is_replay.c │ │ ├── klee_overshift_check.c │ │ └── klee_range.c │ ├── POSIX │ │ ├── CMakeLists.txt │ │ ├── FreeBSD.h │ │ ├── fd.c │ │ ├── fd.h │ │ ├── fd_32.c │ │ ├── fd_64.c │ │ ├── fd_init.c │ │ ├── illegal.c │ │ ├── klee_init_env.c │ │ ├── misc.c │ │ ├── selinux.c │ │ └── stubs.c │ ├── Runtest │ │ ├── CMakeLists.txt │ │ └── intrinsics.c │ ├── klee-eh-cxx │ │ ├── CMakeLists.txt │ │ └── klee_eh_cxx.cpp │ └── klee-libc │ │ ├── CMakeLists.txt │ │ ├── __cxa_atexit.c │ │ ├── abort.c │ │ ├── atexit.c │ │ ├── atoi.c │ │ ├── bcmp.c │ │ ├── calloc.c │ │ ├── fortify-klibc.c │ │ ├── htonl.c │ │ ├── memchr.c │ │ ├── mempcpy.c │ │ ├── putchar.c │ │ ├── stpcpy.c │ │ ├── strcat.c │ │ ├── strchr.c │ │ ├── strcmp.c │ │ ├── strcoll.c │ │ ├── strcpy.c │ │ ├── strlen.c │ │ ├── strncmp.c │ │ ├── strncpy.c │ │ ├── strrchr.c │ │ ├── strtol.c │ │ ├── strtoul.c │ │ ├── tolower.c │ │ └── toupper.c ├── scripts │ ├── IStatsMerge.py │ ├── IStatsSum.py │ ├── build │ │ ├── build-ci-container.py │ │ ├── build.sh │ │ ├── common-functions │ │ ├── d-klee-linux-ubuntu.inc │ │ ├── p-clang-linux-ubuntu.inc │ │ ├── p-clang-linux.inc │ │ ├── p-clang-osx.inc │ │ ├── p-cmake-linux-ubuntu.inc │ │ ├── p-cmake-osx.inc │ │ ├── p-gtest-linux-ubuntu.inc │ │ ├── p-gtest-osx.inc │ │ ├── p-gtest.inc │ │ ├── p-klee-linux-ubuntu.inc │ │ ├── p-klee-osx.inc │ │ ├── p-klee.inc │ │ ├── p-libcxx-linux-ubuntu.inc │ │ ├── p-libcxx-osx.inc │ │ ├── p-libcxx.inc │ │ ├── p-llvm-linux-ubuntu.inc │ │ ├── p-llvm-osx.inc │ │ ├── p-llvm.inc │ │ ├── p-metasmt-linux-ubuntu.inc │ │ ├── p-metasmt.inc │ │ ├── p-sanitizer-linux-ubuntu.inc │ │ ├── p-sanitizer-linux.inc │ │ ├── p-sqlite-linux-ubuntu.inc │ │ ├── p-sqlite-osx.inc │ │ ├── p-sqlite.inc │ │ ├── p-stp-linux-ubuntu.inc │ │ ├── p-stp-osx.inc │ │ ├── p-stp.inc │ │ ├── p-tcmalloc-linux-ubuntu.inc │ │ ├── p-tcmalloc.inc │ │ ├── p-uclibc-linux-ubuntu.inc │ │ ├── p-uclibc.inc │ │ ├── p-z3-linux-ubuntu.inc │ │ ├── p-z3-osx.inc │ │ ├── p-z3.inc │ │ ├── patches │ │ │ ├── llvm110.patch │ │ │ ├── llvm60.patch │ │ │ ├── llvm70.patch │ │ │ ├── llvm80.patch │ │ │ └── llvm90.patch │ │ ├── run-tests.sh │ │ ├── v-clang.inc │ │ ├── v-cmake.inc │ │ ├── v-gtest.inc │ │ ├── v-klee.inc │ │ ├── v-libcxx.inc │ │ ├── v-llvm.inc │ │ ├── v-metasmt.inc │ │ ├── v-sanitizer.inc │ │ ├── v-sanitizer_compiler.inc │ │ ├── v-solvers.inc │ │ ├── v-sqlite.inc │ │ ├── v-stp.inc │ │ ├── v-tcmalloc.inc │ │ ├── v-uclibc.inc │ │ └── v-z3.inc │ ├── genTempFiles.sh │ ├── klee-chroot-env │ ├── klee-control │ └── objdump ├── test │ ├── ArrayOpt │ │ ├── test-mix.c │ │ ├── test_and.c │ │ ├── test_array_index_array.c │ │ ├── test_array_index_array_diffsize.c │ │ ├── test_cache.c │ │ ├── test_const_arr-idx.c │ │ ├── test_expr_arbitrary.c │ │ ├── test_expr_complex.c │ │ ├── test_expr_mul.c │ │ ├── test_expr_simple.c │ │ ├── test_feasible.c │ │ ├── test_hybrid.c │ │ ├── test_mixed_hole.c │ │ ├── test_multindex.c │ │ ├── test_new.c │ │ ├── test_nier.c │ │ ├── test_noncontiguous_idx.c │ │ ├── test_position.c │ │ ├── test_sub_idx.c │ │ ├── test_update_list_order.c │ │ └── test_var_idx.c │ ├── CMakeLists.txt │ ├── CXX │ │ ├── ArrayNew.cpp │ │ ├── LandingPad.cpp │ │ ├── New.cpp │ │ ├── SimpleVirtual.cpp │ │ ├── StaticConstructor.cpp │ │ ├── StaticDestructor.cpp │ │ ├── Trivial.cpp │ │ └── symex │ │ │ ├── basic_c++ │ │ │ ├── diamond.cpp │ │ │ ├── inheritance.cpp │ │ │ ├── lambda.cpp │ │ │ ├── namespace.cpp │ │ │ ├── reinterpret_cast.cpp │ │ │ ├── simple.cpp │ │ │ ├── templates.cpp │ │ │ └── virtual.cpp │ │ │ └── libc++ │ │ │ ├── atexit.cpp │ │ │ ├── can_catch_test.cpp │ │ │ ├── catch_recover.cpp │ │ │ ├── catch_with_adjusted_exception_pointer.cpp │ │ │ ├── cout.cpp │ │ │ ├── cout_sym.cpp │ │ │ ├── dynamic_cast.cpp │ │ │ ├── exception.cpp │ │ │ ├── exception_inheritance.cpp │ │ │ ├── general_catch.cpp │ │ │ ├── landingpad.cpp │ │ │ ├── multi_throw.cpp │ │ │ ├── multi_unwind.cpp │ │ │ ├── nested.cpp │ │ │ ├── nested_fail.cpp │ │ │ ├── rethrow.cpp │ │ │ ├── simple_exception.cpp │ │ │ ├── simple_exception_fail.cpp │ │ │ ├── symbolic_exception.cpp │ │ │ ├── throw_specifiers.cpp │ │ │ ├── throwing_exception_destructor.cpp │ │ │ ├── uncaught_exception.cpp │ │ │ └── vector.cpp │ ├── Concrete │ │ ├── CMakeLists.txt │ │ ├── ConcreteTest.py │ │ ├── Makefile.cmake.test.in │ │ ├── README.txt │ │ ├── _testingUtils.c │ │ └── ackermann.c │ ├── Coverage │ │ ├── ReadArgs.c │ │ └── ReplayOutDir.c │ ├── Dogfood │ │ └── ImmutableSet.cpp │ ├── Expr │ │ ├── Evaluate.kquery │ │ ├── Evaluate2.kquery │ │ ├── Lexer │ │ │ └── Numbers.kquery │ │ ├── Parser │ │ │ ├── Concat64.kquery │ │ │ ├── ConstantFolding.kquery │ │ │ ├── Exprs.kquery │ │ │ ├── MultiByteReads.kquery │ │ │ ├── Simplify.kquery │ │ │ └── TypeChecking.kquery │ │ ├── ReadExprConsistency.c │ │ ├── print-smt-let.kquery │ │ ├── print-smt-let.smt2.good │ │ ├── print-smt-named.kquery │ │ ├── print-smt-named.smt2.good │ │ ├── print-smt-none.kquery │ │ └── print-smt-none.smt2.good │ ├── Feature │ │ ├── AddressOfLabels.c │ │ ├── AddressOfLabelsSymbolic.c │ │ ├── Alias.c │ │ ├── Atomic.c │ │ ├── BFSSearcher.c │ │ ├── BFSSearcherAndDFSSearcherInterleaved.c │ │ ├── ByteSwap.c │ │ ├── CallToUndefinedExternal.cpp │ │ ├── CheckForImpliedValue.c.failing │ │ ├── CheckMemoryAccess.c │ │ ├── CompressedExprLogging.c │ │ ├── CopyOnWrite.c │ │ ├── DanglingConcreteReadExpr.c │ │ ├── DefineFixedObject.c │ │ ├── DeterministicSwitch.c │ │ ├── DivCheck.c │ │ ├── DoubleFree.c │ │ ├── DumpStatesOnHalt.c │ │ ├── EntryPoint.c │ │ ├── Envp.c │ │ ├── EscapingFunctions.c │ │ ├── EscapingFunctionsAlias.c │ │ ├── ExitOnErrorType.c │ │ ├── ExprLogging.c │ │ ├── ExternalWeakLinkage.c │ │ ├── Float.c │ │ ├── FloatingPt.c │ │ ├── FunctionAlias.c │ │ ├── FunctionAliasExit.c │ │ ├── FunctionAliasVarArg.c │ │ ├── FunctionPointer.c │ │ ├── GetValue.c │ │ ├── ImpliedValue.c.failing │ │ ├── InAndOutOfBounds.c │ │ ├── IndirectCallToBuiltin.c │ │ ├── IndirectCallToExternal.c │ │ ├── InvalidBitfieldAccess.c.failing │ │ ├── IsSymbolic.c │ │ ├── KleeReportError.c │ │ ├── KleeStats.c │ │ ├── KleeStatsColumns.test │ │ ├── KleeStatsCsv.test │ │ ├── KleeStatsEmpty.test │ │ ├── KleeStatsNoBr.c │ │ ├── LargeReturnTypes.cpp │ │ ├── LinkLLVMLib.c │ │ ├── LoggingInstructions.c │ │ ├── LongDouble.c │ │ ├── LongDoubleSupport.c │ │ ├── LowerSwitch.c │ │ ├── MakeConcreteSymbolic.c │ │ ├── MakeSymbolicAPI.c │ │ ├── MakeSymbolicName.c │ │ ├── MaxStaticForkPct.c │ │ ├── Memalign.c │ │ ├── MemoryLimit.c │ │ ├── MultiMkSym.c │ │ ├── MultipleFreeResolution.c │ │ ├── MultipleReadResolution.c │ │ ├── MultipleReallocResolution.c │ │ ├── MultipleWriteResolution.c │ │ ├── NamedSeedMatching.c │ │ ├── NoExternalCallsAllowed.c │ │ ├── NonSizedGlobals.c │ │ ├── OneFreeError.c │ │ ├── OneOutOfBounds.c │ │ ├── Optimize.c │ │ ├── OverlappedError.c │ │ ├── OvershiftCheck.c │ │ ├── PreferCex.c │ │ ├── RaiseAsm.c │ │ ├── ReadStringAtAddress.c │ │ ├── Realloc.c │ │ ├── ReplayPath.c │ │ ├── RewriteEqualities.c │ │ ├── Searchers.c │ │ ├── SetForking.c │ │ ├── ShiftCheck.c │ │ ├── SilentKleeAssume.c │ │ ├── SolverTimeout.c │ │ ├── SourceMapping.c │ │ ├── StackOverflow.c │ │ ├── TargetMismatch.c │ │ ├── VarArg.c │ │ ├── VarArgAlignment.c │ │ ├── VarArgByVal.c │ │ ├── VarArgByValReported.c │ │ ├── VarArgLongDouble.c │ │ ├── WithLibc.c │ │ ├── WriteCov.c │ │ ├── _utils._ll │ │ ├── arithmetic-right-overshift-sym-conc.c │ │ ├── consecutive_divide_by_zero.c │ │ ├── const_array_opt1.c │ │ ├── klee-stats │ │ │ ├── additional_column │ │ │ │ ├── info │ │ │ │ └── run.stats │ │ │ ├── empty │ │ │ │ ├── info │ │ │ │ └── run.stats │ │ │ ├── missing_column │ │ │ │ ├── info │ │ │ │ └── run.stats │ │ │ └── run │ │ │ │ ├── info │ │ │ │ └── run.stats │ │ ├── left-overshift-sym-conc.c │ │ ├── logical-right-overshift-sym-conc.c │ │ ├── srem.c │ │ ├── ubsan_signed_overflow.c │ │ ├── ubsan_unsigned_overflow.c │ │ └── utils.h │ ├── Merging │ │ ├── batching_break.c │ │ ├── easy_merge.c │ │ ├── incomplete_merge.c │ │ ├── indirect_value.c │ │ ├── loop_merge.c │ │ ├── merge_fail.c │ │ ├── nested_merge.c │ │ ├── split_merge.c │ │ ├── state_termination.c │ │ └── unexpected_close.c │ ├── Programs │ │ └── pcregrep.c │ ├── README │ ├── Replay │ │ ├── klee-replay │ │ │ ├── GenBout.c │ │ │ ├── GenRandomBout.c │ │ │ └── KleeZesti.c │ │ └── libkleeruntest │ │ │ ├── replay_cex_after_assumed_malloc.c │ │ │ ├── replay_cex_incorrect_result.c │ │ │ ├── replay_detection.c │ │ │ ├── replay_invalid_klee_assume.c │ │ │ ├── replay_invalid_klee_choose.c │ │ │ ├── replay_invalid_klee_range.c │ │ │ ├── replay_invalid_num_objects.c │ │ │ ├── replay_invalid_object_names.c │ │ │ ├── replay_invalid_object_size.c │ │ │ ├── replay_klee_prefer_cex.c │ │ │ ├── replay_merge.c │ │ │ ├── replay_posix_runtime.c │ │ │ ├── replay_simple.c │ │ │ └── replay_two_objects.c │ ├── Runtime │ │ ├── FreeStanding │ │ │ ├── freestanding_only.c │ │ │ ├── memcpy_chk.c │ │ │ └── memcpy_chk_err.c │ │ ├── POSIX │ │ │ ├── CanonicalizeFileName.c │ │ │ ├── DirConsistency.c │ │ │ ├── DirSeek.c │ │ │ ├── Envp.c │ │ │ ├── FDNumbers.c │ │ │ ├── FD_Fail.c │ │ │ ├── FD_Fail2.c │ │ │ ├── Fcntl.c │ │ │ ├── FilePerm.c │ │ │ ├── FileTime.c │ │ │ ├── FreeArgv.c │ │ │ ├── Futimesat.c │ │ │ ├── GetcwdFail.c │ │ │ ├── Getenv.c │ │ │ ├── Ioctl.c │ │ │ ├── Isatty.c │ │ │ ├── MixedConcreteSymbolic.c │ │ │ ├── Openat.c │ │ │ ├── PrgName.c │ │ │ ├── Read1.c │ │ │ ├── Replay.c │ │ │ ├── SELinux │ │ │ │ ├── SELinux.c │ │ │ │ └── lit.local.cfg │ │ │ ├── SeedAndFail.c │ │ │ ├── Stdin.c │ │ │ ├── SymFileConsistency.c │ │ │ ├── TestMain.c │ │ │ ├── Usage.c │ │ │ ├── Write1.c │ │ │ ├── Write2.c │ │ │ └── lit.local.cfg │ │ ├── Uclibc │ │ │ ├── 2007-10-08-optimization-calls-wrong-libc-functions.c │ │ │ ├── 2008-03-04-libc-atexit-uses-dso-handle.c │ │ │ ├── Environ.c │ │ │ ├── lit.local.cfg │ │ │ └── strcpy_chk.c │ │ └── klee-libc │ │ │ ├── atexit_order.c │ │ │ ├── bcmp.c │ │ │ ├── cxa_thread_atexit_impl.c │ │ │ ├── mempcpy.c │ │ │ └── strcat_chk.c │ ├── Solver │ │ ├── 2016-04-12-array-parsing-bug.kquery │ │ ├── AShr_to_smtlib.kquery │ │ ├── FastCexSolver.kquery │ │ ├── LargeIntegers.kquery │ │ ├── STPDumpDebugQueries.c │ │ ├── Z3ConstantArray.c │ │ ├── Z3LargeConstantArray.kquery │ │ ├── lit.local.cfg │ │ ├── overshift-aright-by-constant.kquery │ │ ├── overshift-aright-by-symbolic.kquery │ │ ├── overshift-left-by-constant.kquery │ │ ├── overshift-left-by-symbolic.kquery │ │ ├── overshift-lright-by-constant.kquery │ │ └── overshift-lright-by-symbolic.kquery │ ├── VectorInstructions │ │ ├── extract_element.c │ │ ├── floating_point_ops_constant.c │ │ ├── insert_element.c │ │ ├── integer_ops_constant.c │ │ ├── integer_ops_signed_symbolic.c │ │ ├── integer_ops_unsigned_symbolic.c │ │ ├── memset.c │ │ ├── oob-llvm-lt11.c │ │ ├── oob-read-llvm-geq11.c │ │ ├── oob-write-llvm-geq11.c │ │ └── shuffle_element.c │ ├── lit.cfg │ ├── lit.site.cfg.in │ └── regression │ │ ├── 2007-07-25-invalid-stp-array-binding-to-objectstate.c │ │ ├── 2007-07-30-unflushed-byte.c │ │ ├── 2007-08-01-cache-unclear-on-overwrite-flushed.c │ │ ├── 2007-08-06-64bit-shift.c │ │ ├── 2007-08-06-access-after-free.c │ │ ├── 2007-08-08-free-zero.c │ │ ├── 2007-08-16-invalid-constant-value.c │ │ ├── 2007-08-16-valid-write-to-freed-object.c │ │ ├── 2007-10-11-free-of-alloca.c │ │ ├── 2007-10-11-illegal-access-after-free-and-branch.c │ │ ├── 2007-10-12-failed-make-symbolic-after-copy.c │ │ ├── 2008-03-04-free-of-global.c │ │ ├── 2008-03-11-free-of-malloc-zero.c │ │ ├── 2008-04-10-bad-alloca-free.c │ │ ├── 2008-05-23-gep-with-global-const.c │ │ ├── 2012-05-13-asm-causes-aborts.c │ │ ├── 2014-07-04-unflushed-error-report.c │ │ ├── 2014-09-13-debug-info.c │ │ ├── 2014-12-08-ashr.c │ │ ├── 2015-06-22-struct-write.c │ │ ├── 2015-08-05-invalid-fork.c │ │ ├── 2015-08-30-empty-constraints.c │ │ ├── 2015-08-30-sdiv-1.c │ │ ├── 2016-03-22-independence-solver-missing-objects-for-assignment.kquery │ │ ├── 2016-04-14-sdiv-2.c │ │ ├── 2016-06-28-div-zero-bug.c │ │ ├── 2016-08-06-klee-get-obj-size.c │ │ ├── 2016-08-11-entry-point-internalize-pass.c │ │ ├── 2016-08-12-empty-file.c │ │ ├── 2016-11-24-bitcast-weak-alias.c │ │ ├── 2016-12-14-alloc-alignment.c │ │ ├── 2017-02-21-pathOS-id.c │ │ ├── 2017-03-23-early-exit-log-stats.c │ │ ├── 2017-11-01-test-with-empty-varname.c │ │ ├── 2018-04-05-make-symbolic-null-name.c │ │ ├── 2018-05-05-number-instructions-dumped-states.c │ │ ├── 2018-05-17-replay-short-names.c │ │ ├── 2018-10-01-double-segfault.c │ │ ├── 2019-09-06-make-const-symbolic.c │ │ ├── 2020-01-14-fabs-compare.c │ │ ├── 2020-02-24-count-paths-nodump.c │ │ ├── 2020-04-27-stp-array-names.c │ │ └── lit.local.cfg ├── tools │ ├── CMakeLists.txt │ ├── gen-bout │ │ ├── CMakeLists.txt │ │ └── gen-bout.cpp │ ├── gen-random-bout │ │ ├── CMakeLists.txt │ │ └── gen-random-bout.cpp │ ├── kleaver │ │ ├── CMakeLists.txt │ │ └── main.cpp │ ├── klee-replay │ │ ├── CMakeLists.txt │ │ ├── fd_init.c │ │ ├── file-creator.c │ │ ├── klee-replay.c │ │ ├── klee-replay.h │ │ └── klee_init_env.c │ ├── klee-stats │ │ ├── CMakeLists.txt │ │ └── klee-stats │ ├── klee-zesti │ │ ├── CMakeLists.txt │ │ └── klee-zesti │ ├── klee │ │ ├── CMakeLists.txt │ │ └── main.cpp │ └── ktest-tool │ │ ├── CMakeLists.txt │ │ └── ktest-tool ├── unittests │ ├── Assignment │ │ ├── AssignmentTest.cpp │ │ └── CMakeLists.txt │ ├── CMakeLists.txt │ ├── DiscretePDF │ │ ├── CMakeLists.txt │ │ └── DiscretePDFTest.cpp │ ├── Expr │ │ ├── ArrayExprTest.cpp │ │ ├── CMakeLists.txt │ │ └── ExprTest.cpp │ ├── RNG │ │ ├── CMakeLists.txt │ │ └── RNGTest.cpp │ ├── Ref │ │ ├── CMakeLists.txt │ │ └── RefTest.cpp │ ├── Searcher │ │ ├── CMakeLists.txt │ │ └── SearcherTest.cpp │ ├── Solver │ │ ├── CMakeLists.txt │ │ ├── SolverTest.cpp │ │ └── Z3SolverTest.cpp │ ├── TestMain.cpp │ ├── Time │ │ ├── CMakeLists.txt │ │ └── TimeTest.cpp │ ├── TreeStream │ │ ├── CMakeLists.txt │ │ └── TreeStreamTest.cpp │ ├── lit-unit-tests-common.cfg │ └── lit-unit-tests-common.site.cfg.in └── utils │ ├── data │ └── Queries │ │ ├── pcresymperf-3.kquery │ │ └── pcresymperf-4.kquery │ ├── emacs │ └── klee-pc-mode.el │ ├── grafana │ ├── Dockerfile │ ├── dashboard.yml │ ├── datasource.yml │ ├── grafana.ini │ ├── klee_dashboard.json │ └── upload.sh │ ├── hacks │ └── TreeGraphs │ │ ├── Animate.py │ │ ├── DumpTreeStream.py │ │ ├── Graphics │ │ ├── Canvas │ │ │ └── __init__.py │ │ ├── Geometry │ │ │ ├── Intersect2D.py │ │ │ ├── __init__.py │ │ │ ├── mat2.py │ │ │ ├── mat3.py │ │ │ ├── mat4.py │ │ │ ├── quat.py │ │ │ ├── vec2.py │ │ │ ├── vec3.py │ │ │ └── vec4.py │ │ └── __init__.py │ │ ├── README.txt │ │ ├── TreeGraph.py │ │ └── inputs │ │ ├── symPaths.ts │ │ └── symPaths6.ts │ ├── sanitizers │ ├── lsan.txt │ └── ubsan.txt │ └── valgrind │ ├── README.txt │ ├── valgrind-llvm.supp │ └── valgrind-stp.supp ├── libtpot └── libtpot.c ├── portfolio ├── run-portfolio-all.sh ├── run-portfolio.sh └── setup-portfolio.sh ├── scripts ├── run_pot.sh ├── run_pots_parallel.sh └── verify_sosp24_targets.sh └── targets └── sosp24 ├── klint ├── env │ ├── include │ │ ├── arch │ │ │ ├── cache.h │ │ │ ├── endian.h │ │ │ ├── halt.h │ │ │ ├── io.h │ │ │ ├── msr.h │ │ │ └── tsc.h │ │ ├── net │ │ │ ├── packet.h │ │ │ ├── skeleton.h │ │ │ └── tx.h │ │ ├── os │ │ │ ├── clock.h │ │ │ ├── config.h │ │ │ ├── init.h │ │ │ ├── log.h │ │ │ ├── memory.h │ │ │ ├── pci.h │ │ │ └── time.h │ │ ├── proof │ │ │ ├── arith.c │ │ │ ├── arith.gh │ │ │ ├── bitopsutils.c │ │ │ ├── bitopsutils.gh │ │ │ ├── chain-buckets.gh │ │ │ ├── ghost_map.gh │ │ │ ├── listexex.gh │ │ │ ├── listutils-lemmas.c │ │ │ ├── listutils-lemmas.gh │ │ │ ├── listutils.gh │ │ │ ├── mod-pow2.c │ │ │ ├── mod-pow2.gh │ │ │ ├── modulo.c │ │ │ ├── modulo.gh │ │ │ ├── multiset.gh │ │ │ ├── multisubset.gh │ │ │ ├── natlist.gh │ │ │ ├── nth-prop.gh │ │ │ ├── set.gh │ │ │ └── stdex.gh │ │ ├── structs │ │ │ └── index_pool.h │ │ └── verif │ │ │ └── drivers.h │ └── src │ │ ├── os │ │ ├── config.c │ │ ├── dpdk │ │ │ ├── Makefile │ │ │ ├── clock.c │ │ │ ├── init.c │ │ │ ├── log.c │ │ │ └── memory.c │ │ ├── linux │ │ │ ├── Makefile │ │ │ ├── clock.c │ │ │ ├── init.c │ │ │ ├── log.c │ │ │ └── memory.c │ │ ├── memory_alloc.c │ │ ├── metal │ │ │ ├── Makefile │ │ │ ├── _start.c │ │ │ ├── boot.asm │ │ │ ├── clock.c │ │ │ ├── crti.asm │ │ │ ├── crtn.asm │ │ │ ├── grub.cfg │ │ │ ├── init.c │ │ │ ├── linker.ld │ │ │ ├── memory.c │ │ │ ├── multiboot1_header.asm │ │ │ └── multiboot2_header.asm │ │ └── pci.c │ │ ├── structs │ │ └── index_pool.c │ │ └── verif │ │ └── drivers.c ├── loc.sh └── tpot-specs │ └── index_pool │ ├── Makefile │ ├── compare_to_original.sh │ ├── spec_helpers.h │ ├── specs.c │ ├── tpot_config │ ├── tpot_models.c │ └── verifast_index_pool_annotated.c ├── komodo-serval ├── Makefile ├── Makefile.lib ├── bbl │ └── payload.S ├── bios │ ├── bios.lds.S │ ├── bios.mk │ ├── boot │ │ └── head.S │ ├── cpu.c │ ├── entry.S │ ├── htif.c │ ├── mcall.c │ ├── ptrace.c │ ├── shutdown.c │ ├── sifive.c │ ├── traps.c │ └── uart8250.c ├── compare_to_original.sh ├── config.mk ├── csrs.h ├── cstate.c ├── include │ ├── asm │ │ ├── asm-offsets.h │ │ ├── barrier.h │ │ ├── bitops.h │ │ ├── cache.h │ │ ├── csr.h │ │ ├── csr_bits │ │ │ ├── cause.h │ │ │ ├── edeleg.h │ │ │ ├── ideleg.h │ │ │ ├── ie.h │ │ │ ├── ip.h │ │ │ ├── isa.h │ │ │ ├── pmpcfg.h │ │ │ ├── satp.h │ │ │ └── status.h │ │ ├── cstate.h │ │ ├── entry.h │ │ ├── io.h │ │ ├── mcall.h │ │ ├── page.h │ │ ├── pgtable-bits.h │ │ ├── pgtable.h │ │ ├── pmp.h │ │ ├── processor.h │ │ ├── ptrace.h │ │ ├── sbi.h │ │ ├── setup.h │ │ ├── tlbflush.h │ │ └── word-at-a-time.h │ ├── crypto │ │ ├── hmac.h │ │ └── sha.h │ ├── io │ │ ├── asm.h │ │ ├── bitsperlong.h │ │ ├── build_bug.h │ │ ├── compiler.h │ │ ├── const.h │ │ ├── cpio.h │ │ ├── elf.h │ │ ├── kbuild.h │ │ ├── linkage.h │ │ ├── nospec.h │ │ └── sizes.h │ ├── sys │ │ ├── bitmap.h │ │ ├── bitops.h │ │ ├── bitops │ │ │ ├── __ffs.h │ │ │ ├── __fls.h │ │ │ └── fls64.h │ │ ├── bug.h │ │ ├── byteorder.h │ │ ├── console.h │ │ ├── ctype.h │ │ ├── errno.h │ │ ├── ilist.h │ │ ├── init.h │ │ ├── ioport.h │ │ ├── list.h │ │ ├── log2.h │ │ ├── memblock.h │ │ ├── of.h │ │ ├── pfn.h │ │ ├── poison.h │ │ ├── printk.h │ │ ├── sections.h │ │ ├── spinlock.h │ │ ├── string.h │ │ ├── swab.h │ │ ├── timex.h │ │ ├── types.h │ │ ├── unaligned.h │ │ ├── unaligned │ │ │ ├── be_byteshift.h │ │ │ ├── generic.h │ │ │ └── le_byteshift.h │ │ └── vmlinux.lds.h │ └── uapi │ │ ├── atto │ │ ├── dirent.h │ │ ├── fcntl.h │ │ ├── signal.h │ │ ├── stat.h │ │ ├── unistd.h │ │ └── wait.h │ │ ├── certikos │ │ ├── elf.h │ │ ├── param.h │ │ └── syscalls.h │ │ ├── intmon │ │ ├── param.h │ │ ├── sysapi.h │ │ └── syscalls.h │ │ ├── io │ │ ├── asm.h │ │ ├── bitsperlong.h │ │ ├── build_bug.h │ │ ├── compiler.h │ │ ├── const.h │ │ ├── cpio.h │ │ ├── elf.h │ │ ├── kbuild.h │ │ ├── linkage.h │ │ ├── nospec.h │ │ └── sizes.h │ │ ├── keystone │ │ └── syscalls.h │ │ ├── komodo │ │ ├── memregions.h │ │ ├── smcapi.h │ │ ├── smccalls.h │ │ └── svccalls.h │ │ └── toymon │ │ └── syscalls.h ├── invariants.c ├── kernel │ ├── asm-offsets.c │ ├── bitops.c │ ├── boot │ │ └── head.S │ ├── bswap.c │ ├── console.c │ ├── cpio.c │ ├── ctype.c │ ├── dumpstack.c │ ├── entry.S │ ├── hacl │ │ ├── Hacl_HMAC_SHA2_256.c │ │ ├── Hacl_HMAC_SHA2_256.h │ │ ├── Hacl_SHA2_256.c │ │ ├── Hacl_SHA2_256.h │ │ └── kremlib.h │ ├── hexdump.c │ ├── hmac256.c │ ├── kernel.lds.S │ ├── kernel.mk │ ├── libfdt │ │ ├── fdt.c │ │ ├── fdt.h │ │ ├── fdt_addresses.c │ │ ├── fdt_ro.c │ │ ├── fdt_strerror.c │ │ ├── libfdt.h │ │ ├── libfdt_env.h │ │ └── libfdt_internal.h │ ├── memblock.c │ ├── of.c │ ├── panic.c │ ├── ptrace.c │ ├── sbi_console.c │ ├── setup.c │ ├── sha256.c │ ├── shutdown.c │ ├── smp.c │ ├── string.c │ ├── time.c │ ├── traps.c │ └── vsprintf.c ├── komodo-kernel │ ├── kernel.mk │ ├── main.c │ ├── smc.S │ └── test.S ├── komodo.mk ├── loc.sh ├── main.c ├── monitor.c ├── monitor.h ├── specs.c ├── specs.h ├── traps.c └── verif │ ├── asm-offsets.c │ ├── basic.rkt │ ├── impl.rkt │ ├── invariants.rkt │ ├── llvm.rkt │ ├── ni.rkt │ ├── nickel-ni.rkt │ ├── riscv.rkt │ ├── spec.rkt │ ├── state.rkt │ ├── symbols.rkt │ └── verif.mk ├── komodo-star ├── Makefile ├── Makefile.lib ├── bbl │ └── payload.S ├── bios │ ├── bios.lds.S │ ├── bios.mk │ ├── boot │ │ └── head.S │ ├── cpu.c │ ├── entry.S │ ├── htif.c │ ├── mcall.c │ ├── ptrace.c │ ├── shutdown.c │ ├── sifive.c │ ├── traps.c │ └── uart8250.c ├── compare_to_original.sh ├── config.mk ├── csrs.h ├── cstate.c ├── include │ ├── asm │ │ ├── asm-offsets.h │ │ ├── barrier.h │ │ ├── bitops.h │ │ ├── cache.h │ │ ├── csr.h │ │ ├── csr_bits │ │ │ ├── cause.h │ │ │ ├── edeleg.h │ │ │ ├── ideleg.h │ │ │ ├── ie.h │ │ │ ├── ip.h │ │ │ ├── isa.h │ │ │ ├── pmpcfg.h │ │ │ ├── satp.h │ │ │ └── status.h │ │ ├── cstate.h │ │ ├── entry.h │ │ ├── io.h │ │ ├── mcall.h │ │ ├── page.h │ │ ├── pgtable-bits.h │ │ ├── pgtable.h │ │ ├── pmp.h │ │ ├── processor.h │ │ ├── ptrace.h │ │ ├── sbi.h │ │ ├── setup.h │ │ ├── tlbflush.h │ │ └── word-at-a-time.h │ ├── crypto │ │ ├── hmac.h │ │ └── sha.h │ ├── io │ │ ├── asm.h │ │ ├── bitsperlong.h │ │ ├── build_bug.h │ │ ├── compiler.h │ │ ├── const.h │ │ ├── cpio.h │ │ ├── elf.h │ │ ├── kbuild.h │ │ ├── linkage.h │ │ ├── nospec.h │ │ └── sizes.h │ ├── sys │ │ ├── bitmap.h │ │ ├── bitops.h │ │ ├── bitops │ │ │ ├── __ffs.h │ │ │ ├── __fls.h │ │ │ └── fls64.h │ │ ├── bug.h │ │ ├── byteorder.h │ │ ├── console.h │ │ ├── ctype.h │ │ ├── errno.h │ │ ├── ilist.h │ │ ├── init.h │ │ ├── ioport.h │ │ ├── list.h │ │ ├── log2.h │ │ ├── memblock.h │ │ ├── of.h │ │ ├── pfn.h │ │ ├── poison.h │ │ ├── printk.h │ │ ├── sections.h │ │ ├── spinlock.h │ │ ├── string.h │ │ ├── swab.h │ │ ├── timex.h │ │ ├── types.h │ │ ├── unaligned.h │ │ ├── unaligned │ │ │ ├── be_byteshift.h │ │ │ ├── generic.h │ │ │ └── le_byteshift.h │ │ └── vmlinux.lds.h │ └── uapi │ │ ├── atto │ │ ├── dirent.h │ │ ├── fcntl.h │ │ ├── signal.h │ │ ├── stat.h │ │ ├── unistd.h │ │ └── wait.h │ │ ├── certikos │ │ ├── elf.h │ │ ├── param.h │ │ └── syscalls.h │ │ ├── intmon │ │ ├── param.h │ │ ├── sysapi.h │ │ └── syscalls.h │ │ ├── io │ │ ├── asm.h │ │ ├── bitsperlong.h │ │ ├── build_bug.h │ │ ├── compiler.h │ │ ├── const.h │ │ ├── cpio.h │ │ ├── elf.h │ │ ├── kbuild.h │ │ ├── linkage.h │ │ ├── nospec.h │ │ └── sizes.h │ │ ├── keystone │ │ └── syscalls.h │ │ ├── komodo │ │ ├── memregions.h │ │ ├── smcapi.h │ │ ├── smccalls.h │ │ └── svccalls.h │ │ └── toymon │ │ └── syscalls.h ├── invariants.c ├── kernel │ ├── asm-offsets.c │ ├── bitops.c │ ├── boot │ │ └── head.S │ ├── bswap.c │ ├── console.c │ ├── cpio.c │ ├── ctype.c │ ├── dumpstack.c │ ├── entry.S │ ├── hacl │ │ ├── Hacl_HMAC_SHA2_256.c │ │ ├── Hacl_HMAC_SHA2_256.h │ │ ├── Hacl_SHA2_256.c │ │ ├── Hacl_SHA2_256.h │ │ └── kremlib.h │ ├── hexdump.c │ ├── hmac256.c │ ├── kernel.lds.S │ ├── kernel.mk │ ├── libfdt │ │ ├── fdt.c │ │ ├── fdt.h │ │ ├── fdt_addresses.c │ │ ├── fdt_ro.c │ │ ├── fdt_strerror.c │ │ ├── libfdt.h │ │ ├── libfdt_env.h │ │ └── libfdt_internal.h │ ├── memblock.c │ ├── of.c │ ├── panic.c │ ├── ptrace.c │ ├── sbi_console.c │ ├── setup.c │ ├── sha256.c │ ├── shutdown.c │ ├── smp.c │ ├── string.c │ ├── time.c │ ├── traps.c │ └── vsprintf.c ├── komodo-kernel │ ├── kernel.mk │ ├── main.c │ ├── smc.S │ └── test.S ├── komodo.mk ├── loc.sh ├── main.c ├── monitor.c ├── monitor.h ├── specs.c ├── specs.h ├── traps.c └── verif │ ├── asm-offsets.c │ ├── basic.rkt │ ├── impl.rkt │ ├── invariants.rkt │ ├── llvm.rkt │ ├── ni.rkt │ ├── nickel-ni.rkt │ ├── riscv.rkt │ ├── spec.rkt │ ├── state.rkt │ ├── symbols.rkt │ └── verif.mk ├── kvm-pgtable ├── Makefile ├── compare_to_original.sh ├── defs.h ├── loc.sh ├── pgtable.c ├── pgtable_lemmas.v ├── specs.c └── tpot_config ├── loc.sh ├── pkvm-early-alloc ├── GPL-2.0 ├── README.md ├── cn │ ├── Makefile │ ├── cn_predicates.h │ ├── early_alloc.c │ ├── memory.h │ └── time.sh ├── count.sh ├── loc.sh ├── original │ ├── early_alloc.c │ ├── include │ │ ├── kernel.h │ │ ├── kvm_pgtable.h │ │ ├── page-def.h │ │ └── stddef.h │ └── memory.h ├── tpot │ ├── Makefile │ ├── compare_to_original.sh │ ├── spec_helpers.h │ ├── specs.c │ └── tpot_config └── verifast │ ├── Makefile │ ├── early_alloc.c │ ├── lemmas.h │ ├── macros.h │ ├── memory.h │ ├── time.sh │ └── verifast_predicates.h ├── pot_time.sh └── usbmouse ├── Makefile ├── compare_to_original.sh ├── defs.h ├── equals.h ├── linux ├── compiler.h ├── device.h ├── errno.h ├── gfp.h ├── hid.h ├── init.h ├── input.h ├── kernel.h ├── mod_devicetable.h ├── module.h ├── printk.h ├── slab.h ├── slab_def.h ├── spinlock.h ├── spinlock_types.h ├── stddef.h ├── string.h ├── types.h ├── usb.h └── usb │ ├── ch9.h │ └── input.h ├── linux_tpot.c ├── loc.sh ├── spec_helpers.c ├── spec_helpers.h ├── specs.c ├── tpot_config ├── usbmouse_original.c ├── usbmouse_tpot.c ├── usbmouse_verifast.c └── verifast_loc /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode 2 | 3 | # tpot artifacts 4 | *.smt2 5 | z3_cache 6 | 7 | # output directories 8 | o.* 9 | xv6-out 10 | 11 | # local files 12 | local 13 | 14 | *.ll 15 | *.no-opt 16 | *.d 17 | compile_commands.json 18 | .clangd/ 19 | 20 | klee-out-*/ 21 | klee-last 22 | .cache 23 | tests/a.out 24 | *.o.cmd 25 | *.o 26 | .idea 27 | .clang-format 28 | 29 | targets/examples/playground/ 30 | 31 | out.perf-folded 32 | perf.data 33 | .z3-trace 34 | 35 | .tmp -------------------------------------------------------------------------------- /include/tpot_annotations.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include // for tpot_assume, tpot_assert, tpot_malloc, tpot_free 4 | 5 | extern void __tpot_inv(void *cond, ...); 6 | #define _tpot_inv(cond, ...) __tpot_inv(cond, __VA_ARGS__); 7 | 8 | extern void tpot_memset(void *dst, uint64_t val, size_t s); 9 | extern void tpot_memcpy(void *src, void *dst, size_t s); 10 | 11 | // -- Overrides -- // 12 | #define assert(cond) tpot_assert(cond) 13 | #define assume(cond) tpot_assume(cond) 14 | #define malloc(ptr) tpot_malloc(ptr) 15 | #define free(ptr) tpot_free(ptr) 16 | #define memcpy(dest, src, n) tpot_memcpy(dest, src, n) 17 | #define memset(dest, val, n) tpot_memset(dest, val, n) 18 | -------------------------------------------------------------------------------- /include/tpot_malloc.h: -------------------------------------------------------------------------------- 1 | #define malloc(size) __tpot_malloc(size) -------------------------------------------------------------------------------- /klee-2.3/.codecov.yml: -------------------------------------------------------------------------------- 1 | codecov: 2 | disable_default_path_fixes: true 3 | 4 | coverage: 5 | status: 6 | project: no 7 | patch: yes 8 | changes: no 9 | precision: 2 10 | round: down 11 | range: "70...100" 12 | 13 | fixes: 14 | - "/tmp/klee_src::" 15 | ignore: 16 | - "usr/" 17 | - "test/" 18 | - "unittests" 19 | - "**/test-utils" 20 | comment: 21 | layout: "header, diff, changes, uncovered, tree" 22 | behavior: default 23 | -------------------------------------------------------------------------------- /klee-2.3/.dockerignore: -------------------------------------------------------------------------------- 1 | #.git - Don't delete git, we need that to generate the correct version number 2 | autom4te.cache 3 | **/.*.swp 4 | Dockerfile 5 | cmake-*/ 6 | -------------------------------------------------------------------------------- /klee-2.3/.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto 2 | 3 | *.h text 4 | *.c text 5 | *.cpp text 6 | -------------------------------------------------------------------------------- /klee-2.3/.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest a feature in KLEE 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. E.g., I find it difficult to use KLEE when [...]; I would find it very useful for KLEE to [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | -------------------------------------------------------------------------------- /klee-2.3/.github/ISSUE_TEMPLATE/question.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Question 3 | about: Ask a question about KLEE 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | To ask a question about KLEE: 11 | 1. Please first check the documentation at http://klee.github.io/docs/ 12 | 2. Then check the [searchable mailing list archive](https://www.mail-archive.com/klee-dev@imperial.ac.uk/) 13 | 3. If this still doesn’t answer your questions then please send an email to the [klee-dev mailing list](http://klee.github.io/klee-dev/) 14 | 15 | **We will normally not answer questions asked on GitHub.** 16 | -------------------------------------------------------------------------------- /klee-2.3/.gitignore: -------------------------------------------------------------------------------- 1 | Release/ 2 | Release+Asserts/ 3 | Debug/ 4 | Debug+Asserts/ 5 | Output/ 6 | 7 | # commonly used as cmake build directory 8 | /build 9 | 10 | cscope.* 11 | *~ 12 | 13 | *.log 14 | *.sum 15 | *.out 16 | *.status 17 | 18 | # In source build files 19 | docs/doxygen.cfg 20 | include/klee/Config/CompileTimeInfo.h 21 | *.config 22 | 23 | config.h 24 | site.exp 25 | 26 | # Site file for llvm-lit 27 | lit.site.cfg 28 | 29 | # Autoconf files 30 | autoconf/aclocal.m4 31 | autoconf/autom4te.cache/ 32 | autom4te.cache/ 33 | -------------------------------------------------------------------------------- /klee-2.3/cmake/string_to_list.cmake: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | 10 | function(string_to_list s output_var) 11 | string(REPLACE " " ";" _output "${s}") 12 | set(${output_var} ${_output} PARENT_SCOPE) 13 | endfunction() 14 | -------------------------------------------------------------------------------- /klee-2.3/docs/SMT-COMP/QF_AUFBV.smt: -------------------------------------------------------------------------------- 1 | (logic QF_AUFBV 2 | 3 | :written_by {Clark Barrett} 4 | :date {May 7, 2007} 5 | 6 | :theory BV_ArraysEx 7 | 8 | :language 9 | "Closed quantifier-free formulas built over an arbitrary expansion of the 10 | BV_ArraysEx signature with free function and predicate symbols over 11 | the sorts of BV_ArraysEx. Formulas in ite terms must satisfy the same 12 | restriction as well, with the exception that they need not be closed (because 13 | they may be in the scope of a let expression). 14 | " 15 | :extensions 16 | "As in the logic QF_BV." 17 | ) 18 | 19 | 20 | -------------------------------------------------------------------------------- /klee-2.3/docs/intro: -------------------------------------------------------------------------------- 1 | /// @mainpage KLEE 2 | /// 3 | /// @section main_intro Introduction 4 | /// Welcome to KLEE. KLEE is a symbolic execution engine that works on LLVM 5 | /// bitcode. 6 | /// 7 | /// @section Documentation 8 | /// The documentation of KLEE is composed of the Doxygen documentation 9 | /// of the code as well as the following documents: 10 | /// - @subpage overview 11 | -------------------------------------------------------------------------------- /klee-2.3/examples/get_sign/get_sign.c: -------------------------------------------------------------------------------- 1 | /* 2 | * First KLEE tutorial: testing a small function 3 | */ 4 | 5 | #include "klee/klee.h" 6 | 7 | int get_sign(int x) { 8 | if (x == 0) 9 | return 0; 10 | 11 | if (x < 0) 12 | return -1; 13 | else 14 | return 1; 15 | } 16 | 17 | int main() { 18 | int a; 19 | klee_make_symbolic(&a, sizeof(a), "a"); 20 | return get_sign(a); 21 | } 22 | -------------------------------------------------------------------------------- /klee-2.3/examples/regexp/notes.txt: -------------------------------------------------------------------------------- 1 | clang -m32 -I ~/private/klee/include -c -emit-llvm Regexp.c 2 | 3 | klee Regexp.o 4 | klee --only-output-states-covering-new Regexp.o 5 | ls -l klee-out-0 6 | ls -l klee-out-1 7 | ls -l klee-last 8 | 9 | cd klee-last 10 | klee-bout-tool *.bout 11 | klee-bout-tool --trim-zeros *.bout 12 | 13 | Stuff to show: 14 | Adding klee_prefer_cex 15 | 16 | PrintStats.py klee-last 17 | 18 | PrintStats.py klee-last 19 | Why not 100% coverage? 20 | 21 | clang -g -m32 -I ~/private/klee/include -c -emit-llvm Regexp.c 22 | 23 | KCachegrind? 24 | 25 | Disable klee_assume, show coverage again (why is klee-check-div getting pulled 26 | in?) 27 | -------------------------------------------------------------------------------- /klee-2.3/include/klee/Config/CompileTimeInfo.h.cmin: -------------------------------------------------------------------------------- 1 | //===-- CompileTimeInfo.h ---------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | // @AUTO_GEN_MSG@ 11 | #ifndef KLEE_COMPILETIMEINFO_H 12 | #define KLEE_COMPILETIMEINFO_H 13 | 14 | #define KLEE_BUILD_MODE "@CMAKE_BUILD_TYPE@ (Asserts: @ENABLE_KLEE_ASSERTS@)" 15 | #define KLEE_BUILD_REVISION "@KLEE_GIT_SHA1HASH@" 16 | 17 | #endif /* KLEE_COMPILETIMEINFO_H */ 18 | -------------------------------------------------------------------------------- /klee-2.3/include/klee/Config/Version.h: -------------------------------------------------------------------------------- 1 | //===-- Version.h -----------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_VERSION_H 11 | #define KLEE_VERSION_H 12 | 13 | #include "klee/Config/config.h" 14 | 15 | #define LLVM_VERSION(major, minor) (((major) << 8) | (minor)) 16 | #define LLVM_VERSION_CODE LLVM_VERSION(LLVM_VERSION_MAJOR, LLVM_VERSION_MINOR) 17 | 18 | #endif /* KLEE_VERSION_H */ 19 | -------------------------------------------------------------------------------- /klee-2.3/include/klee/Module/Cell.h: -------------------------------------------------------------------------------- 1 | //===-- Cell.h --------------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_CELL_H 11 | #define KLEE_CELL_H 12 | 13 | #include "klee/Expr/Expr.h" 14 | 15 | namespace klee { 16 | class MemoryObject; 17 | 18 | struct Cell { 19 | ref value; 20 | }; 21 | } 22 | 23 | #endif /* KLEE_CELL_H */ 24 | -------------------------------------------------------------------------------- /klee-2.3/include/klee/Support/PrintVersion.h: -------------------------------------------------------------------------------- 1 | //===-- PrintVersion.h ------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_PRINTVERSION_H 11 | #define KLEE_PRINTVERSION_H 12 | 13 | #include "llvm/Support/raw_ostream.h" 14 | 15 | #include "klee/Config/Version.h" 16 | 17 | namespace klee { 18 | void printVersion(llvm::raw_ostream &OS); 19 | } 20 | 21 | #endif /* KLEE_PRINTVERSION_H */ 22 | -------------------------------------------------------------------------------- /klee-2.3/include/klee/System/MemoryUsage.h: -------------------------------------------------------------------------------- 1 | //===-- MemoryUsage.h -------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_MEMORYUSAGE_H 11 | #define KLEE_MEMORYUSAGE_H 12 | 13 | #include 14 | 15 | namespace klee { 16 | namespace util { 17 | /// Get total malloc usage in bytes 18 | size_t GetTotalMallocUsage(); 19 | } 20 | } 21 | 22 | #endif /* KLEE_MEMORYUSAGE_H */ 23 | -------------------------------------------------------------------------------- /klee-2.3/lib/Basic/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | klee_add_component(kleeBasic 10 | KTest.cpp 11 | Statistics.cpp 12 | ) 13 | set(LLVM_COMPONENTS 14 | support 15 | ) 16 | 17 | klee_get_llvm_libs(LLVM_LIBS ${LLVM_COMPONENTS}) 18 | target_link_libraries(kleeBasic PUBLIC ${LLVM_LIBS}) 19 | -------------------------------------------------------------------------------- /klee-2.3/lib/Basic/README.txt: -------------------------------------------------------------------------------- 1 | This directory holds the most basic support facilities provided for 2 | both the klee and kleaver libraries. The code in this directory should 3 | have no dependencies on LLVM or any other klee libraries. 4 | -------------------------------------------------------------------------------- /klee-2.3/lib/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | add_subdirectory(Basic) 10 | add_subdirectory(Support) 11 | add_subdirectory(Expr) 12 | add_subdirectory(Solver) 13 | add_subdirectory(Module) 14 | add_subdirectory(Core) 15 | -------------------------------------------------------------------------------- /klee-2.3/lib/README.txt: -------------------------------------------------------------------------------- 1 | The klee and kleaver code is organized as follows: 2 | 3 | lib/Basic - Low level support for both klee and kleaver which should 4 | be independent of LLVM. 5 | 6 | lib/Support - Higher level support, but only used by klee. This can 7 | use LLVM facilities. 8 | 9 | lib/Expr - The core kleaver expression library. 10 | 11 | lib/Solver - The kleaver solver library. 12 | 13 | lib/Module - klee facilities for working with LLVM modules, including 14 | the shadow module/instruction structures we use during 15 | execution. 16 | 17 | lib/Core - The core symbolic virtual machine. 18 | 19 | -------------------------------------------------------------------------------- /klee-2.3/lib/Support/README.txt: -------------------------------------------------------------------------------- 1 | This directory holds basic support facilities (data structures, 2 | utilities, etc.) used by klee. 3 | -------------------------------------------------------------------------------- /klee-2.3/runtime/Freestanding/memcpy.c: -------------------------------------------------------------------------------- 1 | /*===-- memcpy.c ----------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | #include 11 | 12 | void *memcpy(void *destaddr, void const *srcaddr, size_t len) { 13 | char *dest = destaddr; 14 | char const *src = srcaddr; 15 | 16 | while (len-- > 0) 17 | *dest++ = *src++; 18 | return destaddr; 19 | } 20 | -------------------------------------------------------------------------------- /klee-2.3/runtime/Freestanding/memset.c: -------------------------------------------------------------------------------- 1 | /*===-- memset.c ----------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | #include 11 | 12 | void *memset(void *dst, int s, size_t count) { 13 | char *a = dst; 14 | while (count-- > 0) 15 | *a++ = s; 16 | return dst; 17 | } 18 | -------------------------------------------------------------------------------- /klee-2.3/runtime/Intrinsic/dso_handle.c: -------------------------------------------------------------------------------- 1 | void* __dso_handle = 0; 2 | -------------------------------------------------------------------------------- /klee-2.3/runtime/Intrinsic/klee_choose.c: -------------------------------------------------------------------------------- 1 | /*===-- klee-choose.c -----------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | #include "klee/klee.h" 11 | 12 | uintptr_t klee_choose(uintptr_t n) { 13 | uintptr_t x; 14 | klee_make_symbolic(&x, sizeof x, "klee_choose"); 15 | 16 | /* NB: this will *not* work if they don't compare to n values. */ 17 | if(x >= n) 18 | klee_silent_exit(0); 19 | return x; 20 | } 21 | -------------------------------------------------------------------------------- /klee-2.3/runtime/Intrinsic/klee_div_zero_check.c: -------------------------------------------------------------------------------- 1 | //===-- klee_div_zero_check.c ---------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include "klee/klee.h" 11 | 12 | void klee_div_zero_check(long long z) { 13 | if (z == 0) 14 | klee_report_error(__FILE__, __LINE__, "divide by zero", "div.err"); 15 | } 16 | -------------------------------------------------------------------------------- /klee-2.3/runtime/Intrinsic/klee_int.c: -------------------------------------------------------------------------------- 1 | //===-- klee_int.c --------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include 11 | #include "klee/klee.h" 12 | 13 | int klee_int(const char *name) { 14 | int x; 15 | klee_make_symbolic(&x, sizeof x, name); 16 | return x; 17 | } 18 | -------------------------------------------------------------------------------- /klee-2.3/runtime/Intrinsic/klee_is_replay.c: -------------------------------------------------------------------------------- 1 | 2 | /*===-- klee_is_replay.c --------------------------------------------------===// 3 | // 4 | // The KLEE Symbolic Virtual Machine 5 | // 6 | // This file is distributed under the University of Illinois Open Source 7 | // License. See LICENSE.TXT for details. 8 | // 9 | //===----------------------------------------------------------------------===*/ 10 | 11 | #include "klee/klee.h" 12 | 13 | unsigned klee_is_replay() { 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/abort.c: -------------------------------------------------------------------------------- 1 | /*===-- abort.c -----------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | #include 11 | 12 | #include "klee/klee.h" 13 | 14 | void abort(void) { 15 | klee_abort(); 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/atexit.c: -------------------------------------------------------------------------------- 1 | /*==-- atexit.c ----------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | int __cxa_atexit(void (*fn)(void*), 11 | void *arg, 12 | void *dso_handle); 13 | 14 | int atexit(void (*fn)(void)) { 15 | return __cxa_atexit((void(*)(void*)) fn, 0, 0); 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/bcmp.c: -------------------------------------------------------------------------------- 1 | /*===-- bcmp.c ------------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | #include 11 | 12 | int bcmp(const void *s1, const void *s2, size_t n) { 13 | const unsigned char *p1 = s1, *p2 = s2; 14 | while (n-- != 0) { 15 | if (*p1++ != *p2++) 16 | return 1; 17 | } 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/mempcpy.c: -------------------------------------------------------------------------------- 1 | /*===-- mempcpy.c ---------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | #undef _GNU_SOURCE 11 | 12 | #include 13 | 14 | void *mempcpy(void *destaddr, void const *srcaddr, size_t len) { 15 | return (char *)memcpy(destaddr, srcaddr, len) + len; 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/putchar.c: -------------------------------------------------------------------------------- 1 | /*===-- putchar.c ---------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | #include 11 | #include 12 | 13 | /* Some header may #define putchar. */ 14 | #undef putchar 15 | 16 | int putchar(int c) { 17 | char x = c; 18 | if (1 == write(1, &x, 1)) 19 | return c; 20 | return EOF; 21 | } 22 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/strchr.c: -------------------------------------------------------------------------------- 1 | /*===-- strchr.c ----------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | char *strchr(const char *p, int ch) { 11 | char c; 12 | 13 | c = ch; 14 | for (;; ++p) { 15 | if (*p == c) { 16 | return ((char *)p); 17 | } else if (*p == '\0') { 18 | return 0; 19 | } 20 | } 21 | /* NOTREACHED */ 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/strcmp.c: -------------------------------------------------------------------------------- 1 | /*===-- strcmp.c ----------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | int strcmp(const char *a, const char *b) { 11 | while (*a && *a == *b) 12 | ++a, ++b; 13 | return *a - *b; 14 | } 15 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/strcoll.c: -------------------------------------------------------------------------------- 1 | /*===-- strcoll.c ---------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | #include 11 | 12 | /* according to the manpage, this is equiv in the POSIX/C locale. */ 13 | int strcoll(const char *s1, const char *s2) { 14 | return strcmp(s1,s2); 15 | } 16 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/strcpy.c: -------------------------------------------------------------------------------- 1 | /*===-- strcpy.c ----------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | char *strcpy(char *to, const char *from) { 11 | char *start = to; 12 | 13 | while ((*to = *from)) 14 | ++to, ++from; 15 | 16 | return start; 17 | } 18 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/strlen.c: -------------------------------------------------------------------------------- 1 | /*===-- strlen.c ----------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | #include 11 | 12 | size_t strlen(const char *str) { 13 | const char *s = str; 14 | while (*s) 15 | ++s; 16 | return s - str; 17 | } 18 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/strrchr.c: -------------------------------------------------------------------------------- 1 | /*===-- strrchr.c ---------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | #include 11 | 12 | char *strrchr(const char *t, int c) { 13 | char ch; 14 | const char *l=0; 15 | 16 | ch = c; 17 | for (;;) { 18 | if (*t == ch) l=t; if (!*t) return (char*)l; ++t; 19 | } 20 | return (char*)l; 21 | } 22 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/tolower.c: -------------------------------------------------------------------------------- 1 | /*===-- tolower.c ---------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | int tolower(int ch) { 11 | if ( (unsigned int)(ch - 'A') < 26u ) 12 | ch -= 'A' - 'a'; 13 | return ch; 14 | } 15 | -------------------------------------------------------------------------------- /klee-2.3/runtime/klee-libc/toupper.c: -------------------------------------------------------------------------------- 1 | /*===-- toupper.c ---------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===*/ 9 | 10 | int toupper(int ch) { 11 | if ( (unsigned int)(ch - 'a') < 26u ) 12 | ch += 'A' - 'a'; 13 | return ch; 14 | } 15 | -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-cmake-osx.inc: -------------------------------------------------------------------------------- 1 | # Package script for LLVM builds OSX 2 | install_binary_artifact_cmake () { 3 | # Use the brew provided package 4 | LLVM_VERSION_MAJOR="${LLVM_VERSION/.*/}" 5 | brew install "cmake" 6 | } 7 | 8 | # Check if the binary artifact is installed 9 | is_installed_cmake() { 10 | if which cmake ; then 11 | return 0 12 | fi 13 | 14 | return 1 15 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-gtest-linux-ubuntu.inc: -------------------------------------------------------------------------------- 1 | install_build_dependencies_gtest() { 2 | source "${DIR}/common-functions" 3 | with_sudo apt update -y 4 | 5 | dependencies=( 6 | ca-certificates 7 | wget 8 | unzip 9 | ) 10 | 11 | #Install essential dependencies 12 | with_sudo apt -y --no-install-recommends install "${dependencies[@]}" 13 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-gtest-osx.inc: -------------------------------------------------------------------------------- 1 | install_build_dependencies_gtest() { 2 | # Install essential dependency 3 | # Ignore if already installed 4 | brew install wget || /usr/bin/true 5 | } 6 | -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-klee-osx.inc: -------------------------------------------------------------------------------- 1 | # Build dependencies 2 | install_build_dependencies_klee() { 3 | brew upgrade python # upgrade to Python 3 4 | brew link --overwrite python 5 | 6 | if [[ $(to_bool "${ENABLE_DOXYGEN}") -eq 1 ]]; then 7 | brew install doxygen graphviz 8 | fi 9 | 10 | pip3 install --user --upgrade lit tabulate 11 | 12 | # Get path of package location 13 | base_path=$(python3 -m site --user-base) 14 | export PATH="${base_path}/bin:$PATH" 15 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-libcxx-linux-ubuntu.inc: -------------------------------------------------------------------------------- 1 | install_build_dependencies_libcxx() { 2 | source "${DIR}/common-functions" 3 | 4 | with_sudo apt-get update -y 5 | dependencies=( 6 | build-essential 7 | ca-certificates 8 | git 9 | python3 10 | python3-pip 11 | curl 12 | file # Needed for wllvm 13 | ) 14 | 15 | with_sudo apt -y --no-install-recommends install "${dependencies[@]}" 16 | 17 | pip3 install --user wllvm 18 | base_path="$(python3 -m site --user-base)" 19 | export PATH="$PATH:${base_path}/bin" 20 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-libcxx-osx.inc: -------------------------------------------------------------------------------- 1 | # Build dependencies 2 | install_build_dependencies_libcxx() { 3 | set +e 4 | brew upgrade python # upgrade to Python 3 5 | set -e 6 | pip3 install --user wllvm 7 | base_path="$(python3 -m site --user-base)" 8 | export PATH="$PATH:${base_path}/bin" 9 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-metasmt-linux-ubuntu.inc: -------------------------------------------------------------------------------- 1 | setup_build_variables_metasmt() { 2 | return 0 3 | } 4 | 5 | install_build_dependencies_metasmt() { 6 | source "${DIR}/common-functions" 7 | with_sudo apt update -y 8 | 9 | dependencies=( 10 | # libgmp, gperf (required by yices2) 11 | gperf 12 | libgmp-dev 13 | libbz2-dev 14 | libboost-dev 15 | build-essential 16 | git 17 | wget 18 | ca-certificates 19 | cmake 20 | zlib1g-dev 21 | bison 22 | flex 23 | unzip 24 | python 25 | autoconf 26 | python3 27 | curl 28 | ) 29 | 30 | #Install essential dependencies 31 | with_sudo apt -y --no-install-recommends install "${dependencies[@]}" 32 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-sqlite-osx.inc: -------------------------------------------------------------------------------- 1 | install_build_dependencies_sqlite() { 2 | return 0 3 | } 4 | install_binary_artifact_sqlite() { 5 | return 0 6 | } 7 | 8 | # Sqlite is installed by default on OSX 9 | is_installed_sqlite() { 10 | return 0 11 | } 12 | 13 | get_docker_config_id_sqlite() { 14 | return 0 15 | } 16 | -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-stp-linux-ubuntu.inc: -------------------------------------------------------------------------------- 1 | # Build dependencies 2 | install_build_dependencies_stp() { 3 | source "${DIR}/common-functions" 4 | with_sudo apt update -y 5 | 6 | dependencies=( 7 | build-essential 8 | 9 | bison 10 | ca-certificates 11 | cmake 12 | flex 13 | git 14 | zlib1g-dev 15 | ) 16 | 17 | #Install essential dependencies 18 | with_sudo apt -y --no-install-recommends install "${dependencies[@]}" 19 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-stp-osx.inc: -------------------------------------------------------------------------------- 1 | install_build_dependencies_stp() { 2 | dependencies=( 3 | bison 4 | flex 5 | ) 6 | brew install "${dependencies[@]}" 7 | } 8 | -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-tcmalloc-linux-ubuntu.inc: -------------------------------------------------------------------------------- 1 | install_build_dependencies_tcmalloc() { 2 | source "${DIR}/common-functions" 3 | with_sudo apt update -y 4 | 5 | dependencies=( 6 | build-essential 7 | ca-certificates 8 | cmake 9 | git 10 | wget 11 | ) 12 | 13 | with_sudo apt -y --no-install-recommends install "${dependencies[@]}" 14 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-uclibc-linux-ubuntu.inc: -------------------------------------------------------------------------------- 1 | # Build dependencies 2 | install_build_dependencies_uclibc() { 3 | source "${DIR}/common-functions" 4 | with_sudo apt update -y 5 | 6 | dependencies=( 7 | build-essential 8 | ca-certificates 9 | git 10 | python 11 | libncurses5-dev 12 | wget 13 | ) 14 | 15 | #Install essential dependencies 16 | with_sudo apt -y --no-install-recommends install "${dependencies[@]}" 17 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-z3-linux-ubuntu.inc: -------------------------------------------------------------------------------- 1 | # Build dependencies Z3 2 | install_build_dependencies_z3() { 3 | source "${DIR}/common-functions" 4 | with_sudo apt update -y 5 | 6 | dependencies=( 7 | build-essential 8 | python 9 | git 10 | wget 11 | ca-certificates 12 | ) 13 | 14 | #Install essential dependencies 15 | with_sudo apt -y --no-install-recommends install "${dependencies[@]}" 16 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/p-z3-osx.inc: -------------------------------------------------------------------------------- 1 | install_binary_artifact_z3 () { 2 | set +e 3 | brew install python@2 4 | if [[ "X$?" != "X0" ]]; then 5 | brew link --overwrite python@2 6 | fi 7 | set -e 8 | brew install z3 9 | } 10 | 11 | is_installed_z3() { 12 | [[ -f "/usr/local/opt/z3/bin/z3" ]] 13 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/patches/llvm60.patch: -------------------------------------------------------------------------------- 1 | --- a/llvm/tools/llvm-shlib/CMakeLists.txt 2 | +++ b/llvm/tools/llvm-shlib/CMakeLists.txt 3 | @@ -36,7 +36,10 @@ endif() 4 | 5 | add_llvm_library(LLVM SHARED DISABLE_LLVM_LINK_LLVM_DYLIB SONAME ${SOURCES}) 6 | 7 | +if(LIB_NAMES) 8 | list(REMOVE_DUPLICATES LIB_NAMES) 9 | +endif() 10 | + 11 | if(("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux") OR (MINGW) OR (HAIKU) 12 | OR ("${CMAKE_SYSTEM_NAME}" STREQUAL "FreeBSD") 13 | OR ("${CMAKE_SYSTEM_NAME}" STREQUAL "DragonFly") -------------------------------------------------------------------------------- /klee-2.3/scripts/build/patches/llvm70.patch: -------------------------------------------------------------------------------- 1 | --- a/llvm/tools/llvm-shlib/CMakeLists.txt 2 | +++ b/llvm/tools/llvm-shlib/CMakeLists.txt 3 | @@ -36,7 +36,10 @@ endif() 4 | 5 | add_llvm_library(LLVM SHARED DISABLE_LLVM_LINK_LLVM_DYLIB SONAME ${SOURCES}) 6 | 7 | +if(LIB_NAMES) 8 | list(REMOVE_DUPLICATES LIB_NAMES) 9 | +endif() 10 | + 11 | if(("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux") OR (MINGW) OR (HAIKU) 12 | OR ("${CMAKE_SYSTEM_NAME}" STREQUAL "FreeBSD") 13 | OR ("${CMAKE_SYSTEM_NAME}" STREQUAL "OpenBSD") -------------------------------------------------------------------------------- /klee-2.3/scripts/build/patches/llvm80.patch: -------------------------------------------------------------------------------- 1 | --- a/llvm/tools/llvm-shlib/CMakeLists.txt 2 | +++ b/llvm/tools/llvm-shlib/CMakeLists.txt 3 | @@ -41,7 +41,9 @@ if(LLVM_BUILD_LLVM_DYLIB) 4 | 5 | add_llvm_library(LLVM SHARED DISABLE_LLVM_LINK_LLVM_DYLIB SONAME ${SOURCES}) 6 | 7 | + if(LIB_NAMES) 8 | list(REMOVE_DUPLICATES LIB_NAMES) 9 | + endif() 10 | if(("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux") OR (MINGW) OR (HAIKU) 11 | OR ("${CMAKE_SYSTEM_NAME}" STREQUAL "FreeBSD") 12 | OR ("${CMAKE_SYSTEM_NAME}" STREQUAL "GNU") -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-clang.inc: -------------------------------------------------------------------------------- 1 | required_variables_clang=( 2 | "LLVM_VERSION" 3 | ) 4 | 5 | artifact_dependency_clang=("cmake") 6 | 7 | setup_variables_clang() { 8 | local v_a 9 | v_a=(${LLVM_VERSION//./ }) 10 | 11 | LLVM_VERSION_MAJOR="0" 12 | LLVM_VERSION_MINOR="0" 13 | 14 | if [[ "${#v_a[@]}" -ge 1 ]]; then 15 | LLVM_VERSION_MAJOR="${v_a[0]}" 16 | fi 17 | if [[ "${#v_a[@]}" -ge 2 ]]; then 18 | LLVM_VERSION_MINOR="${v_a[1]}" 19 | fi 20 | 21 | LLVM_VERSION_SHORT="${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR}" 22 | } 23 | 24 | export_variables_clang=( 25 | "LLVM_CONFIG" 26 | "BITCODE_CC" 27 | "BITCODE_CXX" 28 | ) -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-cmake.inc: -------------------------------------------------------------------------------- 1 | artifact_dependency_cmake=("") 2 | 3 | required_variables_cmake=("") 4 | 5 | get_docker_config_id_cmake() { 6 | return 0 7 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-gtest.inc: -------------------------------------------------------------------------------- 1 | # Build information for gtest 2 | required_variables_gtest=( 3 | "GTEST_VERSION" 4 | ) 5 | 6 | # Artifacts gtest depends on 7 | artifact_dependency_gtest=("") -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-libcxx.inc: -------------------------------------------------------------------------------- 1 | required_variables_libcxx=( 2 | "LLVM_VERSION" 3 | ) 4 | 5 | required_variables_check_libcxx() { 6 | return 0 7 | } 8 | 9 | artifact_dependency_libcxx(){ 10 | echo "clang" 11 | echo "cmake" 12 | } 13 | -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-metasmt.inc: -------------------------------------------------------------------------------- 1 | # Build information for metaSMT solver 2 | required_variables_metasmt=( 3 | "METASMT_VERSION" 4 | "METASMT_DEFAULT" 5 | ) 6 | 7 | artifact_dependency_metasmt=("") -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-sanitizer_compiler.inc: -------------------------------------------------------------------------------- 1 | # Meta-package for solvers 2 | required_variables_sanitizer_compiler=("") 3 | 4 | # On which artifacts does STP depend on 5 | artifact_dependency_sanitizer_compiler(){ 6 | echo "sanitizer" 7 | if [[ -n ${SANITIZER_BUILD+x} ]]; then 8 | [[ "${SANITIZER_BUILD}" == "memory" ]] && echo "llvm" 9 | [[ "${SANITIZER_BUILD}" != "memory" ]] && echo "clang" 10 | fi 11 | } 12 | 13 | 14 | # Setup general variables 15 | setup_variables_sanitizer_compiler() { 16 | for sanitizer in "${SANITIZERS[@]}"; do 17 | [[ -z "${sanitizer}" ]] && continue 18 | SANITIZER_CMAKE_C_COMPILER=("") 19 | done 20 | } -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-sqlite.inc: -------------------------------------------------------------------------------- 1 | artifact_dependency_sqlite=("sanitizer") 2 | 3 | required_variables_sqlite=("") 4 | -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-stp.inc: -------------------------------------------------------------------------------- 1 | # Build information for STP solver 2 | required_variables_stp=( 3 | "STP_VERSION" 4 | "MINISAT_VERSION" 5 | ) 6 | 7 | # On which artifacts does STP depend on 8 | artifact_dependency_stp=("sanitizer") -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-tcmalloc.inc: -------------------------------------------------------------------------------- 1 | artifact_dependency_tcmalloc=("") 2 | 3 | required_variables_tcmalloc=( 4 | "TCMALLOC_VERSION" 5 | ) -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-uclibc.inc: -------------------------------------------------------------------------------- 1 | required_variables_uclibc=( 2 | "UCLIBC_VERSION" 3 | "LLVM_VERSION" 4 | ) 5 | 6 | artifact_dependency_uclibc(){ 7 | # Add llvm if needed; otherwise only use clang package 8 | # TODO this is quite distribution specific; should be handled in a more general case 9 | echo "clang" 10 | } 11 | -------------------------------------------------------------------------------- /klee-2.3/scripts/build/v-z3.inc: -------------------------------------------------------------------------------- 1 | # Build information for Z3 solver 2 | required_variables_z3=( 3 | "Z3_VERSION" 4 | ) 5 | 6 | # Artifacts Z3 depends on 7 | artifact_dependency_z3=("sanitizer") -------------------------------------------------------------------------------- /klee-2.3/scripts/genTempFiles.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # ===-- genTempFiles.sh ---------------------------------------------------===## 4 | # 5 | # The KLEE Symbolic Virtual Machine 6 | # 7 | # This file is distributed under the University of Illinois Open Source 8 | # License. See LICENSE.TXT for details. 9 | # 10 | # ===----------------------------------------------------------------------===## 11 | 12 | if [ -z "$1" ] ; then 13 | echo "No directory given" 14 | exit 1 15 | fi 16 | 17 | mkdir -p $1 18 | for i in `seq 1 100`; do 19 | mkdir -p $1/dir_foo_$i 20 | touch $1/tmp_foo_$i 21 | done 22 | -------------------------------------------------------------------------------- /klee-2.3/test/CXX/LandingPad.cpp: -------------------------------------------------------------------------------- 1 | // RUN: %clangxx %s -emit-llvm -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s 4 | 5 | // CHECK: Using zero size array fix for landingpad instruction filter 6 | 7 | // Check that the zero size array in the landing pad filter does not crash KLEE 8 | int p() throw() { throw 'a'; } 9 | int main(int argc, char **) { 10 | if (argc < 3) { 11 | return 0; 12 | } 13 | 14 | try { 15 | return p(); 16 | } catch (...) { 17 | return 1; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /klee-2.3/test/CXX/New.cpp: -------------------------------------------------------------------------------- 1 | // RUN: %clangxx %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --write-no-tests --exit-on-error --external-calls=none %t1.bc 4 | 5 | #include 6 | 7 | class Test { 8 | int x; 9 | 10 | public: 11 | Test(int _x) : x(_x) { 12 | } 13 | ~Test() { 14 | } 15 | 16 | int getX() { return x; } 17 | }; 18 | 19 | // This doesn't do what I want because 20 | // it is being changed to alloca, but 21 | // it is also failing. 22 | int main(int argc) { 23 | Test *rt = new Test(2); 24 | 25 | assert(rt->getX()==2); 26 | 27 | delete rt; 28 | 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /klee-2.3/test/CXX/StaticConstructor.cpp: -------------------------------------------------------------------------------- 1 | // RUN: %clangxx %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --libc=klee --write-no-tests --exit-on-error %t1.bc 4 | 5 | #include 6 | 7 | // to make sure globals are initialized 8 | int aGlobal = 21; 9 | 10 | class Test { 11 | int x; 12 | 13 | public: 14 | Test() : x(aGlobal + 1) {} 15 | ~Test() {} 16 | 17 | int getX() { return x; } 18 | }; 19 | 20 | Test t; 21 | 22 | int main() { 23 | assert(t.getX() == 22); 24 | 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /klee-2.3/test/CXX/StaticDestructor.cpp: -------------------------------------------------------------------------------- 1 | // XFAIL: darwin 2 | 3 | // RUN: %clangxx %s -emit-llvm -g %O0opt -c -o %t1.bc 4 | // RUN: rm -rf %t.klee-out 5 | // RUN: %klee --output-dir=%t.klee-out --libc=klee %t1.bc 2> %t1.log 6 | // RUN: FileCheck --input-file %t1.log %s 7 | 8 | #include 9 | 10 | class Test { 11 | int x; 12 | 13 | public: 14 | Test() : x(13) {} 15 | ~Test() { 16 | // CHECK: :[[@LINE+1]]: divide by zero 17 | x = x / (x - 13); 18 | } 19 | }; 20 | 21 | Test t; 22 | 23 | int main(int argc, char **argv) { return 0; } 24 | -------------------------------------------------------------------------------- /klee-2.3/test/CXX/Trivial.cpp: -------------------------------------------------------------------------------- 1 | // RUN: %clangxx %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --write-no-tests --exit-on-error %t1.bc 4 | 5 | #include 6 | 7 | class Test { 8 | int x; 9 | 10 | public: 11 | Test(int _x) : x(_x) {} 12 | ~Test() {} 13 | 14 | int getX() { return x; } 15 | }; 16 | 17 | int main() { 18 | Test rt(2); 19 | 20 | assert(rt.getX()==2); 21 | 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /klee-2.3/test/CXX/symex/basic_c++/lambda.cpp: -------------------------------------------------------------------------------- 1 | // REQUIRES: uclibc 2 | // RUN: %clangxx %s -emit-llvm %O0opt -c -std=c++11 -o %t.bc 3 | // RUN: rm -rf %t.klee-out 4 | // RUN: %klee --output-dir=%t.klee-out --libc=uclibc %t.bc 2>&1 | FileCheck %s 5 | 6 | #include 7 | 8 | int main(int argc, char **args) { 9 | int x = 0; 10 | auto y = [&](int h) { return x + h; }; 11 | auto z = [=](int h) { return x + h; }; 12 | x = 1; 13 | 14 | printf("y(0) == %d\n", y(0)); 15 | // CHECK: y(0) == 1 16 | printf("z(0) == %d\n", z(0)); 17 | // CHECK: z(0) == 0 18 | 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /klee-2.3/test/CXX/symex/basic_c++/namespace.cpp: -------------------------------------------------------------------------------- 1 | // REQUIRES: uclibc 2 | // RUN: %clangxx %s -emit-llvm %O0opt -c -o %t.bc 3 | // RUN: rm -rf %t.klee-out 4 | // RUN: %klee --output-dir=%t.klee-out --libc=uclibc %t.bc 2>&1 | FileCheck %s 5 | 6 | #include 7 | 8 | namespace test { 9 | int a() { 10 | return 2; 11 | } 12 | } // namespace test 13 | 14 | int main(int argc, char **args) { 15 | printf("test::a() == %d\n", test::a()); 16 | //CHECK: test::a() == 2 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /klee-2.3/test/CXX/symex/libc++/cout.cpp: -------------------------------------------------------------------------------- 1 | // REQUIRES: not-msan 2 | // Disabling msan because it times out on CI 3 | // REQUIRES: libcxx 4 | // REQUIRES: uclibc 5 | // RUN: %clangxx %s -emit-llvm %O0opt -c -std=c++11 -I "%libcxx_include" -g -nostdinc++ -o %t1.bc 6 | // RUN: rm -rf %t.klee-out 7 | // RUN: %klee --output-dir=%t.klee-out --libc=uclibc --libcxx %t1.bc 2>&1 | FileCheck %s 8 | 9 | // CHECK-DAG: cout 10 | // CHECK-DAG: cerr 11 | 12 | #include 13 | 14 | int main(int argc, char** args){ 15 | std::cout << "cout" << std::endl; 16 | std::cerr << "cerr" << std::endl; 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /klee-2.3/test/CXX/symex/libc++/simple_exception_fail.cpp: -------------------------------------------------------------------------------- 1 | // REQUIRES: not-msan 2 | // Disabling msan because it times out on CI 3 | // REQUIRES: libcxx 4 | // REQUIRES: eh-cxx 5 | // RUN: %clangxx %s -emit-llvm %O0opt -c -std=c++11 -I "%libcxx_include" -g -nostdinc++ -o %t1.bc 6 | // RUN: rm -rf %t.klee-out 7 | // RUN: %klee --output-dir=%t.klee-out --libc=uclibc --libcxx %t1.bc 2>&1 | FileCheck %s 8 | 9 | #include 10 | 11 | int main(int argc, char **args) { 12 | throw std::runtime_error("foo"); 13 | } 14 | // CHECK: terminating with uncaught exception of type std::runtime_error: foo -------------------------------------------------------------------------------- /klee-2.3/test/CXX/symex/libc++/uncaught_exception.cpp: -------------------------------------------------------------------------------- 1 | // REQUIRES: not-msan 2 | // Disabling msan because it times out on CI 3 | // REQUIRES: libcxx 4 | // REQUIRES: eh-cxx 5 | // RUN: %clangxx %s -emit-llvm %O0opt -c -std=c++11 -I "%libcxx_include" -g -nostdinc++ -o %t1.bc 6 | // RUN: rm -rf %t.klee-out 7 | // RUN: %klee --output-dir=%t.klee-out --libc=uclibc --libcxx %t1.bc 2>&1 | FileCheck %s 8 | 9 | int main() { 10 | throw 7; 11 | } 12 | 13 | // CHECK: KLEE: ERROR: 14 | // CHECK: KLEE: done: completed paths = 0 15 | // CHECK: KLEE: done: partially completed paths = 1 16 | -------------------------------------------------------------------------------- /klee-2.3/test/CXX/symex/libc++/vector.cpp: -------------------------------------------------------------------------------- 1 | // REQUIRES: not-msan 2 | // Disabling msan because it times out on CI 3 | // REQUIRES: libcxx 4 | // REQUIRES: uclibc 5 | // RUN: %clangxx %s -emit-llvm %O0opt -c -std=c++11 -I "%libcxx_include" -g -nostdinc++ -o %t1.bc 6 | // RUN: rm -rf %t.klee-out 7 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error --libc=uclibc --libcxx %t1.bc 2>&1 | FileCheck %s 8 | 9 | #include "klee/klee.h" 10 | #include 11 | 12 | int main(int argc, char **args) { 13 | std::vector a; 14 | a.push_back(klee_int("Test")); 15 | return a.at(0); 16 | } 17 | // CHECK: KLEE: done: completed paths = 1 18 | -------------------------------------------------------------------------------- /klee-2.3/test/Concrete/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | 10 | set(OZERO_OPT "-O0 -Xclang -disable-O0-optnone") 11 | configure_file(Makefile.cmake.test.in Makefile.cmake.test @ONLY) 12 | -------------------------------------------------------------------------------- /klee-2.3/test/Concrete/README.txt: -------------------------------------------------------------------------------- 1 | This directory contains tests which exist just to test the execution of Concrete 2 | code paths -- essentially, that we correctly implement the semantics of the LLVM 3 | IR language. The tests are run using a helper script ``ConcreteTest.py`` which 4 | builds the test bitcode, executes it using both ``lli`` and ``klee``, and checks 5 | that they got the same output. -------------------------------------------------------------------------------- /klee-2.3/test/Concrete/ackermann.c: -------------------------------------------------------------------------------- 1 | // RUN: %S/ConcreteTest.py --klee='%klee' --lli=%lli %s 2 | 3 | #include 4 | 5 | int ackermann(int m, int n) { 6 | if (m == 0) 7 | return n+1; 8 | else 9 | return ackermann(m-1, (n==0) ? 1 : ackermann(m, n-1)); 10 | } 11 | 12 | int main() { 13 | printf("ackerman(%d, %d) = %d\n", 2, 2, ackermann(2, 2)); 14 | 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/test/Coverage/ReadArgs.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: echo " --output-dir=%t.klee-out " > %t1.args 4 | // RUN: %klee @%t1.args %t1.bc 5 | // RUN: test -d %t.klee-out 6 | 7 | int main() { 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /klee-2.3/test/Coverage/ReplayOutDir.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t1.out %t1.replay 3 | // RUN: %klee --output-dir=%t1.out %t1.bc 4 | // RUN: %klee --output-dir=%t1.replay --replay-ktest-dir=%t1.out %t1.bc 5 | 6 | int main() { 7 | int i; 8 | klee_make_symbolic(&i, sizeof i, "i"); 9 | klee_print_range("i", i); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /klee-2.3/test/Expr/Evaluate2.kquery: -------------------------------------------------------------------------------- 1 | # RUN: %kleaver -evaluate %s > %t.log 2 | 3 | # RUN: grep "Query 0: VALID" %t.log 4 | # XFAIL: * 5 | # see https://github.com/klee/klee/issues/97 6 | (query [false] false) 7 | -------------------------------------------------------------------------------- /klee-2.3/test/Expr/Parser/Concat64.kquery: -------------------------------------------------------------------------------- 1 | # RUN: %kleaver --print-ast %s 2 | 3 | array arr1[8] : w32 -> w8 = symbolic 4 | (query [(Eq 0 5 | (Concat w64 (Read w8 7 arr1) 6 | (Concat w56 (Read w8 6 arr1) 7 | (Concat w48 (Read w8 5 arr1) 8 | (Concat w40 (Read w8 4 arr1) 9 | (Concat w32 (Read w8 3 arr1) 10 | (Concat w24 (Read w8 2 arr1) 11 | (Concat w16 (Read w8 1 arr1) (Read w8 0 arr1)))))))))] 12 | false) 13 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/BFSSearcher.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --max-instructions=500 --search=bfs %t1.bc 2>%t2.log 4 | // RUN: FileCheck -input-file=%t2.log %s 5 | #include "assert.h" 6 | #include "klee/klee.h" 7 | 8 | int nd() { 9 | int r; 10 | klee_make_symbolic(&r, sizeof(r), "r"); 11 | return r; 12 | } 13 | 14 | int main() { 15 | int x = 1; 16 | while (nd() != 0) { 17 | x *= 2; 18 | } 19 | // CHECK: ASSERTION FAIL 20 | klee_assert(0); 21 | return x; 22 | } 23 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/ByteSwap.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --libc=klee --exit-on-error %t1.bc 4 | 5 | #include 6 | #include 7 | 8 | int main() { 9 | 10 | uint32_t n = 0; 11 | klee_make_symbolic(&n, sizeof(n), "n"); 12 | 13 | uint32_t h = ntohl(n); 14 | assert(htonl(h) == n); 15 | 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/CallToUndefinedExternal.cpp: -------------------------------------------------------------------------------- 1 | // RUN: %clangxx %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s 4 | // RUN: test -f %t.klee-out/test000001.external.err 5 | 6 | extern "C" void poof(void); 7 | 8 | int main() { 9 | // CHECK: failed external call: poof 10 | poof(); 11 | 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/CopyOnWrite.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --search=random-state --exit-on-error %t1.bc 4 | 5 | #include 6 | 7 | #define N 5 8 | 9 | unsigned branches = 0; 10 | 11 | void explode(int *ap, int i, int *result) { 12 | if (i 7 | 8 | int main() { 9 | unsigned char x, y; 10 | 11 | klee_make_symbolic(&x, sizeof x, "x"); 12 | 13 | y = x; 14 | 15 | // should be exactly two queries (prove x is/is not 10) 16 | // eventually should be 0 when we have fast solver 17 | if (x==10) { 18 | assert(y==10); 19 | } 20 | 21 | klee_silent_exit(0); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/DefineFixedObject.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang -emit-llvm -c -o %t1.bc %s 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t1.bc 4 | 5 | #include 6 | 7 | #define ADDRESS ((int*) 0x0080) 8 | 9 | int main() { 10 | klee_define_fixed_object(ADDRESS, 4); 11 | 12 | int *p = ADDRESS; 13 | 14 | *p = 10; 15 | printf("*p: %d\n", *p); 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/DoubleFree.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s 4 | // RUN: test -f %t.klee-out/test000001.ptr.err 5 | 6 | int main() { 7 | int *x = malloc(4); 8 | free(x); 9 | // CHECK: memory error: invalid pointer: free 10 | free(x); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/DumpStatesOnHalt.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --max-instructions=1 --dump-states-on-halt=true %t1.bc 2>&1 | FileCheck %s 4 | // RUN: test -f %t.klee-out/test000001.ktest 5 | 6 | int main(int argc, char** argv) { 7 | int x = 1; 8 | if (argc == 1) 9 | x = 0; 10 | return x; 11 | } 12 | // CHECK: halting execution, dumping remaining states 13 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/EntryPoint.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang -emit-llvm -g -c %s -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --entry-point=other_main %t.bc > %t.log 4 | // RUN: grep "Hello World" %t.log 5 | 6 | #include 7 | 8 | int other_main() { 9 | printf("Hello World\n"); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/Envp.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t1.bc 4 | 5 | #include 6 | 7 | int main(int argc, char **argv, char **envp) { 8 | unsigned i; 9 | assert(argv[argc] == 0); 10 | printf("argc: %d, argv: %p, envp: %p\n", argc, argv, envp); 11 | printf("--environ--\n"); 12 | int haspwd = 0; 13 | for (i=0; envp[i]; i++) { 14 | printf("%d: %s\n", i, envp[i]); 15 | haspwd |= strncmp(envp[i], "PWD=", 4)==0; 16 | } 17 | assert(haspwd); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/ExitOnErrorType.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out -exit-on-error-type Assert %t1.bc 2>&1 4 | 5 | #include "klee/klee.h" 6 | 7 | #include 8 | 9 | int main() { 10 | assert(klee_int("assert")); 11 | 12 | while (1) { 13 | } 14 | 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/ExternalWeakLinkage.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t1.bc 4 | 5 | #include 6 | 7 | void __attribute__((weak)) IAmSoWeak(int); 8 | 9 | int main() { 10 | assert(IAmSoWeak==0); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/Float.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang -emit-llvm -g -c %s -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t.bc > %t.log 4 | // RUN: grep "3.30* -1.10* 2.420*" %t.log 5 | 6 | #include 7 | 8 | float fadd(float a, float b) { 9 | return a + b; 10 | } 11 | 12 | float fsub(float a, float b) { 13 | return a - b; 14 | } 15 | 16 | float fmul(float a, float b) { 17 | return a * b; 18 | } 19 | 20 | int main() { 21 | printf("%f %f %f\n", fadd(1.1, 2.2), fsub(1.1, 2.2), fmul(1.1, 2.2)); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/FloatingPt.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t1.bc 4 | 5 | #include 6 | 7 | int main() { 8 | double a1 = -1.1; 9 | double a2 = 1.2; 10 | 11 | int b1 = (int) a1; 12 | assert(b1 == -1); 13 | 14 | int b2 = (int) a2; 15 | assert(b2 == 1); 16 | 17 | a1 = (double) b1; 18 | assert(a1 == -1); 19 | 20 | a2 = (double) b2; 21 | assert(a2 == 1); 22 | 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/GetValue.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang -emit-llvm -c -o %t1.bc %s 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t1.bc 4 | 5 | #include 6 | #include 7 | 8 | int main() { 9 | int x = klee_int("x"); 10 | klee_assume(x > 10); 11 | klee_assume(x < 20); 12 | 13 | assert(!klee_is_symbolic(klee_get_value_i32(x))); 14 | assert(klee_get_value_i32(x) > 10); 15 | assert(klee_get_value_i32(x) < 20); 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/IndirectCallToBuiltin.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | 5 | #include 6 | #include 7 | 8 | int main() { 9 | void *(*allocator)(size_t) = malloc; 10 | int *mem = allocator(10); 11 | 12 | printf("mem: %p\n", mem); 13 | printf("mem[0]: %d\n", mem[0]); 14 | 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/IndirectCallToExternal.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | int main() { 11 | int (*scmp)(char*,char*) = strcmp; 12 | 13 | assert(scmp("hello","hi") < 0); 14 | 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/IsSymbolic.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | 5 | #include 6 | 7 | int main() { 8 | int x, y, z = 0; 9 | klee_make_symbolic(&x, sizeof x, "x"); 10 | klee_make_symbolic(&y, sizeof y, "y"); 11 | if (x) { 12 | assert(klee_is_symbolic(y)); 13 | } else { 14 | assert(!klee_is_symbolic(z)); 15 | } 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/KleeStatsColumns.test: -------------------------------------------------------------------------------- 1 | RUN: %klee-stats --print-all %S/klee-stats/missing_column %S/klee-stats/run %S/klee-stats/additional_column | FileCheck %s 2 | 3 | // Path, Instrs, ..., extra_column 4 | CHECK: {{^}}| missing_column | |{{.*}}| |{{$}} 5 | CHECK: {{^}}| run | 3|{{.*}}| |{{$}} 6 | CHECK: {{^}}|additional_column| 3|{{.*}}| 4711|{{$}} 7 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/KleeStatsCsv.test: -------------------------------------------------------------------------------- 1 | RUN: %klee-stats --table-format=csv %S/klee-stats/run | FileCheck --check-prefix=CHECK-CSV %s 2 | RUN: %klee-stats --table-format=readable-csv %S/klee-stats/run | FileCheck --check-prefix=CHECK-READABLECSV %s 3 | 4 | CHECK-CSV: Path,Instrs,Time(s),ICov(%),BCov(%),ICount,TSolver(%) 5 | CHECK-CSV: klee-stats/run,3,0.00,100.00,100.00,3,0.00 6 | 7 | CHECK-READABLECSV: Path , Instrs, Time(s), ICov(%), BCov(%), ICount, TSolver(%) 8 | CHECK-READABLECSV: klee-stats/run, 3, 0.00, 100.00, 100.00, 3, 0.00 9 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/KleeStatsEmpty.test: -------------------------------------------------------------------------------- 1 | RUN: %klee-stats %S/klee-stats/empty | FileCheck %s 2 | 3 | CHECK: {{^}}|{{ *}}Path{{ *}}|{{$}} 4 | CHECK: {{^}}|{{.*}}empty{{ *}}|{{$}} 5 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/KleeStatsNoBr.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t.bc 2> %t.log 4 | // RUN: %klee-stats --print-columns 'BCov(%),Branches,FullBranches,PartialBranches' --table-format=csv %t.klee-out > %t.stats 5 | // RUN: FileCheck -check-prefix=CHECK-STATS -input-file=%t.stats %s 6 | 7 | int main(){ 8 | int a = 42; 9 | a -= 42; 10 | return a; 11 | } 12 | 13 | // Check that there are no branches in stats but 100% coverage 14 | // CHECK-STATS: BCov(%),Branches,FullBranches,PartialBranches 15 | // CHECK-STATS: 100.00,0,0,0 16 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/MakeConcreteSymbolic.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --optimize=false --output-dir=%t.klee-out --exit-on-error %t1.bc 4 | // RUN: grep "done: total queries = 0" %t.klee-out/info 5 | 6 | // RUN: rm -rf %t.klee-out 7 | // RUN: %klee --optimize=false --output-dir=%t.klee-out --make-concrete-symbolic=1 --exit-on-error %t1.bc 8 | // RUN: grep "done: total queries = 2" %t.klee-out/info 9 | 10 | 11 | #include 12 | 13 | #define N 2 14 | int main() { 15 | int i; 16 | char a; 17 | 18 | a = 10; 19 | assert(a == 10); 20 | 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/MakeSymbolicName.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --search=random-state --exit-on-error %t1.bc 4 | 5 | #include 6 | 7 | int main() { 8 | int a[4] = {1, 2, 3, 4}; 9 | unsigned i; 10 | 11 | klee_make_symbolic(&i, sizeof(i), "index"); 12 | if (i > 3) 13 | klee_silent_exit(0); 14 | 15 | assert(a[i] << 1 != 5); 16 | if (a[i] << 1 == 6) 17 | assert(i == 2); 18 | } 19 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/Memalign.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang -emit-llvm -g -c %s -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t.bc > %t.log 4 | 5 | #include 6 | 7 | int main(int argc, char *argv[]) { 8 | int *a = (int *)memalign(8, sizeof(int) * 5); 9 | for (int i = 0; i < 5; ++i) { 10 | a[i] = (i * 100) % 23; 11 | } 12 | free(a); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/NoExternalCallsAllowed.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -g -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --external-calls=none %t1.bc 2>&1 | FileCheck %s 4 | // RUN: test %t.klee-out/test000001.user.err 5 | 6 | #include 7 | 8 | int main(int argc, char** argv) { 9 | // CHECK: Disallowed call to external function: abs 10 | int x = abs(argc); 11 | printf("%d\n", argc); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/NonSizedGlobals.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t1.bc 4 | 5 | struct X; 6 | extern struct X Y; 7 | void *ptr = &Y; 8 | 9 | int main() 10 | { 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/OneFreeError.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s 4 | // RUN: test -f %t.klee-out/test000001.ptr.err 5 | 6 | int main() { 7 | int *x = malloc(4); 8 | free(x); 9 | // CHECK: OneFreeError.c:[[@LINE+1]]: memory error: out of bound pointer 10 | x[0] = 1; 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/OneOutOfBounds.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s 4 | // RUN: test -f %t.klee-out/test000001.ptr.err 5 | 6 | int main() { 7 | int *x = malloc(sizeof(int)); 8 | // CHECK: OneOutOfBounds.c:[[@LINE+1]]: memory error: out of bound pointer 9 | x[1] = 1; 10 | free(x); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/Optimize.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t2.bc 2 | // RUN: rm -f %t2.log 3 | // RUN: rm -rf %t.klee-out 4 | // RUN: %klee --output-dir=%t.klee-out --max-instructions=100 --optimize %t2.bc > %t3.log 5 | // RUN: echo "good" > %t3.good 6 | // RUN: diff %t3.log %t3.good 7 | 8 | // should complete by 100 instructions if opt is on 9 | 10 | int main() { 11 | int i, res = 0; 12 | 13 | for (i=1; i<=1000; i++) 14 | res += i; 15 | 16 | if (res == (1000*1001)/2) { 17 | printf("good\n"); 18 | } else { 19 | printf("bad\n"); 20 | } 21 | 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/OverlappedError.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | // RUN: ls %t.klee-out/ | grep .ktest | wc -l | grep 4 5 | // RUN: ls %t.klee-out/ | grep .ptr.err | wc -l | grep 2 6 | 7 | #include 8 | 9 | int main() { 10 | if (klee_range(0,2, "range")) { 11 | char *x = malloc(8); 12 | *((int*) &x[klee_range(0,6, "range")]) = 1; 13 | free(x); 14 | } else { 15 | char *x = malloc(8); 16 | *((int*) &x[klee_range(-1,5, "range")]) = 1; 17 | free(x); 18 | } 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/PreferCex.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t1.bc 4 | // RUN: %ktest-tool %t.klee-out/test000001.ktest | FileCheck %s 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | int main() { 11 | char buf[4]; 12 | 13 | klee_make_symbolic(buf, sizeof buf, "buf"); 14 | // CHECK: Hi\x00\x00 15 | klee_prefer_cex(buf, buf[0]=='H'); 16 | klee_prefer_cex(buf, buf[1]=='i'); 17 | klee_prefer_cex(buf, buf[2]=='\0'); 18 | klee_prefer_cex(buf, buf[3]=='\0'); 19 | 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/Realloc.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error --warnings-only-to-file=false %t1.bc 2>&1 | FileCheck %s 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | int main() { 10 | int *p = malloc(sizeof(int)*2); 11 | assert(p); 12 | p[1] = 52; 13 | 14 | // CHECK: KLEE: WARNING ONCE: Large alloc 15 | int *p2 = realloc(p, 1<<30); 16 | assert(!p2 || p2[1] == 52); 17 | 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/SetForking.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang -emit-llvm -g -c %s -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t.bc > %t.log 4 | // RUN: sort %t.log | uniq -c > %t.uniq.log 5 | // RUN: grep "1 A" %t.uniq.log 6 | // RUN: grep "1 B" %t.uniq.log 7 | // RUN: grep "1 C" %t.uniq.log 8 | 9 | #include 10 | 11 | int main() { 12 | klee_set_forking(0); 13 | 14 | if (klee_range(0, 2, "range")) { 15 | printf("A\n"); 16 | } else { 17 | printf("A\n"); 18 | } 19 | 20 | klee_set_forking(1); 21 | 22 | if (klee_range(0, 2, "range")) { 23 | printf("B\n"); 24 | } else { 25 | printf("C\n"); 26 | } 27 | 28 | return 0; 29 | } 30 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/SolverTimeout.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --max-solver-time=1 %t.bc 4 | // 5 | // Note: This test occasionally fails when using Z3 4.4.1 6 | 7 | #include 8 | 9 | int main() { 10 | long long int x, y = 102*75678 + 78, i = 101; 11 | 12 | klee_make_symbolic(&x, sizeof(x), "x"); 13 | 14 | if (x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x + (x*x % (x+12)) == y*y*y*y*y*y*y*y*y*y*y*y*y*y*y*y % i) 15 | printf("Yes\n"); 16 | else printf("No\n"); 17 | 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/StackOverflow.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang -emit-llvm -g -c -o %t.bc %s 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t.bc > %t.output.log 2>&1 4 | // RUN: FileCheck -input-file=%t.output.log %s 5 | 6 | void recursive(unsigned nr){ 7 | if (nr == 0) 8 | return; 9 | recursive(nr-1); 10 | } 11 | 12 | int main() { 13 | recursive(10000); 14 | return 0; 15 | } 16 | // CHECK: Maximum stack size reached 17 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/TargetMismatch.c: -------------------------------------------------------------------------------- 1 | // REQUIRES: not-darwin 2 | // RUN: %clang %s -m32 -emit-llvm %O0opt -c -o %t1.bc 3 | // RUN: rm -rf %t.klee-out 4 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error > %t2.out 2>&1 || true 5 | // RUN: FileCheck %s -input-file=%t2.out 6 | 7 | // CHECK: KLEE: WARNING: Module and host target triples do not match 8 | // CHECK-NEXT: This may cause unexpected crashes or assertion violations. 9 | int main(void) {} 10 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/WithLibc.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t2.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --libc=klee %t2.bc > %t3.log 4 | // RUN: echo "good" > %t3.good 5 | // RUN: diff %t3.log %t3.good 6 | 7 | int main() { 8 | char buf[4]; 9 | char *s = "foo"; 10 | 11 | klee_make_symbolic(buf, sizeof buf, "buf"); 12 | buf[3] = 0; 13 | 14 | if (strcmp(buf, s)==0) { 15 | if (buf[0]=='f' && buf[1]=='o' && buf[2]=='o' && buf[3]==0) { 16 | printf("good\n"); 17 | } else { 18 | printf("bad\n"); 19 | } 20 | } 21 | 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/klee-stats/additional_column/info: -------------------------------------------------------------------------------- 1 | klee run.bc 2 | PID: 1122888 3 | Using monotonic steady clock with 1/1000000000s resolution 4 | Started: 2020-09-25 18:44:34 5 | BEGIN searcher description 6 | containing 2 searchers: 7 | RandomPathSearcher 8 | WeightedRandomSearcher::CoveringNew 9 | 10 | END searcher description 11 | Finished: 2020-09-25 18:44:34 12 | Elapsed: 00:00:00 13 | KLEE: done: explored paths = 1 14 | KLEE: done: total queries = 0 15 | KLEE: done: valid queries = 0 16 | KLEE: done: invalid queries = 0 17 | KLEE: done: query cex = 0 18 | 19 | KLEE: done: total instructions = 3 20 | KLEE: done: completed paths = 1 21 | KLEE: done: generated tests = 1 22 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/klee-stats/additional_column/run.stats: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dslab-epfl/tpot/85108d2ecbb026b36d2059b581c4bf70e593ce95/klee-2.3/test/Feature/klee-stats/additional_column/run.stats -------------------------------------------------------------------------------- /klee-2.3/test/Feature/klee-stats/empty/info: -------------------------------------------------------------------------------- 1 | klee run.bc 2 | PID: 1122888 3 | Using monotonic steady clock with 1/1000000000s resolution 4 | Started: 2020-09-25 18:44:34 5 | BEGIN searcher description 6 | containing 2 searchers: 7 | RandomPathSearcher 8 | WeightedRandomSearcher::CoveringNew 9 | 10 | END searcher description 11 | Finished: 2020-09-25 18:44:34 12 | Elapsed: 00:00:00 13 | KLEE: done: explored paths = 1 14 | KLEE: done: total queries = 0 15 | KLEE: done: valid queries = 0 16 | KLEE: done: invalid queries = 0 17 | KLEE: done: query cex = 0 18 | 19 | KLEE: done: total instructions = 3 20 | KLEE: done: completed paths = 1 21 | KLEE: done: generated tests = 1 22 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/klee-stats/empty/run.stats: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dslab-epfl/tpot/85108d2ecbb026b36d2059b581c4bf70e593ce95/klee-2.3/test/Feature/klee-stats/empty/run.stats -------------------------------------------------------------------------------- /klee-2.3/test/Feature/klee-stats/missing_column/info: -------------------------------------------------------------------------------- 1 | klee run.bc 2 | PID: 1122888 3 | Using monotonic steady clock with 1/1000000000s resolution 4 | Started: 2020-09-25 18:44:34 5 | BEGIN searcher description 6 | containing 2 searchers: 7 | RandomPathSearcher 8 | WeightedRandomSearcher::CoveringNew 9 | 10 | END searcher description 11 | Finished: 2020-09-25 18:44:34 12 | Elapsed: 00:00:00 13 | KLEE: done: explored paths = 1 14 | KLEE: done: total queries = 0 15 | KLEE: done: valid queries = 0 16 | KLEE: done: invalid queries = 0 17 | KLEE: done: query cex = 0 18 | 19 | KLEE: done: total instructions = 3 20 | KLEE: done: completed paths = 1 21 | KLEE: done: generated tests = 1 22 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/klee-stats/missing_column/run.stats: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dslab-epfl/tpot/85108d2ecbb026b36d2059b581c4bf70e593ce95/klee-2.3/test/Feature/klee-stats/missing_column/run.stats -------------------------------------------------------------------------------- /klee-2.3/test/Feature/klee-stats/run/info: -------------------------------------------------------------------------------- 1 | klee run.bc 2 | PID: 1122888 3 | Using monotonic steady clock with 1/1000000000s resolution 4 | Started: 2020-09-25 18:44:34 5 | BEGIN searcher description 6 | containing 2 searchers: 7 | RandomPathSearcher 8 | WeightedRandomSearcher::CoveringNew 9 | 10 | END searcher description 11 | Finished: 2020-09-25 18:44:34 12 | Elapsed: 00:00:00 13 | KLEE: done: explored paths = 1 14 | KLEE: done: total queries = 0 15 | KLEE: done: valid queries = 0 16 | KLEE: done: invalid queries = 0 17 | KLEE: done: query cex = 0 18 | 19 | KLEE: done: total instructions = 3 20 | KLEE: done: completed paths = 1 21 | KLEE: done: generated tests = 1 22 | -------------------------------------------------------------------------------- /klee-2.3/test/Feature/klee-stats/run/run.stats: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dslab-epfl/tpot/85108d2ecbb026b36d2059b581c4bf70e593ce95/klee-2.3/test/Feature/klee-stats/run/run.stats -------------------------------------------------------------------------------- /klee-2.3/test/Merging/state_termination.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang -emit-llvm -g -c -o %t.bc %s 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --use-merge --debug-log-merge --search=dfs %t.bc 4 | 5 | #include "klee/klee.h" 6 | 7 | int main(int argc, char** args){ 8 | 9 | int x; 10 | 11 | char str[5]; 12 | klee_make_symbolic(str, sizeof(str), "str"); 13 | char *s = str; 14 | 15 | klee_open_merge(); 16 | while(*s != 's') 17 | s++; 18 | klee_close_merge(); 19 | 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /klee-2.3/test/README: -------------------------------------------------------------------------------- 1 | about tests.... 2 | -------------------------------------------------------------------------------- /klee-2.3/test/Replay/libkleeruntest/replay_cex_after_assumed_malloc.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -S -emit-llvm -g -c -o %t.ll 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t.ll 4 | // KLEE just must not fail 5 | #include "klee/klee.h" 6 | 7 | int main() { 8 | char i; 9 | char *p; 10 | char *q; 11 | klee_make_symbolic(&i, sizeof(i), "i"); 12 | klee_make_symbolic(&p, sizeof(p), "p"); 13 | 14 | if (i) {} 15 | 16 | q = malloc(sizeof (char)); 17 | klee_assume(p == q); 18 | klee_make_symbolic(p, sizeof (char), "p[0]"); 19 | 20 | char condition = (*p); 21 | if (*p) condition = 1; 22 | klee_prefer_cex(&i, condition); 23 | if (i+5) {} 24 | return 0; 25 | } 26 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/POSIX/CanonicalizeFileName.c: -------------------------------------------------------------------------------- 1 | // REQUIRES: not-darwin 2 | // RUN: %clang %s -Wall -emit-llvm -g %O0opt -c -o %t.bc 3 | // RUN: rm -rf %t.klee-out 4 | // RUN: %klee --output-dir=%t.klee-out --libc=uclibc --posix-runtime --exit-on-error %t.bc 5 | 6 | #define _GNU_SOURCE 7 | #include 8 | #include 9 | #include 10 | 11 | int main(int argc, char * argv[]) { 12 | char cwd[PATH_MAX] = {0}; 13 | 14 | if (!getcwd(cwd, PATH_MAX)) exit(EXIT_FAILURE); 15 | if (!canonicalize_file_name(cwd)) exit(EXIT_FAILURE); 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/POSIX/GetcwdFail.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --libc=klee --posix-runtime %t.bc 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | int main(void) { 10 | // non-null path with 0 size should set EINVAL and return NULL 11 | char *path[42]; 12 | errno = 0; 13 | char *result = getcwd(path, 0); 14 | assert(errno == EINVAL); 15 | assert(result == NULL); 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/POSIX/Getenv.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t2.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --libc=klee --posix-runtime --exit-on-error %t2.bc --sym-files 1 10 4 | 5 | #include 6 | 7 | int main(int argc, char **argv) { 8 | char *g = getenv("PWD"); 9 | if (g) { 10 | printf("have PWD\n"); 11 | } else { 12 | printf("have no PWD\n"); 13 | } 14 | 15 | g = getenv("HELLO"); 16 | if (!g || strcmp(g, "nice")==0) { 17 | printf("getenv(\"HELLO\") = %p\n", g); 18 | if (g) assert(strcmp(getenv("HELLO"),"nice") == 0); 19 | } 20 | 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/POSIX/MixedConcreteSymbolic.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --external-calls=all --exit-on-error --libc=uclibc --posix-runtime %t.bc --sym-stdin 10 2>%t.log | FileCheck %s 4 | 5 | #include "klee/klee.h" 6 | #include 7 | #include 8 | 9 | int main(int argc, char **argv) { 10 | char buf[32]; 11 | 12 | fread(buf, 1, 4, stdin); 13 | klee_assume(buf[0] == 'a'); 14 | klee_assume(buf[1] > 'a'); 15 | klee_assume(buf[1] < 'z'); 16 | klee_assume(buf[2] == '\n'); 17 | klee_assume(buf[3] == '\0'); 18 | fwrite(buf, 1, 4, stdout); 19 | //CHECK: a{{[b-y]}} 20 | 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/POSIX/Openat.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t2.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --posix-runtime --exit-on-error %t2.bc --sym-files 1 10 4 | // RUN: test -f %t.klee-out/test000001.ktest 5 | 6 | #include 7 | #include 8 | 9 | int main(int argc, char **argv) { 10 | int fd = openat(AT_FDCWD, "A", O_RDWR|O_TRUNC); 11 | if (fd != -1) { 12 | char buf[10]; 13 | assert(read(fd, buf, 10) == 10); 14 | assert(klee_is_symbolic(buf[0])); 15 | } else { 16 | klee_silent_exit(0); 17 | } 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/POSIX/SELinux/lit.local.cfg: -------------------------------------------------------------------------------- 1 | def getRoot(config): 2 | if not config.parent: 3 | return config 4 | return getRoot(config.parent) 5 | 6 | if not getRoot(config).have_selinux: 7 | config.unsupported = True 8 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/POSIX/Write1.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error --libc=uclibc --posix-runtime %t.bc --sym-files 1 10 --sym-stdout 2>%t.log 4 | 5 | #include 6 | #include 7 | 8 | int main(int argc, char** argv) { 9 | char buf[32]; 10 | 11 | FILE* f = fopen("A", "w"); 12 | if (!f) 13 | klee_silent_exit(0); 14 | fwrite("Hello", sizeof("Hello"), 1, f); 15 | fclose(f); 16 | 17 | f = fopen("A", "r"); 18 | fread(buf, sizeof("Hello"), 1, f); 19 | fclose(f); 20 | 21 | assert(memcmp(buf, "Hello", sizeof("Hello")) == 0); 22 | 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/POSIX/Write2.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error --libc=uclibc --posix-runtime %t.bc --sym-files 1 10 --sym-stdout 2>%t.log 4 | 5 | #include 6 | #include 7 | 8 | int main(int argc, char** argv) { 9 | const char* msg = "This will eventually overflow stdout. "; 10 | char buf[32]; 11 | int i; 12 | 13 | FILE* f = stdout;//fopen("A", "w"); 14 | if (!f) 15 | klee_silent_exit(0); 16 | 17 | for (i = 0; i < 300; i++) 18 | fwrite(msg, sizeof(msg), 1, f); 19 | fclose(f); 20 | 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/POSIX/lit.local.cfg: -------------------------------------------------------------------------------- 1 | def getRoot(config): 2 | if not config.parent: 3 | return config 4 | return getRoot(config.parent) 5 | 6 | if not getRoot(config).enable_posix_runtime: 7 | config.unsupported = True 8 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/Uclibc/2007-10-08-optimization-calls-wrong-libc-functions.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error --optimize --libc=uclibc %t1.bc 4 | 5 | #include 6 | #include 7 | 8 | #include "klee/klee.h" 9 | 10 | int main() { 11 | int a; 12 | 13 | klee_make_symbolic(&a, sizeof a, "a"); 14 | 15 | memset(&a, 0, sizeof a); 16 | 17 | if (a) { 18 | assert(0); 19 | } 20 | 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/Uclibc/2008-03-04-libc-atexit-uses-dso-handle.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error --libc=uclibc %t1.bc 4 | 5 | // just make sure atexit works ok 6 | 7 | void boo() { 8 | } 9 | 10 | int main() { 11 | atexit(boo); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/Uclibc/Environ.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --libc=uclibc --exit-on-error %t1.bc 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | int main() { 10 | printf("HOME: %s\n", getenv("HOME")); 11 | assert(getenv("HOME") != 0); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/Uclibc/lit.local.cfg: -------------------------------------------------------------------------------- 1 | def getRoot(config): 2 | if not config.parent: 3 | return config 4 | return getRoot(config.parent) 5 | 6 | if not getRoot(config).enable_uclibc: 7 | config.unsupported = True 8 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/klee-libc/atexit_order.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error --libc=klee %t1.bc 4 | 5 | // make sure the functions passed to atexit are called in reverse order 6 | 7 | #include 8 | 9 | extern void atexit(void (*)()); 10 | 11 | static int counter = 0; 12 | 13 | void first() { 14 | assert(counter == 0); 15 | ++counter; 16 | } 17 | 18 | void second() { 19 | assert(counter == 1); 20 | ++counter; 21 | } 22 | 23 | int main() { 24 | atexit(second); 25 | atexit(first); 26 | return 0; 27 | } 28 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/klee-libc/bcmp.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error --libc=klee %t1.bc 4 | 5 | // test bcmp for sizes including zero 6 | 7 | #include 8 | #include 9 | #include 10 | 11 | int main() { 12 | for (int i = 0; i < 5; ++i) { 13 | void *s = malloc(i); 14 | if (s) { 15 | klee_make_symbolic(s, i, "s"); 16 | assert(0 == bcmp(s, s, i)); 17 | free(s); 18 | } 19 | } 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /klee-2.3/test/Runtime/klee-libc/cxa_thread_atexit_impl.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error --libc=klee %t1.bc 4 | 5 | // just make sure __cxa_thread_atexit_impl works ok 6 | 7 | #include 8 | 9 | extern int __cxa_thread_atexit_impl(void (*)(void*), void*, void *); 10 | 11 | static int x; // a global whose address we can take 12 | 13 | void boo(void *h) { 14 | assert(h == (void*)&x); 15 | } 16 | 17 | int main() { 18 | __cxa_thread_atexit_impl(boo, (void*)&x, (void*)0); 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /klee-2.3/test/Solver/FastCexSolver.kquery: -------------------------------------------------------------------------------- 1 | # RUN: %kleaver --use-fast-cex-solver --solver-backend=dummy %s > %t 2 | # RUN: not grep FAIL %t 3 | 4 | array arr1[4] : w32 -> w8 = symbolic 5 | (query [] (Not (Eq 4096 (ReadLSB w32 0 arr1)))) 6 | 7 | array A-data[2] : w32 -> w8 = symbolic 8 | (query [(Ule (Add w8 208 N0:(Read w8 0 A-data)) 9 | 9)] 10 | (Eq 52 N0)) 11 | -------------------------------------------------------------------------------- /klee-2.3/test/Solver/LargeIntegers.kquery: -------------------------------------------------------------------------------- 1 | # RUN: %kleaver %s > %t 2 | 3 | array a[64] : w32 -> w8 = symbolic 4 | 5 | # RUN: grep -A 1 "Query 0" %t > %t2 6 | # RUN: grep "Expr 0: 18446744073709551618" %t2 7 | (query [] false [(Concat w128 (w64 1) (w64 2))]) 8 | 9 | # RUN: grep -A 1 "Query 1" %t > %t2 10 | # RUN: grep "Expr 0: 16" %t2 11 | (query [] false [(Extract w5 60 (Concat w128 (w64 1) (w64 2)))]) 12 | 13 | # RUN: grep -A 1 "Query 2" %t > %t2 14 | # RUN: grep "Array 0: a.16, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1" %t2 15 | (query [(Eq 0x0102030405060708090A0B0C0D0E0F10 (ReadLSB w128 0 a))] 16 | false 17 | [] [a]) 18 | -------------------------------------------------------------------------------- /klee-2.3/test/Solver/STPDumpDebugQueries.c: -------------------------------------------------------------------------------- 1 | // REQUIRES: stp 2 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 3 | // RUN: rm -rf %t.klee-out 4 | // RUN: %klee -solver-backend=stp --output-dir=%t.klee-out -debug-dump-stp-queries %t1.bc 5 | // RUN: cat %t.klee-out/warnings.txt | FileCheck %s 6 | 7 | // Objective: test -debug-dump-stp-queries (just invocation and header in warnings.txt) 8 | 9 | #include "klee/klee.h" 10 | 11 | int main(int argc, char **argv) { 12 | unsigned i; 13 | klee_make_symbolic(&i, sizeof i, "i"); 14 | if (i) 15 | return 0; 16 | else 17 | return 1; 18 | // CHECK: KLEE: WARNING: STP query: 19 | } 20 | -------------------------------------------------------------------------------- /klee-2.3/test/Solver/lit.local.cfg: -------------------------------------------------------------------------------- 1 | # Look for .kquery files too 2 | config.suffixes.add('.kquery') 3 | -------------------------------------------------------------------------------- /klee-2.3/test/Solver/overshift-aright-by-constant.kquery: -------------------------------------------------------------------------------- 1 | # RUN: %kleaver %s > %t 2 | # RUN: not grep INVALID %t 3 | array x[4] : w32 -> w8 = symbolic 4 | # ∀ x. x > 0 → ( ((signed int) x) >> 32 = 0 ) 5 | # Check we overshift to zero for when shifting for all 32-bit values >0 6 | 7 | (query [ (Ult (w32 0) (ReadLSB w32 (w32 0) x)) ] 8 | (Eq 9 | (AShr w32 10 | (ReadLSB w32 (w32 0) x) 11 | (w32 32) 12 | ) 13 | (w32 0) 14 | ) [ ] [x] ) 15 | -------------------------------------------------------------------------------- /klee-2.3/test/Solver/overshift-left-by-constant.kquery: -------------------------------------------------------------------------------- 1 | # RUN: %kleaver %s > %t 2 | # RUN: not grep INVALID %t 3 | array x[4] : w32 -> w8 = symbolic 4 | # ∀ x. x > 0 → ( x << 32 = 0 ) 5 | # Check we overshift to zero for when shifting for all 32-bit values >0 6 | 7 | (query [ (Ult (w32 0) (ReadLSB w32 (w32 0) x)) ] 8 | (Eq 9 | (Shl w32 10 | (ReadLSB w32 (w32 0) x) 11 | (w32 32) 12 | ) 13 | (w32 0) 14 | ) [ ] [x] ) 15 | -------------------------------------------------------------------------------- /klee-2.3/test/Solver/overshift-lright-by-constant.kquery: -------------------------------------------------------------------------------- 1 | # RUN: %kleaver %s > %t 2 | # RUN: not grep INVALID %t 3 | array x[4] : w32 -> w8 = symbolic 4 | # ∀ x. x > 0 → ( x >> 32 = 0 ) 5 | # Check we overshift to zero for when shifting for all 32-bit values >0 6 | 7 | (query [ (Ult (w32 0) (ReadLSB w32 (w32 0) x)) ] 8 | (Eq 9 | (LShr w32 10 | (ReadLSB w32 (w32 0) x) 11 | (w32 32) 12 | ) 13 | (w32 0) 14 | ) [ ] [x] ) 15 | -------------------------------------------------------------------------------- /klee-2.3/test/VectorInstructions/memset.c: -------------------------------------------------------------------------------- 1 | // RUN: rm -rf %t.klee-out 2 | // RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc 3 | // RUN: %klee --output-dir=%t.klee-out --optimize=true --exit-on-error %t1.bc 4 | 5 | #include 6 | 7 | int main(int argc, char** argv) { 8 | char arr[1000]; 9 | memset(arr, 1, sizeof(arr)); 10 | return arr[argc]; 11 | } 12 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2007-07-25-invalid-stp-array-binding-to-objectstate.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | 5 | #include 6 | 7 | int main(void) { 8 | char c[2]; 9 | 10 | klee_make_symbolic(&c, sizeof(c), "c"); 11 | 12 | if (c[0] > 10) { 13 | int x; 14 | 15 | c[1] = 1; // copy object state 16 | 17 | assert(c[0] > 10); 18 | } 19 | 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2007-07-30-unflushed-byte.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | 5 | #include 6 | 7 | int main() { 8 | char i, x[3]; 9 | 10 | klee_make_symbolic(&i, sizeof i, "i"); 11 | 12 | x[0] = i; 13 | 14 | // DEMAND FAILED:Memory.cpp:read8:199: is false: "unflushed byte without cache value" 15 | char y = x[1]; 16 | 17 | return 0; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2007-08-01-cache-unclear-on-overwrite-flushed.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | 5 | #include 6 | #include 7 | 8 | int main() { 9 | unsigned char x; 10 | 11 | klee_make_symbolic(&x, sizeof x, "x"); 12 | if (x >= 2) klee_silent_exit(0); 13 | 14 | char delete[2] = {0,1}; 15 | 16 | char tmp = delete[ x ]; 17 | char tmp2 = delete[0]; 18 | delete[ x ] = tmp2; 19 | 20 | if (x==1) { 21 | assert(delete[1] == 0); 22 | return 0; 23 | } 24 | 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2007-08-06-64bit-shift.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | 5 | #include 6 | 7 | int main() { 8 | int d; 9 | 10 | klee_make_symbolic(&d, sizeof(d), "d"); 11 | 12 | int l = d - 1; 13 | unsigned long long m = ((unsigned long long) l << 32) / d; 14 | if (d==2) { 15 | assert(m == 2147483648u); 16 | } 17 | 18 | klee_silent_exit(0); 19 | 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2007-08-06-access-after-free.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | 5 | #include 6 | 7 | int main() { 8 | int a; 9 | unsigned char *p = malloc(4); 10 | 11 | klee_make_symbolic(&a, sizeof a, "a"); 12 | klee_make_symbolic(p, sizeof p, "p"); 13 | 14 | p[0] |= 16; 15 | 16 | if (a) { 17 | free(p); 18 | 19 | // this should give an error instead of 20 | // pulling the state from the parent, where 21 | // it is not free 22 | assert(p[0] > 10); 23 | 24 | return 0; 25 | } 26 | 27 | assert(p[0] > 10); 28 | 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2007-08-08-free-zero.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | // RUN: ls %t.klee-out | not grep *.err 5 | 6 | #include 7 | 8 | int main() { 9 | free(0); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2007-10-11-free-of-alloca.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s 4 | // RUN: test -f %t.klee-out/test000001.free.err 5 | 6 | int main() { 7 | int buf[4]; 8 | // CHECK: 2007-10-11-free-of-alloca.c:9: free of alloca 9 | free(buf); // this should give runtime error, not crash 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2008-03-04-free-of-global.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s 4 | // RUN: test -f %t.klee-out/test000001.free.err 5 | 6 | int buf[4]; 7 | 8 | int main() { 9 | // CHECK: 2008-03-04-free-of-global.c:10: free of global 10 | free(buf); // this should give runtime error, not crash 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2008-03-11-free-of-malloc-zero.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t1.bc 4 | 5 | #include 6 | 7 | int main() { 8 | // concrete case 9 | void *p = malloc(0); 10 | free(p); 11 | 12 | p = malloc(0); 13 | void *arr[4] = { p, 0, 0, 0 }; 14 | 15 | // symbolic case 16 | free(arr[klee_range(0, 4, "range")]); 17 | } 18 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2008-04-10-bad-alloca-free.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t1.bc 4 | 5 | void f(int *addr) { 6 | klee_make_symbolic(addr, sizeof *addr, "moo"); 7 | } 8 | 9 | int main() { 10 | int x; 11 | f(&x); 12 | return x; 13 | } 14 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2008-05-23-gep-with-global-const.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang -emit-llvm %O0opt -c -o %t.bc %s 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t.bc 4 | 5 | #include 6 | 7 | int a; 8 | 9 | int main() { 10 | void *p1 = &((char*) 0)[(long) &a]; 11 | void *p2 = &a; 12 | 13 | assert(p1 == p2); 14 | 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2012-05-13-asm-causes-aborts.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | 5 | int main(int argc, char *argv[]){ 6 | __asm__ __volatile__ ("movl %eax, %eax"); 7 | return 0; 8 | } 9 | 10 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2014-12-08-ashr.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out -exit-on-error %t.bc 4 | 5 | #include "klee/klee.h" 6 | 7 | #include 8 | 9 | int f1(int a, int b) { 10 | return a + b; 11 | } 12 | 13 | int f2(int a, int b) { 14 | int i; 15 | for (i = 0; i < sizeof(b) * 8; i++) 16 | a += (((b >> i) & 1) << i); 17 | 18 | return a; 19 | } 20 | 21 | int main(int argc, char **argv) { 22 | int a, b; 23 | klee_make_symbolic(&a, sizeof(a), "a"); 24 | klee_make_symbolic(&b, sizeof(b), "b"); 25 | 26 | klee_assert(f1(a, b) == f2(a, b)); 27 | 28 | return 0; 29 | } 30 | 31 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2015-06-22-struct-write.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out -exit-on-error %t.bc 4 | 5 | #include "klee/klee.h" 6 | 7 | #include 8 | 9 | union U0 { 10 | signed f3 :18; 11 | }; 12 | 13 | static union U0 u = { 0UL }; 14 | 15 | int main(int argc, char **argv) { 16 | u.f3 = 534; 17 | 18 | klee_assert(u.f3 == 534); 19 | 20 | return 0; 21 | } 22 | 23 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2015-08-30-empty-constraints.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t.bc 2> %t.log 4 | // RUN: FileCheck -input-file=%t.log %s 5 | 6 | /** 7 | * This test generates one execution state without constraints. 8 | * 9 | * The state gets terminated (in this case return) and initial values 10 | * are generated. 11 | * Make sure we are able to generate an input. 12 | */ 13 | int main() { 14 | int d; 15 | 16 | klee_make_symbolic(&d, sizeof(d), "d"); 17 | 18 | // CHECK-NOT: unable to compute initial values (invalid constraints?)! 19 | if ((d & 2) / 4) 20 | return 1; 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2016-03-22-independence-solver-missing-objects-for-assignment.kquery: -------------------------------------------------------------------------------- 1 | # RUN: %kleaver %s 2>&1 | FileCheck %s 2 | array n_args[4] : w32 -> w8 = symbolic 3 | array n_args_1[4] : w32 -> w8 = symbolic 4 | array A-data-stat[144] : w32 -> w8 = symbolic 5 | array stdin-stat[144] : w32 -> w8 = symbolic 6 | (query [(Ult N0:(ReadLSB w32 0 n_args) 2) 7 | (Slt 0 N0) 8 | (Ult N1:(ReadLSB w32 0 n_args_1) 3) 9 | (Slt 0 N1) 10 | (Slt 1 N1) 11 | (Eq false (Eq 0 (And w64 (ReadLSB w64 8 A-data-stat) 2147483647))) 12 | (Ult (ReadLSB w64 56 A-data-stat) 65536) 13 | (Eq false (Eq 0 (And w64 (ReadLSB w64 8 stdin-stat) 2147483647)))] 14 | (Eq false (Ult (ReadLSB w64 56 stdin-stat) 65536)) [] [n_args]) 15 | # CHECK: INVALID 16 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2016-04-14-sdiv-2.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out -exit-on-error -solver-optimize-divides=true %t.bc >%t1.log 4 | // RUN: grep "m is 2" %t1.log 5 | #include 6 | #include 7 | 8 | #include "klee/klee.h" 9 | 10 | int main(void) 11 | { 12 | int n, m; 13 | klee_make_symbolic(&n, sizeof n, "n"); 14 | klee_assume(n < -1); 15 | 16 | if (n/2 > 0) 17 | assert(0); 18 | 19 | klee_make_symbolic(&m, sizeof m, "m"); 20 | klee_assume(m > 0); 21 | 22 | if (m/2 == 2) 23 | printf("m is 2\n"); 24 | 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2016-06-28-div-zero-bug.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --use-cex-cache=false %t.bc >%t1.log 4 | 5 | // This bug is triggered when using STP up to an including 2.1.0 6 | // See https://github.com/klee/klee/issues/308 7 | // and https://github.com/stp/stp/issues/206 8 | 9 | int b, a, g; 10 | 11 | int *c = &b, *d = &b, *f = &a; 12 | 13 | int safe_div(short p1, int p2) { 14 | return p2 == 0 ? p1 : p2; 15 | } 16 | 17 | int main() { 18 | klee_make_symbolic(&b, sizeof b, "b"); 19 | if (safe_div(*c, 0)) 20 | *f = (int)&b % *c; 21 | 22 | safe_div(a && g, *d); 23 | } 24 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2016-08-06-klee-get-obj-size.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t.bc 4 | // RUN: test -f %t.klee-out/test000001.assert.err 5 | 6 | #include "klee/klee.h" 7 | 8 | #include 9 | 10 | int main() { 11 | char s[5]; 12 | assert(5 != klee_get_obj_size(s)); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2016-08-11-entry-point-internalize-pass.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --entry-point=entry %t.bc 4 | 5 | int entry() { 6 | return 0; 7 | } 8 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2016-08-12-empty-file.c: -------------------------------------------------------------------------------- 1 | // REQUIRES: posix-runtime 2 | // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc 3 | // RUN: rm -rf %t.klee-out 4 | // RUN: not %klee --output-dir=%t.klee-out %t.bc >%t1.log 2>&1 5 | // RUN: FileCheck -input-file=%t1.log -check-prefix=CHECK-MAIN-NOT-FOUND %s 6 | // RUN: rm -rf %t.klee-out 7 | // RUN: rm -rf %t1.log 8 | // RUN: not %klee --output-dir=%t.klee-out --posix-runtime %t.bc >%t1.log 2>&1 9 | // RUN: FileCheck -input-file=%t1.log -check-prefix=CHECK-MAIN-NOT-FOUND %s 10 | 11 | // CHECK-MAIN-NOT-FOUND: Entry function 'main' not found in module. 12 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2016-12-14-alloc-alignment.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -Wall -emit-llvm -g %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out --exit-on-error %t.bc 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | // Global should be aligned on a 128-byte boundary 10 | int foo __attribute__((aligned(128))); 11 | 12 | int main() { 13 | int bar __attribute__((aligned(256))); 14 | 15 | // Check alignment of global 16 | assert(((size_t)&foo) % 128 == 0); 17 | 18 | // Check alignment of local 19 | assert(((size_t)&bar) % 256 == 0); 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2017-02-21-pathOS-id.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g %O0opt -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out -write-paths %t.bc 2> %t.log 4 | // RUN: cat %t.klee-out/test000001.path | wc -l | grep -q 1 5 | // RUN: cat %t.klee-out/test000002.path | wc -l | grep -q 1 6 | // RUN: cat %t.klee-out/test000003.path | wc -l | grep -q 1 7 | // RUN: cat %t.klee-out/test000004.path | wc -l | grep -q 1 8 | int main(){ 9 | int a, b; 10 | klee_make_symbolic (&a, sizeof(int), "a"); 11 | klee_make_symbolic (&b, sizeof(int), "b"); 12 | klee_assume(a<2); 13 | klee_assume(a>=0); 14 | malloc(a); 15 | if(b){ 16 | b++;//do something 17 | } 18 | return b; 19 | } 20 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2017-11-01-test-with-empty-varname.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | // RUN: FileCheck %s --input-file=%t.klee-out/warnings.txt 5 | 6 | int main() { 7 | unsigned a; 8 | 9 | klee_make_symbolic(&a, sizeof(a), ""); 10 | // CHECK-NOT: KLEE: WARNING: unable to write output test case, losing it 11 | } 12 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2018-04-05-make-symbolic-null-name.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --output-dir=%t.klee-out %t1.bc 4 | 5 | #include "klee/klee.h" 6 | 7 | int main(int argc, char * argv[]) { 8 | int a = klee_int((void*)0); 9 | } 10 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2018-05-05-number-instructions-dumped-states.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee -max-instructions=1 --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s 4 | 5 | // CHECK: KLEE: done: total instructions = 1 6 | 7 | #include "klee/klee.h" 8 | 9 | int main(int argc, char * argv[]) {} 10 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2018-05-17-replay-short-names.c: -------------------------------------------------------------------------------- 1 | // RUN: rm -rf a 2 | // RUN: mkdir a 3 | // RUN: touch a/b 4 | // RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc 5 | // RUN: rm -rf %t.klee-out 6 | // RUN: %klee -replay-ktest-dir=a --output-dir=%t.klee-out %t1.bc 2>&1 7 | // 8 | 9 | #include "klee/klee.h" 10 | 11 | int main(int argc, char * argv[]) {} 12 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2019-09-06-make-const-symbolic.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -g -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee -output-dir=%t.klee-out %t.bc 2>&1 | FileCheck %s 4 | #include "klee/klee.h" 5 | 6 | const int c = 23; 7 | int main(int argc, char **argv) { 8 | klee_make_symbolic(&c, sizeof(c), "c"); 9 | // CHECK: cannot make readonly object symbolic 10 | 11 | if (c > 20) 12 | return 0; 13 | else 14 | return 1; 15 | } 16 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2020-01-14-fabs-compare.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -g -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee --exit-on-error --output-dir=%t.klee-out %t.bc 4 | 5 | #include 6 | #include 7 | 8 | int main(void) { 9 | long double a = 0.25; 10 | long double b = -a; 11 | 12 | long double b_abs = fabsl(b); 13 | 14 | assert(a == b_abs); 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/2020-02-24-count-paths-nodump.c: -------------------------------------------------------------------------------- 1 | // ASAN fails because KLEE does not cleanup states with -dump-states-on-halt=false 2 | // REQUIRES: not-asan 3 | // RUN: %clang %s -emit-llvm %O0opt -g -c -o %t.bc 4 | // RUN: rm -rf %t.klee-out 5 | // RUN: %klee -dump-states-on-halt=false -max-instructions=1 -output-dir=%t.klee-out %t.bc 2>&1 | FileCheck %s 6 | 7 | int main(int argc, char **argv) { 8 | // just do something 9 | int i = 42; 10 | ++i; 11 | } 12 | 13 | // CHECK: KLEE: done: completed paths = 0 14 | // CHECK: KLEE: done: partially completed paths = 1 -------------------------------------------------------------------------------- /klee-2.3/test/regression/2020-04-27-stp-array-names.c: -------------------------------------------------------------------------------- 1 | // RUN: %clang %s -emit-llvm %O0opt -g -c -o %t.bc 2 | // RUN: rm -rf %t.klee-out 3 | // RUN: %klee -output-dir=%t.klee-out --search=bfs --max-instructions=1000 %t.bc 4 | b; 5 | a(c) { 6 | if (!c) 7 | abort(); 8 | } 9 | main() { 10 | int e; 11 | short d; 12 | klee_make_symbolic(&d, sizeof(d), "__sym___VERIFIER_nondet_short"); 13 | b = d; 14 | a(b > 0); 15 | int f[b]; 16 | int g[b]; 17 | for (;;) { 18 | short d; 19 | klee_make_symbolic(&d, sizeof(d), "__sym___VERIFIER_nondet_short"); 20 | a(d >= 0 && d < b); 21 | f[d]; 22 | g[b - 1 - d]; 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /klee-2.3/test/regression/lit.local.cfg: -------------------------------------------------------------------------------- 1 | # Look for .kquery files too 2 | config.suffixes.add('.kquery') 3 | -------------------------------------------------------------------------------- /klee-2.3/tools/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | add_subdirectory(gen-bout) 10 | add_subdirectory(gen-random-bout) 11 | add_subdirectory(kleaver) 12 | add_subdirectory(klee) 13 | add_subdirectory(klee-replay) 14 | add_subdirectory(klee-stats) 15 | add_subdirectory(klee-zesti) 16 | add_subdirectory(ktest-tool) 17 | -------------------------------------------------------------------------------- /klee-2.3/tools/gen-bout/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | add_executable(gen-bout 10 | gen-bout.cpp 11 | ) 12 | 13 | set(KLEE_LIBS kleeBasic) 14 | 15 | target_link_libraries(gen-bout ${KLEE_LIBS}) 16 | 17 | install(TARGETS gen-bout RUNTIME DESTINATION bin) 18 | -------------------------------------------------------------------------------- /klee-2.3/tools/gen-random-bout/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | add_executable(gen-random-bout 10 | gen-random-bout.cpp 11 | ) 12 | 13 | set(KLEE_LIBS kleeBasic) 14 | 15 | target_link_libraries(gen-random-bout ${KLEE_LIBS}) 16 | 17 | install(TARGETS gen-random-bout RUNTIME DESTINATION bin) 18 | -------------------------------------------------------------------------------- /klee-2.3/tools/kleaver/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | add_executable(kleaver 10 | main.cpp 11 | ) 12 | 13 | set(KLEE_LIBS 14 | kleaverSolver 15 | ) 16 | 17 | target_link_libraries(kleaver ${KLEE_LIBS}) 18 | 19 | install(TARGETS kleaver RUNTIME DESTINATION bin) 20 | -------------------------------------------------------------------------------- /klee-2.3/tools/klee-replay/fd_init.c: -------------------------------------------------------------------------------- 1 | #include "../../runtime/POSIX/fd_init.c" 2 | -------------------------------------------------------------------------------- /klee-2.3/tools/klee-replay/klee_init_env.c: -------------------------------------------------------------------------------- 1 | #include "../../runtime/POSIX/klee_init_env.c" 2 | 3 | int __klee_posix_wrapped_main(int argc, char **argv, char **envp) { return 0; } 4 | -------------------------------------------------------------------------------- /klee-2.3/tools/klee-stats/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | install(PROGRAMS klee-stats DESTINATION bin) 10 | 11 | # Copy into the build directory's binary directory 12 | # so system tests can find it 13 | configure_file(klee-stats "${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/klee-stats" COPYONLY) 14 | -------------------------------------------------------------------------------- /klee-2.3/tools/klee-zesti/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | install(PROGRAMS klee-zesti DESTINATION bin) 10 | 11 | # Copy into the build directory's binary directory 12 | # so system tests can find it 13 | configure_file(klee-zesti "${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/klee-zesti" COPYONLY) 14 | -------------------------------------------------------------------------------- /klee-2.3/tools/klee/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | add_executable(klee 10 | main.cpp 11 | ) 12 | 13 | set(KLEE_LIBS 14 | kleeCore 15 | ) 16 | 17 | target_link_libraries(klee ${KLEE_LIBS}) 18 | 19 | install(TARGETS klee RUNTIME DESTINATION bin) 20 | 21 | # The KLEE binary depends on the runtimes 22 | add_dependencies(klee BuildKLEERuntimes) 23 | -------------------------------------------------------------------------------- /klee-2.3/tools/ktest-tool/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | install(PROGRAMS ktest-tool DESTINATION bin) 10 | 11 | # Copy into the build directory's binary directory 12 | # so system tests can find it 13 | configure_file(ktest-tool "${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/ktest-tool" COPYONLY) 14 | -------------------------------------------------------------------------------- /klee-2.3/unittests/Assignment/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(AssignmentTest 2 | AssignmentTest.cpp) 3 | target_link_libraries(AssignmentTest PRIVATE kleaverExpr kleaverSolver) 4 | -------------------------------------------------------------------------------- /klee-2.3/unittests/DiscretePDF/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(DiscretePDFTest 2 | DiscretePDFTest.cpp) 3 | # FIXME add the following line to link against libgtest.a 4 | target_link_libraries(DiscretePDFTest PRIVATE kleaverSolver) -------------------------------------------------------------------------------- /klee-2.3/unittests/Expr/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(ExprTest 2 | ExprTest.cpp 3 | ArrayExprTest.cpp) 4 | target_link_libraries(ExprTest PRIVATE kleaverExpr kleeSupport kleaverSolver) 5 | -------------------------------------------------------------------------------- /klee-2.3/unittests/RNG/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(RNGTest 2 | RNGTest.cpp) 3 | target_link_libraries(RNGTest PRIVATE kleeSupport) 4 | -------------------------------------------------------------------------------- /klee-2.3/unittests/Ref/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(RefTest 2 | RefTest.cpp) 3 | target_link_libraries(RefTest PRIVATE kleaverExpr) 4 | -------------------------------------------------------------------------------- /klee-2.3/unittests/Searcher/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(SearcherTest 2 | SearcherTest.cpp) 3 | target_link_libraries(SearcherTest PRIVATE kleeCore) 4 | target_include_directories(SearcherTest BEFORE PUBLIC "../../lib") 5 | -------------------------------------------------------------------------------- /klee-2.3/unittests/Solver/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(SolverTest 2 | SolverTest.cpp) 3 | target_link_libraries(SolverTest PRIVATE kleaverSolver) 4 | 5 | if (${ENABLE_Z3}) 6 | add_klee_unit_test(Z3SolverTest 7 | Z3SolverTest.cpp) 8 | target_link_libraries(Z3SolverTest PRIVATE kleaverSolver) 9 | endif() 10 | -------------------------------------------------------------------------------- /klee-2.3/unittests/TestMain.cpp: -------------------------------------------------------------------------------- 1 | //===--- unittests/TestMain.cpp - unittest driver -------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include "llvm/ADT/StringRef.h" 11 | #include "llvm/Support/Signals.h" 12 | 13 | #include "gtest/gtest.h" 14 | 15 | int main(int argc, char **argv) { 16 | llvm::sys::PrintStackTraceOnErrorSignal(argv[0], true); 17 | testing::InitGoogleTest(&argc, argv); 18 | return RUN_ALL_TESTS(); 19 | } 20 | -------------------------------------------------------------------------------- /klee-2.3/unittests/Time/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(TimeTest 2 | TimeTest.cpp) 3 | target_link_libraries(TimeTest PRIVATE kleeSupport) 4 | -------------------------------------------------------------------------------- /klee-2.3/unittests/TreeStream/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(TreeStreamTest 2 | TreeStreamTest.cpp) 3 | target_link_libraries(TreeStreamTest PRIVATE kleeBasic kleeSupport) 4 | -------------------------------------------------------------------------------- /klee-2.3/unittests/lit-unit-tests-common.cfg: -------------------------------------------------------------------------------- 1 | # Configuration file for the 'lit' test runner. 2 | 3 | import os 4 | 5 | import lit.formats 6 | 7 | # suffixes: A list of file extensions to treat as test files. 8 | config.suffixes = [] 9 | 10 | # testFormat: The test format to use to interpret tests. 11 | config.test_format = lit.formats.GoogleTest('.', config.unit_test_exe_suffix) 12 | -------------------------------------------------------------------------------- /klee-2.3/unittests/lit-unit-tests-common.site.cfg.in: -------------------------------------------------------------------------------- 1 | import sys 2 | import os 3 | 4 | ## @AUTO_GEN_MSG@ 5 | config.name = 'KLEE Unit tests' 6 | config.unit_test_exe_suffix = "@UNIT_TEST_EXE_SUFFIX@" 7 | 8 | # Let the main config do the real work. 9 | lit_config.load_config(config, "@CMAKE_SOURCE_DIR@/unittests/lit-unit-tests-common.cfg") 10 | config.environment['LSAN_OPTIONS'] = "suppressions=@KLEE_UTILS_DIR@/sanitizers/lsan.txt" 11 | config.environment['UBSAN_OPTIONS'] = "print_stacktrace=1,suppressions=@KLEE_UTILS_DIR@/sanitizers/ubsan.txt" 12 | -------------------------------------------------------------------------------- /klee-2.3/utils/grafana/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM grafana/grafana 2 | 3 | RUN grafana-cli plugins install grafana-simple-json-datasource 4 | 5 | COPY grafana.ini /etc/grafana/grafana.ini 6 | COPY dashboard.yml /etc/grafana/provisioning/dashboards/dashboard.yml 7 | COPY datasource.yml /etc/grafana/provisioning/datasources/datasource.yml 8 | COPY klee_dashboard.json /var/lib/grafana/dashboards/klee.json 9 | 10 | ENTRYPOINT ["/run.sh"] 11 | -------------------------------------------------------------------------------- /klee-2.3/utils/grafana/dashboard.yml: -------------------------------------------------------------------------------- 1 | apiVersion: 1 2 | 3 | providers: 4 | # an unique provider name 5 | - name: 'klee' 6 | # name of the dashboard folder. Required 7 | folder: '' 8 | # provider type. Required 9 | type: file 10 | # enable dashboard editing 11 | editable: true 12 | options: 13 | # path to dashboard files on disk. Required 14 | path: /var/lib/grafana/dashboards 15 | -------------------------------------------------------------------------------- /klee-2.3/utils/grafana/datasource.yml: -------------------------------------------------------------------------------- 1 | # config file version 2 | apiVersion: 1 3 | 4 | datasources: 5 | # name of the datasource. Required 6 | - name: KLEE Stats 7 | # datasource type. Required 8 | type: grafana-simple-json-datasource 9 | # access mode. proxy or direct (Server or Browser in the UI). Required 10 | access: proxy 11 | # url 12 | url: http://localhost:5000 13 | # mark as default datasource. Max one per org 14 | isDefault: true 15 | # allow users to edit datasources from the UI. 16 | editable: true 17 | -------------------------------------------------------------------------------- /klee-2.3/utils/grafana/grafana.ini: -------------------------------------------------------------------------------- 1 | [auth.anonymous] 2 | enabled = true 3 | org_role = Admin 4 | -------------------------------------------------------------------------------- /klee-2.3/utils/grafana/upload.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker build -t klee/grafana . 4 | docker push klee/grafana 5 | -------------------------------------------------------------------------------- /klee-2.3/utils/hacks/TreeGraphs/Graphics/Geometry/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dslab-epfl/tpot/85108d2ecbb026b36d2059b581c4bf70e593ce95/klee-2.3/utils/hacks/TreeGraphs/Graphics/Geometry/__init__.py -------------------------------------------------------------------------------- /klee-2.3/utils/hacks/TreeGraphs/Graphics/__init__.py: -------------------------------------------------------------------------------- 1 | __all__= ['Formats', 'SubSurf', 'Geometry', 'AqsisInterface', 'TwoD', 'ThreeD', 'Apps'] 2 | -------------------------------------------------------------------------------- /klee-2.3/utils/hacks/TreeGraphs/README.txt: -------------------------------------------------------------------------------- 1 | A little hack which converts KLEE treestream's of path branch information into 2 | images/animations. It is not particularly fast nor is the code very 3 | elegant. It's a hack, after all! 4 | 5 | There are a couple example input streams in inputs/. You can generate a single 6 | image frame with, e.g.:: 7 | 8 | $ ./TreeGraph.py --count=500 inputs/symPaths6.ts t.pdf 9 | 10 | which will generate an image of the first 500 paths that were explored. 11 | 12 | 13 | You can generate a sequence of frames from a file using:: 14 | 15 | $ ./Animate.py --start=10 --end=2000 inputs/symPaths6.ts anim-01 16 | 17 | which will generate a sequence of .pdf frames in anim-01. 18 | -------------------------------------------------------------------------------- /klee-2.3/utils/hacks/TreeGraphs/inputs/symPaths.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dslab-epfl/tpot/85108d2ecbb026b36d2059b581c4bf70e593ce95/klee-2.3/utils/hacks/TreeGraphs/inputs/symPaths.ts -------------------------------------------------------------------------------- /klee-2.3/utils/hacks/TreeGraphs/inputs/symPaths6.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dslab-epfl/tpot/85108d2ecbb026b36d2059b581c4bf70e593ce95/klee-2.3/utils/hacks/TreeGraphs/inputs/symPaths6.ts -------------------------------------------------------------------------------- /klee-2.3/utils/sanitizers/lsan.txt: -------------------------------------------------------------------------------- 1 | # This file tells the LeakSanitizer (LSan)component of the AddressSanitizer (-fsanitizer=address) 2 | # to ignore certain leaks at runtime. To tell LSan about these set the environment variable 3 | # LSAN_OPTIONS=suppressions=/path/to/this/file and then run the sanitized build of KLEE. 4 | # 5 | # Ideally we shouldn't need to suppress anything but currently KLEE seems to be leaking 6 | # The suppressions below are what's needed for ``make unittests`` and ``make check`` to not 7 | # fail due to leaks. 8 | 9 | # Ignore tcmalloc 10 | leak:src/malloc_extension.cc 11 | # Memory leak from klee_replay 12 | leak:klee-replay.c 13 | -------------------------------------------------------------------------------- /klee-2.3/utils/sanitizers/ubsan.txt: -------------------------------------------------------------------------------- 1 | # Runtime suppression of undefined behavior 2 | # 3 | vptr_check:Module.h 4 | -------------------------------------------------------------------------------- /klee-2.3/utils/valgrind/README.txt: -------------------------------------------------------------------------------- 1 | A few valgrind suppression files for known leaks. The LLVM ones may be 2 | fixed by now. 3 | -------------------------------------------------------------------------------- /klee-2.3/utils/valgrind/valgrind-llvm.supp: -------------------------------------------------------------------------------- 1 | { 2 | LLVM:Tmp1 3 | Memcheck:Leak 4 | fun:_vgrZU_libstdcZpZpZa__Znwj 5 | fun:_ZN4llvm* 6 | } 7 | { 8 | LLVM:Tmp2 9 | Memcheck:Leak 10 | fun:_vgrZU_libcZdsoZa_malloc 11 | fun:_ZN4llvm* 12 | } 13 | { 14 | LLVM:Tmp3 15 | Memcheck:Leak 16 | fun:*nwj* 17 | fun:*llvm* 18 | } 19 | { 20 | LLVM:Tmp4 21 | Memcheck:Leak 22 | fun:malloc 23 | fun:*llvm* 24 | } 25 | -------------------------------------------------------------------------------- /klee-2.3/utils/valgrind/valgrind-stp.supp: -------------------------------------------------------------------------------- 1 | { 2 | STP:BeevMgr 3 | Memcheck:Leak 4 | fun:_vgrZU_libstdcZpZpZa__Znwj 5 | fun:_ZN4BEEV7BeevMgr* 6 | } 7 | { 8 | STP:BeevMgr:strdup 9 | Memcheck:Leak 10 | fun:_vgrZU_libcZdsoZa_malloc 11 | fun:strdup 12 | fun:_ZN4BEEV7BeevMgr* 13 | } 14 | { 15 | STP:c_interface 16 | Memcheck:Leak 17 | fun:_vgrZU_libstdcZpZpZa__Znwj 18 | fun:vc_* 19 | } 20 | { 21 | STP:BeevMgr:vector 22 | Memcheck:Leak 23 | fun:_vgrZU_libstdcZpZpZa__Znwj 24 | fun:_ZNSt6vector* 25 | fun:_ZN4BEEV7BeevMgr* 26 | } 27 | { 28 | LLVM:Tmp1 29 | Memcheck:Leak 30 | fun:_vgrZU_libstdcZpZpZa__Znwj 31 | fun:_ZN4llvm* 32 | } 33 | -------------------------------------------------------------------------------- /portfolio/run-portfolio-all.sh: -------------------------------------------------------------------------------- 1 | DIR=$(dirname $0) 2 | 3 | parallel -v "res="'$({}/bin/z3 '$1')'"; if [[ "\"'$res'\"" == "\""unknown"\"" ]]; then exit 1; fi; echo "'$res' ::: $DIR/portfolio/* 4 | -------------------------------------------------------------------------------- /portfolio/run-portfolio.sh: -------------------------------------------------------------------------------- 1 | DIR=$(dirname $0) 2 | 3 | parallel --halt now,success=1 "res="'$({}/bin/z3 '$1')'"; if [[ "\"'$res'\"" == "\""unknown"\"" ]]; then exit 1; fi; echo "'$res' ::: $DIR/portfolio/* 4 | -------------------------------------------------------------------------------- /scripts/run_pots_parallel.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | TPOT_SPECS_DIR=$1 3 | TARGET_SYSTEM=$2 4 | POTS=$3 5 | 6 | DIR=$(dirname $0) 7 | 8 | ALL_ARGS=( ${@} ) 9 | TARGETS="${ALL_ARGS[*]:2}" 10 | 11 | NUM_TARGETS=$(echo "$TARGETS" | wc -w) 12 | echo "Running $NUM_TARGETS POTs in parallel for $TARGET_SYSTEM" 13 | 14 | for target in $TARGETS; do 15 | $DIR/run_pot.sh $TPOT_SPECS_DIR $target $TARGET_SYSTEM & 16 | done 17 | 18 | wait 19 | echo "--- All POTs done for $TARGET_SYSTEM ! ---" 20 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/include/arch/cache.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Table 11-1 from Volume 3A of the Intel manuals 4 | // 64 bytes for all CPUs we care about, i.e., Xeon and i3/i5/i7 5 | #define CACHE_LINE_SIZE 64 6 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/include/arch/halt.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #ifndef VERIFAST 4 | 5 | _Noreturn static inline void halt(void) 6 | { 7 | __asm__ volatile("hlt"); 8 | __builtin_unreachable(); // otherwise the compiler complains, because it doesn't know hlt semantics 9 | } 10 | 11 | #else 12 | // TODO VeriFast should know about __builtin_unreachable; how to properly model __asm__ though? (probably in a very conservative "any asm could do anything" way) 13 | #include 14 | _Noreturn static inline void halt(void) 15 | //@ requires emp; 16 | //@ ensures false; 17 | //@ terminates; 18 | { 19 | exit(0); 20 | } 21 | #endif 22 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/include/arch/io.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | // Intel manual Volume 2A: IN - Input from Port 6 | static inline uint32_t io_port_in32(uint16_t port) 7 | { 8 | uint32_t result; 9 | __asm__ volatile("inl %1, %0" : "=a"(result) : "dN"(port)); 10 | return result; 11 | } 12 | 13 | // Intel manual Volume 2B: OUT - Output to Port 14 | static inline void io_port_out8(uint16_t port, uint8_t value) { __asm__ volatile("outb %0, %1" : : "a"(value), "dN"(port)); } 15 | 16 | static inline void io_port_out32(uint16_t port, uint32_t value) { __asm__ volatile("outl %0, %1" : : "a"(value), "dN"(port)); } 17 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/include/arch/msr.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | // Intel manual Volume 2B: RDMSR - Read from Model Specific Register 6 | static inline uint64_t msr_read(uint64_t index) 7 | { 8 | uint64_t result; 9 | __asm__ volatile("rdmsr" : "=A"(result) : "c"((uint32_t) index)); 10 | return result; 11 | } 12 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/include/os/init.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Initializes the OS. Should only be called once, and only needs to be called by drivers at the start of the main function. 4 | void os_init(void); 5 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/include/os/log.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #ifndef DEBUG_LEVEL 4 | #define DEBUG_LEVEL 0 5 | #endif 6 | 7 | #if DEBUG_LEVEL > 0 8 | // No pre/postconditions, this method needs not be verified 9 | void os_debug(const char* message); 10 | #else 11 | static inline void os_debug(const char* message) 12 | //@ requires emp; 13 | //@ ensures emp; 14 | //@ terminates; 15 | { 16 | (void) message; 17 | // Nothing. Ensure the message can be removed from the final binary. 18 | } 19 | #endif 20 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/include/os/time.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | typedef uint64_t time_t; 6 | 7 | #define TIME_MAX UINT64_MAX 8 | #define TIME_MIN 0 9 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/include/verif/drivers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | uint64_t* descriptor_ring_alloc(size_t count); 7 | 8 | void* agents_alloc(size_t count, size_t size); 9 | 10 | typedef void foreach_index_forever_function(size_t index, void* state); 11 | _Noreturn void foreach_index_forever(size_t length, foreach_index_forever_function* func, void* state); 12 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/dpdk/Makefile: -------------------------------------------------------------------------------- 1 | ifneq ($(NET),dpdk) 2 | $(error The DPDK OS layer is only available when using DPDK for networking) 3 | endif 4 | 5 | # Get current dir, see https://stackoverflow.com/a/8080530 6 | OS_DIR := $(abspath $(dir $(lastword $(MAKEFILE_LIST)))) 7 | 8 | # Remove the shared memory allocator, DPDK has its own 9 | OS_SRCS := $(filter-out $(abspath $(OS_DIR)/../memory_alloc.c),$(OS_SRCS)) 10 | 11 | # Our sources 12 | OS_SRCS += $(shell echo $(OS_DIR)/*.c) 13 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/dpdk/clock.c: -------------------------------------------------------------------------------- 1 | #include "os/clock.h" 2 | 3 | #include 4 | 5 | void os_clock_sleep_ns(uint64_t ns) { rte_delay_us(ns * 1000); } 6 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/dpdk/init.c: -------------------------------------------------------------------------------- 1 | #include "os/init.h" 2 | 3 | #include 4 | #include 5 | 6 | // For clock.h 7 | uint64_t cpu_freq_numerator; 8 | uint64_t cpu_freq_denominator; 9 | 10 | void os_init(void) 11 | { 12 | cpu_freq_numerator = rte_get_tsc_hz(); 13 | if (cpu_freq_numerator == 0) { 14 | rte_panic("Could not get TSC freq"); 15 | } 16 | cpu_freq_denominator = 1000000000ull; 17 | while (cpu_freq_numerator % 10 == 0) { 18 | cpu_freq_numerator = cpu_freq_numerator / 10; 19 | cpu_freq_denominator = cpu_freq_denominator / 10; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/dpdk/log.c: -------------------------------------------------------------------------------- 1 | #include "os/log.h" 2 | 3 | #include 4 | 5 | #if DEBUG_LEVEL > 0 6 | #include 7 | 8 | void os_debug(const char* message) { rte_vlog(RTE_LOG_DEBUG, RTE_LOGTYPE_USER1, "%s\n", message); } 9 | #endif 10 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/linux/Makefile: -------------------------------------------------------------------------------- 1 | # Get current dir, see https://stackoverflow.com/a/8080530 2 | OS_DIR := $(abspath $(dir $(lastword $(MAKEFILE_LIST)))) 3 | 4 | # Our sources 5 | OS_SRCS += $(shell echo $(OS_DIR)/*.c) 6 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/linux/log.c: -------------------------------------------------------------------------------- 1 | #include "os/log.h" 2 | 3 | #if DEBUG_LEVEL > 0 4 | #include 5 | 6 | void os_debug(const char* message) 7 | { 8 | fprintf(stderr, "%s\n", message); 9 | fflush(stderr); 10 | } 11 | #endif 12 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/metal/Makefile: -------------------------------------------------------------------------------- 1 | # Get current dir, see https://stackoverflow.com/a/8080530 2 | OS_DIR := $(abspath $(dir $(lastword $(MAKEFILE_LIST)))) 3 | 4 | # Our sources 5 | OS_SRCS += $(shell echo $(OS_DIR)/*.c) 6 | 7 | # Force the use of our own time_t by preventing the stdlib from defining it and forcefully including ours so it's available (same workaround as linux/clock.c) 8 | CFLAGS += -D__time_t_defined 9 | CFLAGS += -D__DEFINED_time_t 10 | CFLAGS += --include os/clock.h 11 | 12 | # Bare-metal! 13 | CFLAGS += -ffreestanding -nostdlib 14 | 15 | ifneq (,$(findstring DEBUG_LEVEL,$(CFLAGS))) 16 | $(error The baremetal OS does not support debug features.) 17 | endif 18 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/metal/_start.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int main(int argc, char** argv); 4 | 5 | void _start(void) { main(0, NULL); } 6 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/metal/clock.c: -------------------------------------------------------------------------------- 1 | #include "os/clock.h" 2 | 3 | void os_clock_sleep_ns(uint64_t ns) 4 | { 5 | time_t target = os_clock_time_ns() + ns; 6 | while (os_clock_time_ns() != target) { 7 | // Nothing (TODO: CPU pause?) 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/metal/crti.asm: -------------------------------------------------------------------------------- 1 | section .init 2 | global _init:function 3 | 4 | _init: 5 | push rbp 6 | mov rbp, rsp 7 | 8 | section .fini 9 | global _fini:function 10 | 11 | _fini: 12 | push rbp 13 | mov rbp, rsp 14 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/metal/crtn.asm: -------------------------------------------------------------------------------- 1 | section .init 2 | pop rbp 3 | ret 4 | 5 | section .fini 6 | pop rbp 7 | ret 8 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/metal/grub.cfg: -------------------------------------------------------------------------------- 1 | set timeout=0 2 | set default=0 3 | 4 | menuentry "nf" { 5 | multiboot2 /boot/kernel.bin 6 | boot 7 | } 8 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/metal/init.c: -------------------------------------------------------------------------------- 1 | #include "os/init.h" 2 | 3 | #include "arch/msr.h" 4 | #include "arch/tsc.h" 5 | #include "os/memory.h" 6 | 7 | // For clock.h 8 | uint64_t cpu_freq_numerator; 9 | uint64_t cpu_freq_denominator; 10 | 11 | // For the shared memory allocator 12 | char memory[OS_MEMORY_SIZE]; // zero-initialized 13 | size_t memory_used_len; 14 | 15 | void os_init(void) { tsc_get_nhz(msr_read, &cpu_freq_numerator, &cpu_freq_denominator); } 16 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/metal/memory.c: -------------------------------------------------------------------------------- 1 | #include "os/memory.h" 2 | 3 | void* os_memory_phys_to_virt(uintptr_t addr, size_t size) 4 | { 5 | // phys == virt, no protections 6 | (void) size; 7 | return (void*) addr; 8 | } 9 | 10 | uintptr_t os_memory_virt_to_phys(const void* addr) 11 | { 12 | // phys == virt 13 | return (uintptr_t) addr; 14 | } 15 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/metal/multiboot1_header.asm: -------------------------------------------------------------------------------- 1 | section .multiboot_header 2 | 3 | header_start: 4 | dd 0x1BADB002 ; magic number (multiboot 1) 5 | dd 3 ; multiboot flags 6 | dd -(0x1BADB002 + 3) ; header checksum 7 | 8 | header_end: 9 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/metal/multiboot2_header.asm: -------------------------------------------------------------------------------- 1 | section .multiboot_header 2 | 3 | header_start: 4 | dd 0xe85250d6 ; magic number (multiboot 2) 5 | dd 0 ; architecture 0 (protected mode i386) 6 | dd header_end - header_start ; header length 7 | ; checksum 8 | dd 0x100000000 - (0xe85250d6 + 0 + (header_end - header_start)) 9 | ; required end tag 10 | dw 0 ; type 11 | dw 0 ; flags 12 | dd 8 ; size 13 | header_end: 14 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/os/pci.c: -------------------------------------------------------------------------------- 1 | #include "os/pci.h" 2 | 3 | #include "os/memory.h" 4 | 5 | static struct os_pci_address addresses[] = {OS_CONFIG_DATA}; 6 | 7 | size_t os_pci_enumerate(struct os_pci_address** out_addresses) 8 | { 9 | size_t count = sizeof(addresses) / sizeof(struct os_pci_address); 10 | *out_addresses = os_memory_alloc(count, sizeof(struct os_pci_address)); 11 | os_memory_copy(addresses, *out_addresses, sizeof(addresses)); 12 | return count; 13 | } 14 | -------------------------------------------------------------------------------- /targets/sosp24/klint/env/src/verif/drivers.c: -------------------------------------------------------------------------------- 1 | #include "verif/drivers.h" 2 | 3 | #include "os/memory.h" 4 | 5 | #include 6 | 7 | uint64_t* descriptor_ring_alloc(size_t count) { return os_memory_alloc(count, 2 * sizeof(uint64_t)); } 8 | 9 | void* agents_alloc(size_t count, size_t size) { return os_memory_alloc(count, size); } 10 | 11 | void foreach_index_forever(size_t length, foreach_index_forever_function* func, void* state) 12 | { 13 | while (true) { 14 | for (size_t index = 0; index < length; index++) { 15 | func(index, state); 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /targets/sosp24/klint/tpot-specs/index_pool/spec_helpers.h: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include "structs/index_pool.h" 4 | 5 | // copied from index_pool.c 6 | struct index_pool { 7 | time_t* timestamps; 8 | size_t size; 9 | time_t expiration_time; 10 | size_t last_borrowed_index; 11 | }; 12 | 13 | extern struct index_pool *pool; 14 | 15 | // --- helpers --- // 16 | /*SPECS*/ bool pool_young(time_t time, time_t expiration_time, size_t k, time_t v) { 17 | /*SPECS*/ return time < expiration_time || time - expiration_time <= v; 18 | /*SPECS*/ } /*SYNTAX*/ -------------------------------------------------------------------------------- /targets/sosp24/klint/tpot-specs/index_pool/tpot_config: -------------------------------------------------------------------------------- 1 | ; API functions 2 | index_pool_alloc 3 | index_pool_borrow 4 | index_pool_refresh 5 | index_pool_used 6 | index_pool_return -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/bbl/payload.S: -------------------------------------------------------------------------------- 1 | .section ".payload","a",@progbits 2 | 3 | .globl _payload_start, _payload_end 4 | .p2align 21 /* 2M */ 5 | _payload_start: 6 | .incbin BBL_PAYLOAD 7 | .p2align 12 /* 4K */ 8 | _payload_end: 9 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/bios/bios.lds.S: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | OUTPUT_ARCH(riscv) 6 | ENTRY(_start) 7 | 8 | SECTIONS 9 | { 10 | . = DRAM_START; 11 | 12 | _stext = .; 13 | TEXT_SECTION 14 | _etext = .; 15 | 16 | _sdata = .; 17 | RO_DATA_SECTION(L1_CACHE_BYTES) 18 | . = ALIGN(SZ_4K); 19 | .htif : { 20 | *(.htif .htif.*) 21 | } 22 | RW_DATA_SECTION(SZ_4K) 23 | _edata = .; 24 | 25 | BSS_SECTION(SZ_4K, SZ_2M) 26 | _end = .; 27 | 28 | .payload : { 29 | *(.payload) 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/bios/bios.mk: -------------------------------------------------------------------------------- 1 | BIOS_LDS := $(O)/bios/bios.lds 2 | BIOS_OBJS := $(call object,$(wildcard bios/*.S bios/*.c)) 3 | BIOS_BOOT_OBJS := $(call object,$(wildcard bios/boot/*.S)) 4 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/bios/entry.S: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | .text 5 | 6 | ENTRY(machine_trap_vector) 7 | SAVE_REGS scratch=mscratch 8 | 9 | mv a0, sp 10 | csrr a1, mcause 11 | call do_trap 12 | 13 | restore_regs: 14 | RESTORE_REGS 15 | mret 16 | END(machine_trap_vector) 17 | 18 | ENTRY(mret_with_regs) 19 | /* a0 holds pt_regs */ 20 | mv sp, a0 21 | j restore_regs 22 | END(mret_with_regs) 23 | 24 | ENTRY(mret) 25 | mret 26 | END(mret) 27 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/bios/ptrace.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct pt_regs *current_pt_regs(void) 4 | { 5 | return (void *)(uintptr_t)csr_read(mscratch); 6 | } 7 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/bios/traps.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | void show_sys_regs(void) 8 | { 9 | pr_info("mcause : " REG_FMT "\n", csr_read(mcause)); 10 | pr_info("mtval : " REG_FMT "\n", csr_read(mtval)); 11 | pr_info("mepc : " REG_FMT "\n", csr_read(mepc)); 12 | pr_info("mstatus : " REG_FMT "\n", csr_read(mstatus)); 13 | } 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/csrs.h: -------------------------------------------------------------------------------- 1 | #ifndef __CSR 2 | #error "__CSR must be defined!" 3 | #endif 4 | 5 | __CSR(mepc) 6 | 7 | __CSR(satp) 8 | __CSR(stvec) 9 | __CSR(scounteren) 10 | __CSR(stval) 11 | __CSR(sip) 12 | __CSR(scause) 13 | __CSR(sepc) 14 | __CSR(sstatus) 15 | __CSR(sscratch) 16 | __CSR(sie) 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/barrier.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define RISCV_FENCE(p, s) \ 4 | __asm__ __volatile__("fence " #p "," #s : : : "memory") 5 | 6 | static inline void memory_barrier(void) 7 | { 8 | RISCV_FENCE(rw, rw); 9 | } 10 | 11 | static inline void memory_load_barrier(void) 12 | { 13 | RISCV_FENCE(r, r); 14 | } 15 | 16 | static inline void memory_acquire_barrier(void) 17 | { 18 | RISCV_FENCE(r, rw); 19 | } 20 | 21 | static inline void memory_release_barrier(void) 22 | { 23 | RISCV_FENCE(rw, w); 24 | } 25 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/cache.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define L1_CACHE_SHIFT 6 4 | 5 | #define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) 6 | 7 | #define SMP_CACHE_BYTES L1_CACHE_BYTES 8 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/csr_bits/ideleg.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define IDEL_SOFT_U IP_USIP 6 | #define IDEL_SOFT_S IP_SSIP 7 | #define IDEL_SOFT_M IP_MSIP 8 | #define IDEL_TIMER_U IP_UTIP 9 | #define IDEL_TIMER_S IP_STIP 10 | #define IDEL_TIMER_M IP_MTIP 11 | #define IDEL_EXT_U IP_UEIP 12 | #define IDEL_EXT_S IP_SEIP 13 | #define IDEL_EXT_M IP_MEIP 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/csr_bits/ie.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define IE_USIE BIT_64(0) 6 | #define IE_SSIE BIT_64(1) 7 | /* RESERVED BIT_64(2) */ 8 | #define IE_MSIE BIT_64(3) 9 | #define IE_UTIE BIT_64(4) 10 | #define IE_STIE BIT_64(5) 11 | /* RESERVED BIT_64(6) */ 12 | #define IE_MTIE BIT_64(7) 13 | #define IE_UEIE BIT_64(8) 14 | #define IE_SEIE BIT_64(9) 15 | /* RESERVED BIT_64(10) */ 16 | #define IE_MEIE BIT_64(11) 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/csr_bits/ip.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define IP_USIP BIT_64(0) 6 | #define IP_SSIP BIT_64(1) 7 | /* RESERVED BIT_64(2) */ 8 | #define IP_MSIP BIT_64(3) 9 | #define IP_UTIP BIT_64(4) 10 | #define IP_STIP BIT_64(5) 11 | /* RESERVED BIT_64(6) */ 12 | #define IP_MTIP BIT_64(7) 13 | #define IP_UEIP BIT_64(8) 14 | #define IP_SEIP BIT_64(9) 15 | /* RESERVED BIT_64(10) */ 16 | #define IP_MEIP BIT_64(11) 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/csr_bits/pmpcfg.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define PMPCFG_R BIT_64(0) 6 | #define PMPCFG_W BIT_64(1) 7 | #define PMPCFG_X BIT_64(2) 8 | #define PMPCFG_RWX (PMPCFG_R | PMPCFG_W | PMPCFG_X) 9 | 10 | #define PMPCFG_A_SHIFT 3 11 | #define PMPCFG_A_OFF (0 << PMPCFG_A_SHIFT) 12 | #define PMPCFG_A_TOR (1 << PMPCFG_A_SHIFT) 13 | #define PMPCFG_A_NA4 (2 << PMPCFG_A_SHIFT) 14 | #define PMPCFG_A_NAPOT (3 << PMPCFG_A_SHIFT) 15 | 16 | #define PMPCFG_L BIT_64(7) 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/csr_bits/satp.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define SATP_PPN GENMASK_64(43, 0) 6 | #define SATP_ASID GENMASK_64(59, 44) 7 | #define SATP_MODE GENMASK_64(63, 60) 8 | 9 | #define SATP_MODE_SHIFT 60 10 | #define SATP_MODE_BARE (UINT64_C(0) << SATP_MODE_SHIFT) 11 | /* Reserved ... */ 12 | #define SATP_MODE_SV39 (UINT64_C(8) << SATP_MODE_SHIFT) 13 | #define SATP_MODE_SV48 (UINT64_C(9) << SATP_MODE_SHIFT) 14 | /* Reserved ... */ 15 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/mcall.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | extern phys_addr_t kernel_dtb; 7 | 8 | void mcall_init(phys_addr_t dtb); 9 | 10 | long do_mcall(struct pt_regs *regs); 11 | 12 | void mcall_console_putchar(uint8_t c); 13 | noreturn void mcall_shutdown(void); 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/page.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #define MAX_PHYSMEM_BITS 56 7 | 8 | #define PAGE_SHIFT (12) 9 | #define PAGE_SIZE (_AC(1, UL) << PAGE_SHIFT) 10 | #define PAGE_MASK (~(PAGE_SIZE - 1)) 11 | 12 | #ifndef __ASSEMBLER__ 13 | 14 | extern unsigned long va_pa_offset; 15 | 16 | #define __pa(x) ((uintptr_t)(x) - va_pa_offset) 17 | #define __va(x) ((void *)((uintptr_t)(x) + va_pa_offset)) 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/processor.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | static inline void cpu_relax(void) 7 | { 8 | barrier(); 9 | } 10 | 11 | static inline void wait_for_interrupt(void) 12 | { 13 | asm volatile("wfi"); 14 | } 15 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/asm/tlbflush.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | /* 5 | * Flush entire local TLB. 'sfence.vma' implicitly fences with the instruction 6 | * cache as well, so a 'fence.i' is not necessary. 7 | */ 8 | static __always_inline void local_flush_tlb_all(void) 9 | { 10 | asm volatile("sfence.vma" : : : "memory"); 11 | } 12 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/crypto/hmac.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | void hmac256_hash(uint8_t *out, const uint8_t *key, size_t keylen, const void *data, size_t datalen); 6 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/crypto/sha.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #define SHA256_DIGEST_SIZE 32 7 | #define SHA256_BLOCK_SIZE 64 8 | 9 | struct sha256_ctx { 10 | uint32_t state[137]; 11 | }; 12 | 13 | void sha256_init(struct sha256_ctx *ctx); 14 | void sha256_update(struct sha256_ctx *ctx, const uint8_t *data); 15 | void sha256_update_last(struct sha256_ctx *ctx, const uint8_t *data, size_t len); 16 | void sha256_finish(struct sha256_ctx *ctx, uint8_t *out); 17 | 18 | void sha256_update_multi(struct sha256_ctx *ctx, const uint8_t *data, size_t n); 19 | 20 | void sha256_hash(uint8_t *out, const void *data, size_t len); 21 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/io/bitsperlong.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define BITS_PER_BYTE 8 4 | #define BITS_PER_LONG (BITS_PER_BYTE * __SIZEOF_LONG__) 5 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/io/cpio.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #include 6 | 7 | #define MAX_CPIO_FILE_NAME 64 8 | 9 | struct cpio_data { 10 | void *data; 11 | size_t size; 12 | unsigned int mode; 13 | char name[MAX_CPIO_FILE_NAME]; 14 | }; 15 | 16 | struct cpio_data find_cpio_data(const char *path, void *data, size_t len, long *offset); 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/io/kbuild.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #define DEFINE(sym, val) \ 6 | asm volatile("\n.ascii \"->" #sym " %0 " #val "\"" : : "i" (val)) 7 | 8 | #define BLANK() asm volatile("\n.ascii \"->\"" : : ) 9 | 10 | #define OFFSET(sym, str, mem) \ 11 | DEFINE(sym, offsetof(struct str, mem)) 12 | 13 | #define COMMENT(x) \ 14 | asm volatile("\n.ascii \"->#" x "\"") 15 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/sys/init.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define COMMAND_LINE_SIZE 512 4 | 5 | extern char boot_command_line[]; 6 | 7 | void htif_init(void); 8 | void sifive_init(void); 9 | void sbi_console_init(const char *color); 10 | void time_init(void); 11 | void uart8250_init(void); 12 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/sys/log2.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 | /* Integer base 2 logarithm calculation 3 | * 4 | * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. 5 | * Written by David Howells (dhowells@redhat.com) 6 | */ 7 | 8 | #pragma once 9 | 10 | /** 11 | * is_power_of_2() - check if a value is a power of two 12 | * @n: the value to check 13 | * 14 | * Determine whether some value is a power of two, where zero is 15 | * *not* considered a power of two. 16 | * Return: true if @n is a power of 2, otherwise false. 17 | */ 18 | static inline bool is_power_of_2(unsigned long n) 19 | { 20 | return (n != 0 && ((n & (n - 1)) == 0)); 21 | } 22 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/sys/poison.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #define POISON_POINTER_DELTA 0 6 | 7 | /* 8 | * These are non-NULL pointers that will result in page faults 9 | * under normal circumstances, used to verify that nobody uses 10 | * non-initialized list entries. 11 | */ 12 | #define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA) 13 | #define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA) 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/sys/sections.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | extern char _stext[], _etext[]; 4 | extern char _sdata[], _edata[]; 5 | extern char _start[], _end[]; 6 | extern char __bss_start[], __bss_end[]; 7 | extern char _payload_start[], _payload_end[]; 8 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/sys/timex.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0-only */ 2 | /* 3 | * Copyright (C) 2012 Regents of the University of California 4 | */ 5 | 6 | #pragma once 7 | 8 | #include 9 | 10 | typedef unsigned long cycles_t; 11 | typedef unsigned long useconds_t; 12 | 13 | static inline cycles_t get_cycles(void) 14 | { 15 | cycles_t n; 16 | 17 | asm volatile("rdcycle %0" : "=r" (n)); 18 | return n; 19 | } 20 | 21 | useconds_t uptime(void); 22 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/sys/unaligned.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 11 | # define get_unaligned __get_unaligned_le 12 | # define put_unaligned __put_unaligned_le 13 | #elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ 14 | # define get_unaligned __get_unaligned_be 15 | # define put_unaligned __put_unaligned_be 16 | #else 17 | # error need to define endianess 18 | #endif 19 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/atto/fcntl.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | /* 4 | * Special value used to indicate openat should use the current 5 | * working directory. 6 | */ 7 | #define AT_FDCWD -100 8 | 9 | #define O_RDONLY 00000000 10 | #define O_WRONLY 00000001 11 | #define O_RDWR 00000002 12 | #define O_CREAT 00000100 13 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/atto/wait.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | struct siginfo; 4 | struct rusage; 5 | 6 | /* First argument to waitid: */ 7 | #define P_ALL 0 8 | #define P_PID 1 9 | #define P_PGID 2 10 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/certikos/elf.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | enum { 4 | ELF_FILE_IDLE = 0, 5 | ELF_FILE_ALICE, 6 | ELF_FILE_HACKER, 7 | ELF_FILE_BOB, 8 | NR_ELF_FILES, 9 | }; 10 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/certikos/param.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define NR_PROCS 64 4 | #define NR_CHILDREN 4 5 | #define NR_PAGES 256 6 | #define NR_QUANTA NR_PROCS 7 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/certikos/syscalls.h: -------------------------------------------------------------------------------- 1 | #ifndef __SYSCALL 2 | #define __SYSCALL(x, y) 3 | #endif 4 | 5 | /* start syscalls from 10; reserve lower ones for SBI */ 6 | 7 | #define __NR_get_quota 10 8 | __SYSCALL(__NR_get_quota, sys_get_quota) 9 | 10 | #define __NR_spawn 11 11 | __SYSCALL(__NR_spawn, sys_spawn) 12 | 13 | #define __NR_yield 12 14 | __SYSCALL(__NR_yield, sys_yield) 15 | 16 | #define __NR_getpid 13 17 | __SYSCALL(__NR_getpid, sys_getpid) 18 | 19 | /* alias: sbi_console_putchar */ 20 | #define __NR_print 1 21 | __SYSCALL(__NR_print, sys_print) 22 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/intmon/param.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define NR_SHADOW_PAGES 16 4 | #define NR_REGIONS 1 5 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/io/bitsperlong.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define BITS_PER_BYTE 8 4 | #define BITS_PER_LONG (BITS_PER_BYTE * __SIZEOF_LONG__) 5 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/io/cpio.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #include 6 | 7 | #define MAX_CPIO_FILE_NAME 64 8 | 9 | struct cpio_data { 10 | void *data; 11 | size_t size; 12 | unsigned int mode; 13 | char name[MAX_CPIO_FILE_NAME]; 14 | }; 15 | 16 | struct cpio_data find_cpio_data(const char *path, void *data, size_t len, long *offset); 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/io/kbuild.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #define DEFINE(sym, val) \ 6 | asm volatile("\n.ascii \"->" #sym " %0 " #val "\"" : : "i" (val)) 7 | 8 | #define BLANK() asm volatile("\n.ascii \"->\"" : : ) 9 | 10 | #define OFFSET(sym, str, mem) \ 11 | DEFINE(sym, offsetof(struct str, mem)) 12 | 13 | #define COMMENT(x) \ 14 | asm volatile("\n.ascii \"->#" x "\"") 15 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/keystone/syscalls.h: -------------------------------------------------------------------------------- 1 | #ifndef __SYSCALL 2 | #define __SYSCALL(x, y) 3 | #endif 4 | 5 | /* Start keystone syscalls from 9, reserve 0-8 for SBI */ 6 | 7 | #define __NR_create_enclave 9 8 | __SYSCALL(__NR_create_enclave, sys_create_enclave) 9 | 10 | #define __NR_destroy_enclave 10 11 | __SYSCALL(__NR_destroy_enclave, sys_destroy_enclave) 12 | 13 | #define __NR_run_enclave 11 14 | __SYSCALL(__NR_run_enclave, sys_run_enclave) 15 | 16 | #define __NR_exit_enclave 12 17 | __SYSCALL(__NR_exit_enclave, sys_exit_enclave) 18 | 19 | #define __NR_resume_enclave 13 20 | __SYSCALL(__NR_resume_enclave, sys_resume_enclave) 21 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/komodo/memregions.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define KOM_PAGE_SIZE 0x1000 4 | 5 | #define KOM_SECURE_RESERVE (1 * 1024 * 4096) 6 | #define KOM_SECURE_NPAGES (KOM_SECURE_RESERVE / KOM_PAGE_SIZE) 7 | 8 | #define KOM_INSECURE_RESERVE (1 * 1024 * 1024) 9 | #define KOM_INSECURE_NPAGES (KOM_INSECURE_RESERVE / KOM_PAGE_SIZE) 10 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/komodo/svccalls.h: -------------------------------------------------------------------------------- 1 | #ifndef __SVCCALL 2 | #define __SVCCALL(x, y) 3 | #endif 4 | 5 | #define KOM_SVC_EXIT 30 6 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/include/uapi/toymon/syscalls.h: -------------------------------------------------------------------------------- 1 | #ifndef __SYSCALL 2 | #define __SYSCALL(x, y) 3 | #endif 4 | 5 | /* Start syscalls from 10, reserve 0-9 for SBI */ 6 | 7 | #define __NR_hello_world 10 8 | __SYSCALL(__NR_hello_world, sys_hello_world) 9 | 10 | #define __NR_get_and_set 11 11 | __SYSCALL(__NR_get_and_set, sys_get_and_set) 12 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/kernel/bswap.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | uint32_t __bswapsi2(uint32_t u) 4 | { 5 | return (((u & 0xff000000) >> 24) 6 | | ((u & 0x00ff0000) >> 8) 7 | | ((u & 0x0000ff00) << 8) 8 | | ((u & 0x000000ff) << 24)); 9 | } 10 | 11 | uint64_t __bswapdi2(uint64_t u) 12 | { 13 | return (((u & 0xff00000000000000ull) >> 56) 14 | | ((u & 0x00ff000000000000ull) >> 40) 15 | | ((u & 0x0000ff0000000000ull) >> 24) 16 | | ((u & 0x000000ff00000000ull) >> 8) 17 | | ((u & 0x00000000ff000000ull) << 8) 18 | | ((u & 0x0000000000ff0000ull) << 24) 19 | | ((u & 0x000000000000ff00ull) << 40) 20 | | ((u & 0x00000000000000ffull) << 56)); 21 | } 22 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/kernel/hacl/kremlib.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #define load16_be(ptr) get_unaligned_be16(ptr) 7 | #define load32_be(ptr) get_unaligned_be32(ptr) 8 | #define load64_be(ptr) get_unaligned_be64(ptr) 9 | 10 | #define store16_be(ptr, val) put_unaligned_be16(val, ptr) 11 | #define store32_be(ptr, val) put_unaligned_be32(val, ptr) 12 | #define store64_be(ptr, val) put_unaligned_be64(val, ptr) 13 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/kernel/hmac256.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "hacl/Hacl_HMAC_SHA2_256.h" 3 | 4 | void hmac256_hash(uint8_t *out, const uint8_t *key, size_t keylen, const void *data, size_t datalen) 5 | { 6 | Hacl_HMAC_SHA2_256_hmac(out, (uint8_t *)key, keylen, (uint8_t *)data, datalen); 7 | } 8 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/kernel/kernel.lds.S: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | OUTPUT_ARCH(riscv) 6 | ENTRY(_start) 7 | 8 | SECTIONS 9 | { 10 | . = KERNEL_VIRTUAL_START; 11 | 12 | _stext = .; 13 | TEXT_SECTION 14 | _etext = .; 15 | 16 | _sdata = .; 17 | RO_DATA_SECTION(SZ_4K) 18 | RW_DATA_SECTION(SZ_4K) 19 | _edata = .; 20 | 21 | BSS_SECTION(SZ_4K, SZ_4K) 22 | _end = .; 23 | } 24 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/kernel/kernel.mk: -------------------------------------------------------------------------------- 1 | KERNEL_LDS := $(O)/kernel/kernel.lds 2 | KERNEL_OBJS := $(call object,$(wildcard kernel/*.S kernel/*.c kernel/libfdt/*.c kernel/hacl/*.c)) 3 | KERNEL_BOOT_OBJS := $(call object,$(wildcard kernel/boot/*.S)) 4 | 5 | include/asm/asm-offsets.h: $(O)/kernel/asm-offsets.S 6 | $(QUIET_GEN)$(call gen-offsets) < $< > $@~ 7 | $(Q)mv $@~ $@ 8 | 9 | $(O)/kernel/libfdt/%.o: CFLAGS += -I kernel/libfdt 10 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/kernel/libfdt/libfdt_env.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | typedef be16_t fdt16_t; 7 | typedef be32_t fdt32_t; 8 | typedef be64_t fdt64_t; 9 | 10 | #define fdt32_to_cpu(x) be32_to_cpu(x) 11 | #define cpu_to_fdt32(x) cpu_to_be32(x) 12 | #define fdt64_to_cpu(x) be64_to_cpu(x) 13 | #define cpu_to_fdt64(x) cpu_to_be64(x) 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/kernel/panic.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | void panic(const char *fmt, ...) 5 | { 6 | static char buf[1024]; 7 | va_list args; 8 | 9 | va_start(args, fmt); 10 | vsnprintf(buf, sizeof(buf), fmt, args); 11 | va_end(args); 12 | pr_emerg("panic: %s", buf); 13 | 14 | dump_stack(); 15 | shutdown(); 16 | } 17 | 18 | void die(struct pt_regs *regs, const char *str) 19 | { 20 | pr_emerg("%s", str); 21 | show_regs(regs); 22 | 23 | dump_stack(); 24 | shutdown(); 25 | } 26 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/kernel/shutdown.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void __weak shutdown(void) 4 | { 5 | sbi_shutdown(); 6 | while (1) 7 | ; 8 | } 9 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/kernel/smp.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | uint64_t cpu_stack[NR_CPUS][CPU_STACK_SIZE / sizeof(uint64_t)] __aligned(SZ_4K); 5 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/komodo-kernel/kernel.mk: -------------------------------------------------------------------------------- 1 | KOMONO_KERNEL_ELF := $(O)/monitors/komodo/kernel.elf 2 | 3 | KOMONO_KERNEL_OBJS := $(call object,$(wildcard monitors/komodo/kernel/*.c monitors/komodo/kernel/*.S)) 4 | 5 | $(KOMONO_KERNEL_ELF): $(KERNEL_LDS) $(KERNEL_BOOT_OBJS) $(KERNEL_OBJS) $(KOMONO_KERNEL_OBJS) 6 | $(QUIET_LD)$(LD) -o $@ $(LDFLAGS) -T $^ 7 | $(Q)$(OBJDUMP) -S $@ > $(basename $@).asm 8 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/specs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "monitor.h" 4 | #include "tpot_primitives.h" 5 | #include 6 | 7 | extern struct kom_pagedb_entry g_pagedb[KOM_SECURE_NPAGES]; 8 | extern uint64_t secure_pages[KOM_SECURE_NPAGES][KOM_PAGE_SIZE / sizeof(uint64_t)] __aligned(KOM_PAGE_SIZE); 9 | extern uint64_t _payload_start[KOM_INSECURE_NPAGES][KOM_PAGE_SIZE / sizeof(uint64_t)]; 10 | 11 | extern struct host_state host_state; 12 | extern bool enclave_mode; 13 | extern kom_secure_pageno_t g_cur_dispatcher_pageno; 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/verif/basic.rkt: -------------------------------------------------------------------------------- 1 | #lang rosette/safe 2 | 3 | (require 4 | serval/lib/core 5 | serval/lib/unittest 6 | (prefix-in komodo: "symbols.rkt") 7 | ) 8 | 9 | (define (check-komodo-symbols) 10 | (check-equal? (find-overlapping-symbol komodo:symbols) #f "Symbol overlap check failed")) 11 | 12 | (define komodo-basic-tests 13 | (test-suite+ "komodo basic tests" 14 | (test-case+ "komodo symbol check" (check-komodo-symbols)) 15 | )) 16 | 17 | (module+ test 18 | (time (run-tests komodo-basic-tests))) 19 | 20 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-serval/verif/symbols.rkt: -------------------------------------------------------------------------------- 1 | #lang racket 2 | 3 | (require 4 | (prefix-in @ "generated/monitors/komodo.map.rkt") 5 | "generated/monitors/komodo.globals.rkt" 6 | "generated/monitors/komodo/verif/asm-offsets.rkt") 7 | 8 | (provide symbols globals) 9 | 10 | (define (update-symbol-size lst s n) 11 | (list-update lst 12 | (index-where lst (lambda (x) (equal? (last x) s))) 13 | (lambda (x) (list-set x 1 (+ (first x) n))))) 14 | 15 | ; patch the size of _payload_start to be KOM_INSECURE_RESERVE 16 | (define symbols (update-symbol-size @symbols '_payload_start KOM_INSECURE_RESERVE)) 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/bbl/payload.S: -------------------------------------------------------------------------------- 1 | .section ".payload","a",@progbits 2 | 3 | .globl _payload_start, _payload_end 4 | .p2align 21 /* 2M */ 5 | _payload_start: 6 | .incbin BBL_PAYLOAD 7 | .p2align 12 /* 4K */ 8 | _payload_end: 9 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/bios/bios.lds.S: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | OUTPUT_ARCH(riscv) 6 | ENTRY(_start) 7 | 8 | SECTIONS 9 | { 10 | . = DRAM_START; 11 | 12 | _stext = .; 13 | TEXT_SECTION 14 | _etext = .; 15 | 16 | _sdata = .; 17 | RO_DATA_SECTION(L1_CACHE_BYTES) 18 | . = ALIGN(SZ_4K); 19 | .htif : { 20 | *(.htif .htif.*) 21 | } 22 | RW_DATA_SECTION(SZ_4K) 23 | _edata = .; 24 | 25 | BSS_SECTION(SZ_4K, SZ_2M) 26 | _end = .; 27 | 28 | .payload : { 29 | *(.payload) 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/bios/bios.mk: -------------------------------------------------------------------------------- 1 | BIOS_LDS := $(O)/bios/bios.lds 2 | BIOS_OBJS := $(call object,$(wildcard bios/*.S bios/*.c)) 3 | BIOS_BOOT_OBJS := $(call object,$(wildcard bios/boot/*.S)) 4 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/bios/entry.S: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | .text 5 | 6 | ENTRY(machine_trap_vector) 7 | SAVE_REGS scratch=mscratch 8 | 9 | mv a0, sp 10 | csrr a1, mcause 11 | call do_trap 12 | 13 | restore_regs: 14 | RESTORE_REGS 15 | mret 16 | END(machine_trap_vector) 17 | 18 | ENTRY(mret_with_regs) 19 | /* a0 holds pt_regs */ 20 | mv sp, a0 21 | j restore_regs 22 | END(mret_with_regs) 23 | 24 | ENTRY(mret) 25 | mret 26 | END(mret) 27 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/bios/ptrace.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct pt_regs *current_pt_regs(void) 4 | { 5 | return (void *)(uintptr_t)csr_read(mscratch); 6 | } 7 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/bios/traps.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | void show_sys_regs(void) 8 | { 9 | pr_info("mcause : " REG_FMT "\n", csr_read(mcause)); 10 | pr_info("mtval : " REG_FMT "\n", csr_read(mtval)); 11 | pr_info("mepc : " REG_FMT "\n", csr_read(mepc)); 12 | pr_info("mstatus : " REG_FMT "\n", csr_read(mstatus)); 13 | } 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/csrs.h: -------------------------------------------------------------------------------- 1 | #ifndef __CSR 2 | #error "__CSR must be defined!" 3 | #endif 4 | 5 | __CSR(mepc) 6 | 7 | __CSR(satp) 8 | __CSR(stvec) 9 | __CSR(scounteren) 10 | __CSR(stval) 11 | __CSR(sip) 12 | __CSR(scause) 13 | __CSR(sepc) 14 | __CSR(sstatus) 15 | __CSR(sscratch) 16 | __CSR(sie) 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/barrier.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define RISCV_FENCE(p, s) \ 4 | __asm__ __volatile__("fence " #p "," #s : : : "memory") 5 | 6 | static inline void memory_barrier(void) 7 | { 8 | RISCV_FENCE(rw, rw); 9 | } 10 | 11 | static inline void memory_load_barrier(void) 12 | { 13 | RISCV_FENCE(r, r); 14 | } 15 | 16 | static inline void memory_acquire_barrier(void) 17 | { 18 | RISCV_FENCE(r, rw); 19 | } 20 | 21 | static inline void memory_release_barrier(void) 22 | { 23 | RISCV_FENCE(rw, w); 24 | } 25 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/cache.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define L1_CACHE_SHIFT 6 4 | 5 | #define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) 6 | 7 | #define SMP_CACHE_BYTES L1_CACHE_BYTES 8 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/csr_bits/ideleg.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define IDEL_SOFT_U IP_USIP 6 | #define IDEL_SOFT_S IP_SSIP 7 | #define IDEL_SOFT_M IP_MSIP 8 | #define IDEL_TIMER_U IP_UTIP 9 | #define IDEL_TIMER_S IP_STIP 10 | #define IDEL_TIMER_M IP_MTIP 11 | #define IDEL_EXT_U IP_UEIP 12 | #define IDEL_EXT_S IP_SEIP 13 | #define IDEL_EXT_M IP_MEIP 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/csr_bits/ie.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define IE_USIE BIT_64(0) 6 | #define IE_SSIE BIT_64(1) 7 | /* RESERVED BIT_64(2) */ 8 | #define IE_MSIE BIT_64(3) 9 | #define IE_UTIE BIT_64(4) 10 | #define IE_STIE BIT_64(5) 11 | /* RESERVED BIT_64(6) */ 12 | #define IE_MTIE BIT_64(7) 13 | #define IE_UEIE BIT_64(8) 14 | #define IE_SEIE BIT_64(9) 15 | /* RESERVED BIT_64(10) */ 16 | #define IE_MEIE BIT_64(11) 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/csr_bits/ip.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define IP_USIP BIT_64(0) 6 | #define IP_SSIP BIT_64(1) 7 | /* RESERVED BIT_64(2) */ 8 | #define IP_MSIP BIT_64(3) 9 | #define IP_UTIP BIT_64(4) 10 | #define IP_STIP BIT_64(5) 11 | /* RESERVED BIT_64(6) */ 12 | #define IP_MTIP BIT_64(7) 13 | #define IP_UEIP BIT_64(8) 14 | #define IP_SEIP BIT_64(9) 15 | /* RESERVED BIT_64(10) */ 16 | #define IP_MEIP BIT_64(11) 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/csr_bits/pmpcfg.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define PMPCFG_R BIT_64(0) 6 | #define PMPCFG_W BIT_64(1) 7 | #define PMPCFG_X BIT_64(2) 8 | #define PMPCFG_RWX (PMPCFG_R | PMPCFG_W | PMPCFG_X) 9 | 10 | #define PMPCFG_A_SHIFT 3 11 | #define PMPCFG_A_OFF (0 << PMPCFG_A_SHIFT) 12 | #define PMPCFG_A_TOR (1 << PMPCFG_A_SHIFT) 13 | #define PMPCFG_A_NA4 (2 << PMPCFG_A_SHIFT) 14 | #define PMPCFG_A_NAPOT (3 << PMPCFG_A_SHIFT) 15 | 16 | #define PMPCFG_L BIT_64(7) 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/csr_bits/satp.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define SATP_PPN GENMASK_64(43, 0) 6 | #define SATP_ASID GENMASK_64(59, 44) 7 | #define SATP_MODE GENMASK_64(63, 60) 8 | 9 | #define SATP_MODE_SHIFT 60 10 | #define SATP_MODE_BARE (UINT64_C(0) << SATP_MODE_SHIFT) 11 | /* Reserved ... */ 12 | #define SATP_MODE_SV39 (UINT64_C(8) << SATP_MODE_SHIFT) 13 | #define SATP_MODE_SV48 (UINT64_C(9) << SATP_MODE_SHIFT) 14 | /* Reserved ... */ 15 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/mcall.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | extern phys_addr_t kernel_dtb; 7 | 8 | void mcall_init(phys_addr_t dtb); 9 | 10 | long do_mcall(struct pt_regs *regs); 11 | 12 | void mcall_console_putchar(uint8_t c); 13 | noreturn void mcall_shutdown(void); 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/page.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #define MAX_PHYSMEM_BITS 56 7 | 8 | #define PAGE_SHIFT (12) 9 | #define PAGE_SIZE (_AC(1, UL) << PAGE_SHIFT) 10 | #define PAGE_MASK (~(PAGE_SIZE - 1)) 11 | 12 | #ifndef __ASSEMBLER__ 13 | 14 | extern unsigned long va_pa_offset; 15 | 16 | #define __pa(x) ((uintptr_t)(x) - va_pa_offset) 17 | #define __va(x) ((void *)((uintptr_t)(x) + va_pa_offset)) 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/processor.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | static inline void cpu_relax(void) 7 | { 8 | barrier(); 9 | } 10 | 11 | static inline void wait_for_interrupt(void) 12 | { 13 | asm volatile("wfi"); 14 | } 15 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/asm/tlbflush.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | /* 5 | * Flush entire local TLB. 'sfence.vma' implicitly fences with the instruction 6 | * cache as well, so a 'fence.i' is not necessary. 7 | */ 8 | static __always_inline void local_flush_tlb_all(void) 9 | { 10 | asm volatile("sfence.vma" : : : "memory"); 11 | } 12 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/crypto/hmac.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | void hmac256_hash(uint8_t *out, const uint8_t *key, size_t keylen, const void *data, size_t datalen); 6 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/crypto/sha.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #define SHA256_DIGEST_SIZE 32 7 | #define SHA256_BLOCK_SIZE 64 8 | 9 | struct sha256_ctx { 10 | uint32_t state[137]; 11 | }; 12 | 13 | void sha256_init(struct sha256_ctx *ctx); 14 | void sha256_update(struct sha256_ctx *ctx, const uint8_t *data); 15 | void sha256_update_last(struct sha256_ctx *ctx, const uint8_t *data, size_t len); 16 | void sha256_finish(struct sha256_ctx *ctx, uint8_t *out); 17 | 18 | void sha256_update_multi(struct sha256_ctx *ctx, const uint8_t *data, size_t n); 19 | 20 | void sha256_hash(uint8_t *out, const void *data, size_t len); 21 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/io/bitsperlong.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define BITS_PER_BYTE 8 4 | #define BITS_PER_LONG (BITS_PER_BYTE * __SIZEOF_LONG__) 5 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/io/cpio.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #include 6 | 7 | #define MAX_CPIO_FILE_NAME 64 8 | 9 | struct cpio_data { 10 | void *data; 11 | size_t size; 12 | unsigned int mode; 13 | char name[MAX_CPIO_FILE_NAME]; 14 | }; 15 | 16 | struct cpio_data find_cpio_data(const char *path, void *data, size_t len, long *offset); 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/io/kbuild.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #define DEFINE(sym, val) \ 6 | asm volatile("\n.ascii \"->" #sym " %0 " #val "\"" : : "i" (val)) 7 | 8 | #define BLANK() asm volatile("\n.ascii \"->\"" : : ) 9 | 10 | #define OFFSET(sym, str, mem) \ 11 | DEFINE(sym, offsetof(struct str, mem)) 12 | 13 | #define COMMENT(x) \ 14 | asm volatile("\n.ascii \"->#" x "\"") 15 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/sys/init.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define COMMAND_LINE_SIZE 512 4 | 5 | extern char boot_command_line[]; 6 | 7 | void htif_init(void); 8 | void sifive_init(void); 9 | void sbi_console_init(const char *color); 10 | void time_init(void); 11 | void uart8250_init(void); 12 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/sys/log2.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 | /* Integer base 2 logarithm calculation 3 | * 4 | * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. 5 | * Written by David Howells (dhowells@redhat.com) 6 | */ 7 | 8 | #pragma once 9 | 10 | /** 11 | * is_power_of_2() - check if a value is a power of two 12 | * @n: the value to check 13 | * 14 | * Determine whether some value is a power of two, where zero is 15 | * *not* considered a power of two. 16 | * Return: true if @n is a power of 2, otherwise false. 17 | */ 18 | static inline bool is_power_of_2(unsigned long n) 19 | { 20 | return (n != 0 && ((n & (n - 1)) == 0)); 21 | } 22 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/sys/poison.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #define POISON_POINTER_DELTA 0 6 | 7 | /* 8 | * These are non-NULL pointers that will result in page faults 9 | * under normal circumstances, used to verify that nobody uses 10 | * non-initialized list entries. 11 | */ 12 | #define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA) 13 | #define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA) 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/sys/sections.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | extern char _stext[], _etext[]; 4 | extern char _sdata[], _edata[]; 5 | extern char _start[], _end[]; 6 | extern char __bss_start[], __bss_end[]; 7 | extern char _payload_start[], _payload_end[]; 8 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/sys/timex.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0-only */ 2 | /* 3 | * Copyright (C) 2012 Regents of the University of California 4 | */ 5 | 6 | #pragma once 7 | 8 | #include 9 | 10 | typedef unsigned long cycles_t; 11 | typedef unsigned long useconds_t; 12 | 13 | static inline cycles_t get_cycles(void) 14 | { 15 | cycles_t n; 16 | 17 | asm volatile("rdcycle %0" : "=r" (n)); 18 | return n; 19 | } 20 | 21 | useconds_t uptime(void); 22 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/sys/unaligned.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 11 | # define get_unaligned __get_unaligned_le 12 | # define put_unaligned __put_unaligned_le 13 | #elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ 14 | # define get_unaligned __get_unaligned_be 15 | # define put_unaligned __put_unaligned_be 16 | #else 17 | # error need to define endianess 18 | #endif 19 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/atto/fcntl.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | /* 4 | * Special value used to indicate openat should use the current 5 | * working directory. 6 | */ 7 | #define AT_FDCWD -100 8 | 9 | #define O_RDONLY 00000000 10 | #define O_WRONLY 00000001 11 | #define O_RDWR 00000002 12 | #define O_CREAT 00000100 13 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/atto/wait.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | struct siginfo; 4 | struct rusage; 5 | 6 | /* First argument to waitid: */ 7 | #define P_ALL 0 8 | #define P_PID 1 9 | #define P_PGID 2 10 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/certikos/elf.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | enum { 4 | ELF_FILE_IDLE = 0, 5 | ELF_FILE_ALICE, 6 | ELF_FILE_HACKER, 7 | ELF_FILE_BOB, 8 | NR_ELF_FILES, 9 | }; 10 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/certikos/param.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define NR_PROCS 64 4 | #define NR_CHILDREN 4 5 | #define NR_PAGES 256 6 | #define NR_QUANTA NR_PROCS 7 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/certikos/syscalls.h: -------------------------------------------------------------------------------- 1 | #ifndef __SYSCALL 2 | #define __SYSCALL(x, y) 3 | #endif 4 | 5 | /* start syscalls from 10; reserve lower ones for SBI */ 6 | 7 | #define __NR_get_quota 10 8 | __SYSCALL(__NR_get_quota, sys_get_quota) 9 | 10 | #define __NR_spawn 11 11 | __SYSCALL(__NR_spawn, sys_spawn) 12 | 13 | #define __NR_yield 12 14 | __SYSCALL(__NR_yield, sys_yield) 15 | 16 | #define __NR_getpid 13 17 | __SYSCALL(__NR_getpid, sys_getpid) 18 | 19 | /* alias: sbi_console_putchar */ 20 | #define __NR_print 1 21 | __SYSCALL(__NR_print, sys_print) 22 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/intmon/param.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define NR_SHADOW_PAGES 16 4 | #define NR_REGIONS 1 5 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/io/bitsperlong.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define BITS_PER_BYTE 8 4 | #define BITS_PER_LONG (BITS_PER_BYTE * __SIZEOF_LONG__) 5 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/io/cpio.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #include 6 | 7 | #define MAX_CPIO_FILE_NAME 64 8 | 9 | struct cpio_data { 10 | void *data; 11 | size_t size; 12 | unsigned int mode; 13 | char name[MAX_CPIO_FILE_NAME]; 14 | }; 15 | 16 | struct cpio_data find_cpio_data(const char *path, void *data, size_t len, long *offset); 17 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/io/kbuild.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | 3 | #pragma once 4 | 5 | #define DEFINE(sym, val) \ 6 | asm volatile("\n.ascii \"->" #sym " %0 " #val "\"" : : "i" (val)) 7 | 8 | #define BLANK() asm volatile("\n.ascii \"->\"" : : ) 9 | 10 | #define OFFSET(sym, str, mem) \ 11 | DEFINE(sym, offsetof(struct str, mem)) 12 | 13 | #define COMMENT(x) \ 14 | asm volatile("\n.ascii \"->#" x "\"") 15 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/keystone/syscalls.h: -------------------------------------------------------------------------------- 1 | #ifndef __SYSCALL 2 | #define __SYSCALL(x, y) 3 | #endif 4 | 5 | /* Start keystone syscalls from 9, reserve 0-8 for SBI */ 6 | 7 | #define __NR_create_enclave 9 8 | __SYSCALL(__NR_create_enclave, sys_create_enclave) 9 | 10 | #define __NR_destroy_enclave 10 11 | __SYSCALL(__NR_destroy_enclave, sys_destroy_enclave) 12 | 13 | #define __NR_run_enclave 11 14 | __SYSCALL(__NR_run_enclave, sys_run_enclave) 15 | 16 | #define __NR_exit_enclave 12 17 | __SYSCALL(__NR_exit_enclave, sys_exit_enclave) 18 | 19 | #define __NR_resume_enclave 13 20 | __SYSCALL(__NR_resume_enclave, sys_resume_enclave) 21 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/komodo/memregions.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define KOM_PAGE_SIZE 0x1000 4 | 5 | #define KOM_SECURE_RESERVE (1 * 1024 * 4096) 6 | #define KOM_SECURE_NPAGES (KOM_SECURE_RESERVE / KOM_PAGE_SIZE) 7 | 8 | #define KOM_INSECURE_RESERVE (1 * 1024 * 1024) 9 | #define KOM_INSECURE_NPAGES (KOM_INSECURE_RESERVE / KOM_PAGE_SIZE) 10 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/komodo/svccalls.h: -------------------------------------------------------------------------------- 1 | #ifndef __SVCCALL 2 | #define __SVCCALL(x, y) 3 | #endif 4 | 5 | #define KOM_SVC_EXIT 30 6 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/include/uapi/toymon/syscalls.h: -------------------------------------------------------------------------------- 1 | #ifndef __SYSCALL 2 | #define __SYSCALL(x, y) 3 | #endif 4 | 5 | /* Start syscalls from 10, reserve 0-9 for SBI */ 6 | 7 | #define __NR_hello_world 10 8 | __SYSCALL(__NR_hello_world, sys_hello_world) 9 | 10 | #define __NR_get_and_set 11 11 | __SYSCALL(__NR_get_and_set, sys_get_and_set) 12 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/kernel/bswap.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | uint32_t __bswapsi2(uint32_t u) 4 | { 5 | return (((u & 0xff000000) >> 24) 6 | | ((u & 0x00ff0000) >> 8) 7 | | ((u & 0x0000ff00) << 8) 8 | | ((u & 0x000000ff) << 24)); 9 | } 10 | 11 | uint64_t __bswapdi2(uint64_t u) 12 | { 13 | return (((u & 0xff00000000000000ull) >> 56) 14 | | ((u & 0x00ff000000000000ull) >> 40) 15 | | ((u & 0x0000ff0000000000ull) >> 24) 16 | | ((u & 0x000000ff00000000ull) >> 8) 17 | | ((u & 0x00000000ff000000ull) << 8) 18 | | ((u & 0x0000000000ff0000ull) << 24) 19 | | ((u & 0x000000000000ff00ull) << 40) 20 | | ((u & 0x00000000000000ffull) << 56)); 21 | } 22 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/kernel/hacl/kremlib.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #define load16_be(ptr) get_unaligned_be16(ptr) 7 | #define load32_be(ptr) get_unaligned_be32(ptr) 8 | #define load64_be(ptr) get_unaligned_be64(ptr) 9 | 10 | #define store16_be(ptr, val) put_unaligned_be16(val, ptr) 11 | #define store32_be(ptr, val) put_unaligned_be32(val, ptr) 12 | #define store64_be(ptr, val) put_unaligned_be64(val, ptr) 13 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/kernel/hmac256.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "hacl/Hacl_HMAC_SHA2_256.h" 3 | 4 | void hmac256_hash(uint8_t *out, const uint8_t *key, size_t keylen, const void *data, size_t datalen) 5 | { 6 | Hacl_HMAC_SHA2_256_hmac(out, (uint8_t *)key, keylen, (uint8_t *)data, datalen); 7 | } 8 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/kernel/kernel.lds.S: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | OUTPUT_ARCH(riscv) 6 | ENTRY(_start) 7 | 8 | SECTIONS 9 | { 10 | . = KERNEL_VIRTUAL_START; 11 | 12 | _stext = .; 13 | TEXT_SECTION 14 | _etext = .; 15 | 16 | _sdata = .; 17 | RO_DATA_SECTION(SZ_4K) 18 | RW_DATA_SECTION(SZ_4K) 19 | _edata = .; 20 | 21 | BSS_SECTION(SZ_4K, SZ_4K) 22 | _end = .; 23 | } 24 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/kernel/kernel.mk: -------------------------------------------------------------------------------- 1 | KERNEL_LDS := $(O)/kernel/kernel.lds 2 | KERNEL_OBJS := $(call object,$(wildcard kernel/*.S kernel/*.c kernel/libfdt/*.c kernel/hacl/*.c)) 3 | KERNEL_BOOT_OBJS := $(call object,$(wildcard kernel/boot/*.S)) 4 | 5 | include/asm/asm-offsets.h: $(O)/kernel/asm-offsets.S 6 | $(QUIET_GEN)$(call gen-offsets) < $< > $@~ 7 | $(Q)mv $@~ $@ 8 | 9 | $(O)/kernel/libfdt/%.o: CFLAGS += -I kernel/libfdt 10 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/kernel/libfdt/libfdt_env.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | typedef be16_t fdt16_t; 7 | typedef be32_t fdt32_t; 8 | typedef be64_t fdt64_t; 9 | 10 | #define fdt32_to_cpu(x) be32_to_cpu(x) 11 | #define cpu_to_fdt32(x) cpu_to_be32(x) 12 | #define fdt64_to_cpu(x) be64_to_cpu(x) 13 | #define cpu_to_fdt64(x) cpu_to_be64(x) 14 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/kernel/panic.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | void panic(const char *fmt, ...) 5 | { 6 | static char buf[1024]; 7 | va_list args; 8 | 9 | va_start(args, fmt); 10 | vsnprintf(buf, sizeof(buf), fmt, args); 11 | va_end(args); 12 | pr_emerg("panic: %s", buf); 13 | 14 | dump_stack(); 15 | shutdown(); 16 | } 17 | 18 | void die(struct pt_regs *regs, const char *str) 19 | { 20 | pr_emerg("%s", str); 21 | show_regs(regs); 22 | 23 | dump_stack(); 24 | shutdown(); 25 | } 26 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/kernel/shutdown.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void __weak shutdown(void) 4 | { 5 | sbi_shutdown(); 6 | while (1) 7 | ; 8 | } 9 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/kernel/smp.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | uint64_t cpu_stack[NR_CPUS][CPU_STACK_SIZE / sizeof(uint64_t)] __aligned(SZ_4K); 5 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/komodo-kernel/kernel.mk: -------------------------------------------------------------------------------- 1 | KOMONO_KERNEL_ELF := $(O)/monitors/komodo/kernel.elf 2 | 3 | KOMONO_KERNEL_OBJS := $(call object,$(wildcard monitors/komodo/kernel/*.c monitors/komodo/kernel/*.S)) 4 | 5 | $(KOMONO_KERNEL_ELF): $(KERNEL_LDS) $(KERNEL_BOOT_OBJS) $(KERNEL_OBJS) $(KOMONO_KERNEL_OBJS) 6 | $(QUIET_LD)$(LD) -o $@ $(LDFLAGS) -T $^ 7 | $(Q)$(OBJDUMP) -S $@ > $(basename $@).asm 8 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/specs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "monitor.h" 4 | #include "tpot_primitives.h" 5 | #include 6 | 7 | extern struct kom_pagedb_entry g_pagedb[KOM_SECURE_NPAGES]; 8 | extern uint64_t secure_pages[KOM_SECURE_NPAGES][KOM_PAGE_SIZE / sizeof(uint64_t)] __aligned(KOM_PAGE_SIZE); 9 | extern struct page_entry *_payload_start; 10 | 11 | extern struct host_state host_state; 12 | extern bool enclave_mode; 13 | extern kom_secure_pageno_t g_cur_dispatcher_pageno; 14 | 15 | static void *page_monvaddr(kom_secure_pageno_t pageno) { 16 | return (void *)secure_pages + pageno * KOM_PAGE_SIZE; 17 | } -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/verif/basic.rkt: -------------------------------------------------------------------------------- 1 | #lang rosette/safe 2 | 3 | (require 4 | serval/lib/core 5 | serval/lib/unittest 6 | (prefix-in komodo: "symbols.rkt") 7 | ) 8 | 9 | (define (check-komodo-symbols) 10 | (check-equal? (find-overlapping-symbol komodo:symbols) #f "Symbol overlap check failed")) 11 | 12 | (define komodo-basic-tests 13 | (test-suite+ "komodo basic tests" 14 | (test-case+ "komodo symbol check" (check-komodo-symbols)) 15 | )) 16 | 17 | (module+ test 18 | (time (run-tests komodo-basic-tests))) 19 | 20 | -------------------------------------------------------------------------------- /targets/sosp24/komodo-star/verif/symbols.rkt: -------------------------------------------------------------------------------- 1 | #lang racket 2 | 3 | (require 4 | (prefix-in @ "generated/monitors/komodo.map.rkt") 5 | "generated/monitors/komodo.globals.rkt" 6 | "generated/monitors/komodo/verif/asm-offsets.rkt") 7 | 8 | (provide symbols globals) 9 | 10 | (define (update-symbol-size lst s n) 11 | (list-update lst 12 | (index-where lst (lambda (x) (equal? (last x) s))) 13 | (lambda (x) (list-set x 1 (+ (first x) n))))) 14 | 15 | ; patch the size of _payload_start to be KOM_INSECURE_RESERVE 16 | (define symbols (update-symbol-size @symbols '_payload_start KOM_INSECURE_RESERVE)) 17 | -------------------------------------------------------------------------------- /targets/sosp24/kvm-pgtable/tpot_config: -------------------------------------------------------------------------------- 1 | ; API functions 2 | kvm_set_table_pte 3 | kvm_set_valid_leaf_pte 4 | hyp_map_set_prot_attr -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/cn/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: default check 2 | 3 | default: check 4 | 5 | check: 6 | cn early_alloc.c -I ../original/ 7 | 8 | 9 | -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/cn/time.sh: -------------------------------------------------------------------------------- 1 | sum=0 2 | count=5 3 | 4 | for value in $(seq 1 $count); 5 | do 6 | start=`date +%s.%N` 7 | cn early_alloc.c -I ../original/ 8 | end=`date +%s.%N` 9 | runtime=$( echo "$end - $start" | bc -l ) 10 | sum=$( echo "$sum + $runtime" | bc -l ) 11 | done 12 | 13 | echo "$sum / $count" | bc -l 14 | -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/original/include/kernel.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | /* CP: originally at linux/tools/virtio/linux/kernel.h */ 3 | 4 | /* CP: removing everything except this typedef */ 5 | 6 | typedef unsigned long long phys_addr_t; 7 | -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/original/include/page-def.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0-only */ 2 | /* CP: originally at linux/arch/arm64/include/asm/page-def.h */ 3 | /* 4 | * Based on arch/arm/include/asm/page.h 5 | * 6 | * Copyright (C) 1995-2003 Russell King 7 | * Copyright (C) 2017 ARM Ltd. 8 | */ 9 | 10 | 11 | 12 | 13 | /* CP: removing everything, just fixing the PAGE_SHIFT and PAGE_SIZE values */ 14 | #define PAGE_SHIFT 12 15 | #define PAGE_SIZE 4096 16 | -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/original/include/stddef.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | /* CP: originally at linux/include/linux/stddef.h */ 3 | 4 | 5 | /* CP: removing everything except definition of NULL */ 6 | 7 | 8 | #define NULL ((void *)0) 9 | -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/tpot/spec_helpers.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "memory.h" 4 | 5 | #include "include/page-def.h" 6 | #include "include/stddef.h" 7 | #include "include/kvm_pgtable.h" 8 | 9 | #define NUM_PAGES 1024 10 | 11 | extern unsigned long long hyp_physvirt_offset; 12 | extern struct kvm_pgtable_mm_ops hyp_early_alloc_mm_ops; 13 | 14 | extern unsigned long base; 15 | extern unsigned long end; 16 | extern unsigned long cur; 17 | 18 | void * hyp_early_alloc_page(void *arg); 19 | void * hyp_early_alloc_contig(unsigned int nr_pages); 20 | void hyp_early_alloc_init(unsigned long virt, unsigned long size); -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/tpot/tpot_config: -------------------------------------------------------------------------------- 1 | ; API functions 2 | hyp_early_alloc_page 3 | hyp_early_alloc_init 4 | hyp_early_alloc_contig 5 | hyp_early_alloc_nr_pages -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/verifast/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: default check clean 2 | 3 | default: check 4 | 5 | clean: 6 | rm -f generated.c 7 | 8 | generated.c: memory.h early_alloc.c ../original/include/*.h 9 | cat macros.h > generated.c 10 | clang -I ../original -E -CC -P -Wno-comment -Wno-invalid-pp-token early_alloc.c >> generated.c 11 | 12 | check: generated.c 13 | verifast -shared -allow_dead_code -link_should_fail generated.c 14 | 15 | -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/verifast/lemmas.h: -------------------------------------------------------------------------------- 1 | /*PROOF*/ /*@ lemma_auto void characters_zeroed_join(char *array); 2 | /*PROOF*/ requires [?f]characters_zeroed(array, ?n) &*& [f]characters_zeroed(array + n, ?n0); 3 | /*PROOF*/ ensures [f]characters_zeroed(array, n + n0); @*/ 4 | -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/verifast/macros.h: -------------------------------------------------------------------------------- 1 | #define PAGE_SHIFT 12 2 | #define PAGE_SIZE 4096 3 | -------------------------------------------------------------------------------- /targets/sosp24/pkvm-early-alloc/verifast/time.sh: -------------------------------------------------------------------------------- 1 | sum=0 2 | count=5 3 | 4 | make generated.c 5 | for value in $(seq 1 $count); 6 | do 7 | start=`date +%s.%N` 8 | verifast -shared -allow_dead_code -link_should_fail generated.c 9 | end=`date +%s.%N` 10 | runtime=$( echo "$end - $start" | bc -l ) 11 | sum=$( echo "$sum + $runtime" | bc -l ) 12 | done 13 | 14 | echo "$sum / $count" | bc -l 15 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/equals.h: -------------------------------------------------------------------------------- 1 | #ifndef _EQUALS_H 2 | #define _EQUALS_H 3 | 4 | /*@ 5 | fixpoint bool equals(unit u, t x, t y){ 6 | switch(u){ 7 | case unit: return x == y; 8 | } 9 | } 10 | @*/ 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/linux/compiler.h: -------------------------------------------------------------------------------- 1 | #ifndef COMPILER_H 2 | #define COMPILER_H 3 | 4 | /** 5 | * Compiler.h 6 | * 7 | * In Linux this file also includes e.g. compile-gcc.h for 8 | * macros that need to be defined depending on the compiler. 9 | * 10 | * In this file, you find the VeriFast equivalent of these 11 | * macro definitions. 12 | */ 13 | 14 | #endif 15 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/linux/device.h: -------------------------------------------------------------------------------- 1 | #ifndef _LINUX_DEVICE_H 2 | #define _LINUX_DEVICE_H 3 | 4 | struct device { 5 | struct device *parent; 6 | // TPot: The verifast case study simplified this struct. We put driver_data back in 7 | // so that we can directly use the original linux functions in various models in linux_tpot.c. 8 | void *driver_data; 9 | }; 10 | 11 | int dev_err(const struct device *dev, const char *fmt, ...); 12 | //@ requires false; 13 | //@ ensures true; 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/linux/errno.h: -------------------------------------------------------------------------------- 1 | #ifndef _LINUX_ERRNO_H 2 | #define _LINUX_ERRNO_H 3 | 4 | #define ECONNRESET 104 5 | #define ENOENT 2 6 | #define ESHUTDOWN 108 7 | #define ENODEV 19 8 | #define ENOMEM 12 9 | #define EIO 5 10 | #define EINPROGRESS 115 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/linux/gfp.h: -------------------------------------------------------------------------------- 1 | #ifndef _LINUX_GFP_H 2 | #define _LINUX_GFP_H 3 | 4 | #include 5 | 6 | // original: typedef unsigned __bitwise__ gfp_t; 7 | typedef unsigned int __bitwise__ gfp_t; 8 | 9 | 10 | // The problem with 11 | // #define GFP_KERNEL (__GFP_WAIT | __GFP_IO | __GFP_FS) 12 | // is that VeriFast cannot typecheck it and cannot evaluate it 13 | // (and because it cannot evaluate it, we cannot check in assertions 14 | // that a value, constructed using GFP_KERNEL macro, has a certain 15 | // value (32 on x86-32)). 16 | #define GFP_KERNEL 32 17 | #define GFP_ATOMIC 208 18 | 19 | 20 | #endif -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/linux/module.h: -------------------------------------------------------------------------------- 1 | #ifndef _LINUX_MODULE_H 2 | #define _LINUX_MODULE_H 3 | 4 | #endif 5 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/linux/printk.h: -------------------------------------------------------------------------------- 1 | #ifndef _LINUX_PRINTK_H 2 | #define _LINUX_PRINTK_H 3 | 4 | /** 5 | * 6 | * We don't support multiple arguments and formatted strings. 7 | */ 8 | int printk(char *string); 9 | // chars instead of array to support "string literals". 10 | //@ requires [?f]string(string, ?cs) &*& mem('%', cs) == false; 11 | //@ ensures [f]string(string, cs); 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/linux/slab.h: -------------------------------------------------------------------------------- 1 | #ifndef _LINUX_SLAB_H 2 | #define _LINUX_SLAB_H 3 | 4 | #include 5 | #include 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/linux/spinlock_types.h: -------------------------------------------------------------------------------- 1 | #ifndef __LINUX_SPINLOCK_TYPES_H 2 | #define __LINUX_SPINLOCK_TYPES_H 3 | 4 | struct spinlock_t_typedef_hiding; 5 | 6 | //typedef struct spinlock_t_typedef_hiding spinlock_t; // Verifast crashes. 7 | typedef int spinlock_t; 8 | 9 | #endif 10 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/linux/stddef.h: -------------------------------------------------------------------------------- 1 | #ifndef _LINUX_STDDEF_H 2 | #define _LINUX_STDDEF_H 3 | 4 | #define NULL 0 5 | 6 | // stddef.h might be the wrong place for this predicate. 7 | // This predicate states that the current thread, which is threadId, is not 8 | // running in interrupt context. This predicate is used as precondition of 9 | // callbacks that are not allowed to be executed in interrupt context, i.e. 10 | // that require in_interrupt() te return false. 11 | // The threadId argument makes sure this predicate is not secretly passed 12 | // to some other thread which then abuses it. 13 | //@ predicate not_in_interrupt_context(int threadId); 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/linux/usb/input.h: -------------------------------------------------------------------------------- 1 | #ifndef _LINUX_USB_INPUT_H 2 | #define _LINUX_USB_INPUT_H 3 | 4 | #include 5 | #include 6 | 7 | inline void 8 | usb_to_input_id(const struct usb_device *dev, struct input_id *id); 9 | //@ requires usb_device(dev, ?ep0) &*& id->bustype |-> _ &*& id->vendor |-> _ &*& id->product |-> _ &*& id->version |-> _; 10 | //@ ensures usb_device(dev, ep0) &*& id->bustype |-> ?bustype &*& id->vendor |-> ?vendor &*& id->product |-> ?product &*& id->version |-> ?version; 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/spec_helpers.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include "defs.h" 3 | 4 | bool dev_is_opened(struct input_dev *dev); 5 | bool dev_reportable(struct input_dev *dev); 6 | bool dev_registered(struct input_dev *dev); 7 | -------------------------------------------------------------------------------- /targets/sosp24/usbmouse/tpot_config: -------------------------------------------------------------------------------- 1 | ; API functions 2 | usb_mouse_open 3 | usb_mouse_close 4 | usb_mouse_irq 5 | usb_mouse_probe 6 | usb_mouse_disconnect 7 | ; Invariants to use 8 | spec__usb_mouse_open: inv__input_dev 9 | spec__usb_mouse_close: inv__input_dev 10 | spec__usb_mouse_irq: inv__urb 11 | spec__usb_mouse_probe: inv__intf 12 | spec__usb_mouse_disconnect: inv__intf --------------------------------------------------------------------------------