├── .gitignore ├── .gitmodules ├── .ocp-indent ├── LICENSE ├── README.md ├── config.cmd ├── config.sh ├── include ├── slayer.h └── slayer_intrinsics.h ├── src ├── .ocamlspot ├── AbstractTransitionSystem.ml ├── AbstractTransitionSystem.mli ├── Abstraction.ml ├── Abstraction.mli ├── Analysis.ml ├── Analysis.mli ├── BiEdge.ml ├── BiEdge.mli ├── CONGRUENCE_RELATION.ml ├── CngRel.ml ├── CngRel.mli ├── Config.ml ├── CounterExample.ml ├── CounterExample.mli ├── Discovery.ml ├── Discovery.mli ├── DisjCngClos.ml ├── DisjTransClos.ml ├── Expression.ml ├── Expression.mli ├── FLD.ml ├── FORMULA.ml ├── Frame.ml ├── Frame.mli ├── Frontend.ml ├── Graph.ml ├── Graph.mli ├── Graph_sig.ml ├── HashCons.ml ├── HashCons.mli ├── HeapAbstraction.ml ├── HeapAbstraction.mli ├── HeapGraph.ml ├── HeapGraph.mli ├── Hooks.ml ├── Hooks.mli ├── Initialize.ml ├── Initialize.mli ├── Inline.ml ├── Inline.mli ├── Instrumentation.ml ├── Instrumentation.mli ├── Interproc.ml ├── Interproc.mli ├── Interproc_sig.ml ├── Library.ml ├── Library.mli ├── Library │ ├── NSArray.ml │ ├── NSArray.mli │ ├── NSBinaryRelation.ml │ ├── NSBinaryRelation.mli │ ├── NSHashMap.ml │ ├── NSHashMap.mli │ ├── NSHashMultiMap.ml │ ├── NSHashMultiMap.mli │ ├── NSHashSet.ml │ ├── NSHashSet.mli │ ├── NSHashtbl.ml │ ├── NSHashtbl.mli │ ├── NSImperativeMap.ml │ ├── NSImperativeMap.mli │ ├── NSImperativeMultiMap.ml │ ├── NSImperativeMultiMap.mli │ ├── NSImperativeSet.ml │ ├── NSImperativeSet.mli │ ├── NSIndexedSet.ml │ ├── NSIndexedSet.mli │ ├── NSLib.ml │ ├── NSLib.mli │ ├── NSList.ml │ ├── NSList.mli │ ├── NSMap.ml │ ├── NSMap.mli │ ├── NSMultiIndexedMultiSet.ml │ ├── NSMultiIndexedMultiSet.mli │ ├── NSMultiIndexedSet.ml │ ├── NSMultiIndexedSet.mli │ ├── NSMultiMap.ml │ ├── NSMultiMap.mli │ ├── NSMultiSet.ml │ ├── NSMultiSet.mli │ ├── NSOption.ml │ ├── NSOption.mli │ ├── NSPolyHashMap.ml │ ├── NSPolyHashMap.mli │ ├── NSPolySet.ml │ ├── NSPolySet.mli │ ├── NSSet.ml │ ├── NSSet.mli │ ├── NSSortedList.ml │ ├── NSSortedList.mli │ ├── NSString.ml │ ├── NSString.mli │ ├── NSTuple.ml │ └── NSTuple.mli ├── Livevars.ml ├── Livevars.mli ├── Log.ml ├── Log.mli ├── Makefile ├── Program.ml ├── Program.mli ├── Prover.ml ├── Prover.mli ├── Pure.ml ├── Pure.mli ├── README ├── README.txt ├── Reachability.ml ├── Reachability.mli ├── RemoveUnusedGlobals.ml ├── SYMBOLIC_HEAP.ml ├── Statistics.ml ├── Statistics.mli ├── Substitution.ml ├── Substitution.mli ├── SymbolicExecution.ml ├── SymbolicExecution.mli ├── SymbolicHeap.ml ├── SymbolicHeap.mli ├── TRANSITIVE_RELATION.ml ├── TYP.ml ├── Timer.ml ├── Timer.mli ├── TransRel.ml ├── TransformProgram.ml ├── TransformProgram.mli ├── Type.ml ├── Type.mli ├── UniqueId.ml ├── UniqueId.mli ├── UnitTests │ ├── Frame_test.ml │ ├── Frame_test.mli │ ├── Graph_test.ml │ ├── Graph_test.mli │ ├── Prover_test.ml │ ├── Prover_test.mli │ ├── TestGen.ml │ ├── TestGen.mli │ ├── TestGenProver.ml │ ├── TestGenProver.mli │ ├── Variable_test.ml │ ├── Variable_test.mli │ └── entailments.txt ├── Variable.ml ├── Variable.mli ├── _tags ├── contaminated │ ├── PolySet.ml │ └── PolySet.mli ├── doc │ └── depend_module.mli ├── frontend_esp.ml ├── frontend_esp.mli ├── slayer.ml └── slayer.mli └── test ├── CORRECT.txt ├── EXPECTED.txt ├── Makefile ├── README ├── cex ├── csll │ ├── cyclic_list_unsafe.c │ ├── destroy_iter_rem_unsafe.c │ ├── destroy_test_dangling_unsafe.c │ ├── fill_walk_drain_unsafe.c │ ├── remove2_unsafe.c │ ├── remove_for2_unsafe.c │ ├── remove_for_unsafe.c │ └── remove_unsafe.c ├── kmdf │ ├── CromData_trace_unsafe.c │ ├── allocate_resources_insert_head_list_unsafe.c │ ├── attach_buffer_insert_head_list_unsafe.c │ ├── cleanup_isochresourcedata_remove_head_list_unsafe.c │ ├── cromdata_add_remove_unsafe.c │ ├── free_resources_remove_entry_list_unsafe.c │ ├── is_on_list_flat_unsafe.c │ └── set_local_properties_plist_entry_unsafe.c ├── simple │ ├── changing_truth_value_unsafe.c │ ├── changing_truth_value_unsafe_garbage.c │ ├── complicated_safe.c │ ├── complicated_unsafe.c │ ├── maybe_malloc_then_write.c │ ├── no_loops_unsafe.c │ ├── nontrivial_list_2_unsafe.c │ ├── nontrivial_list_2_unsafe_garbage.c │ ├── nontrivial_list_unsafe.c │ ├── serious_unsafe.c │ ├── simple_list_unsafe.c │ ├── simple_loop_unsafe.c │ ├── simple_loop_unsafe_garbage.c │ ├── two_loops_unsafe.c │ ├── very_simple_unsafe.c │ ├── very_simple_unsafe_garbage_4.c │ ├── very_simple_unsafe_garbage_easy.c │ ├── very_simple_unsafe_garbage_even_less_easy.c │ └── very_simple_unsafe_garbage_less_easy.c ├── sll │ ├── append_fs_unsafe.c │ ├── append_ret_fs_unsafe.c │ ├── append_ret_unsafe.c │ ├── append_unsafe.c │ ├── copy_fs_unsafe.c │ ├── copy_leak_unsafe.c │ ├── copy_unsafe.c │ ├── create_body_unsafe.c │ ├── create_kernel_unsafe.c │ ├── create_via_tmps_unsafe.c │ ├── destroy_sll_unsafe.c │ ├── filter_fs_unsafe.c │ ├── filter_ret_unsafe.c │ ├── filter_unsafe.c │ ├── insertion_sort_inlined_lead_unsafe.c │ ├── insertion_sort_inlined_unsafe.c │ ├── insertion_sort_unsafe.c │ ├── list_of_objects.c │ ├── list_of_objects_unsafe.c │ ├── remove_ret_unsafe.c │ ├── reverse_div2_unsafe.c │ ├── reverse_div3_unsafe.c │ ├── reverse_div4_unsafe.c │ ├── reverse_div_unsafe.c │ ├── reverse_leak2_unsafe.c │ ├── reverse_leak_unsafe.c │ ├── reverse_negative_sublists_unsafe.c │ ├── reverse_ret_unsafe.c │ ├── reverse_seg_cyclic_unsafe.c │ ├── reverse_seg_unsafe.c │ ├── reverse_unsafe.c │ ├── splice_unsafe.c │ ├── traverse3_unsafe.c │ ├── traverse_1lists_unsafe.c │ ├── traverse_2lists_unsafe.c │ ├── traverse_5lists_unsafe.c │ ├── traverse_seg_unsafe.c │ ├── traverse_twice_unsafe.c │ └── traverse_unsafe.c └── sll_rec │ ├── create_rec2_unsafe.c │ ├── create_rec3_unsafe.c │ ├── create_rec_unsafe.c │ ├── find_rec_unsafe.c │ ├── insertion_sort_rec_unsafe.c │ ├── merge_rec_unsafe.c │ ├── reverse_app_ret_rec_unsafe.c │ ├── reverse_rec_unsafe.c │ ├── traverse_rec_nondet_unsafe.c │ ├── traverse_rec_unsafe.c │ ├── traverse_seg_rec_nondet_unsafe.c │ └── traverse_seg_rec_unsafe.c ├── config.cmd ├── config.sh ├── csll ├── csll.h ├── cyclic_list.c ├── destroy.c ├── destroy_iter_rem.c ├── destroy_test_dangling.c ├── fill_walk_drain.c ├── remove.c ├── remove2.c ├── remove_for.c ├── remove_for2.c ├── remove_leak.c └── remove_leak_nd_ret.c ├── dev ├── frec.c ├── irreducible.c ├── straight.c └── straight_func.c ├── kmdf ├── 1394 │ ├── CromData_trace.c │ ├── address_range_plist_entry.c │ ├── allocate_resources_insert_head_list.c │ ├── attach_buffer_insert_head_list.c │ ├── attach_completion_routine_remove_entry_list.c │ ├── callback_remove_entry_list.c │ ├── cleanup_asyncaddressdata_remove_head_list.c │ ├── cleanup_cromdata_remove_head_list.c │ ├── cleanup_isochdetachdata_remove_head_list.c │ ├── cleanup_isochresourcedata_remove_head_list.c │ ├── common.h │ ├── cromdata_add_remove.c │ ├── cromdata_add_remove_fs.c │ ├── free_resources_remove_entry_list.c │ ├── initialize_list_head.c │ ├── is_on_list_flat.c │ ├── is_on_list_via_devext.c │ ├── isoch_detach_data_shares_devext.c │ ├── set_local_properties_plist_entry.c │ ├── timeout_remove_entry_list.c │ ├── wdf_device_create.c │ ├── wdf_device_init_set_pnp_power_event_callbacks.c │ ├── wdf_driver_config_init.c │ ├── wdf_driver_create.c │ ├── wdf_object_attributes_init_context_type.c │ └── wdf_pnppower_event_callbacks.c ├── 1394.h ├── harness.h └── microtests │ └── WdfStringCreate_ObjectDelete.c ├── multi └── link │ ├── extern.c │ └── main.c ├── other ├── ExAllocatePoolWithTag.c ├── addr_of_global_struct.c ├── address_arith.c ├── address_of.c ├── address_of2.c ├── address_of_global.c ├── address_of_malloced_struct.c ├── address_of_struct.c ├── address_taken_assigned_by_return.c ├── alloc_object_into_array.c ├── anonymous_union.c ├── array_access.c ├── array_arguments_heap.c ├── array_arguments_stack.c ├── array_in_formal.c ├── array_of_guids.c ├── array_of_structs.c ├── assume_assert.c ├── backjump.c ├── bitfield.c ├── bool_to_int.c ├── call.c ├── call_arg.c ├── call_arg_unique.c ├── cast.c ├── cast_1394.c ├── cast_bt_types.c ├── cast_guard_implicit.c ├── cast_guard_int.c ├── cast_guard_ptr.c ├── compound_assignment.c ├── containing_record.c ├── control_guard.c ├── copy_struct_on_heap.c ├── copy_struct_on_stack.c ├── dead_code.c ├── deref_NULL2.c ├── deref_ZERO.c ├── deref_via_call.c ├── deref_via_call2.c ├── deref_via_call3.c ├── dynamic_size_array.c ├── empty.c ├── forwdjump.c ├── free_free.c ├── free_local.c ├── fun_arg_order.c ├── fused_assign_1.c ├── fused_assign_2.c ├── get_untyped_buf.c ├── global_struct_fields.c ├── global_var.c ├── globals_per_proc.c ├── icall.c ├── icall_with_global1.c ├── icall_with_global2.c ├── icall_with_global3.c ├── icall_with_global4.c ├── if.c ├── if_integer.c ├── if_pointer.c ├── ifguard.c ├── inline_args.c ├── inline_criteria.c ├── mainret.c ├── malloc.c ├── malloc_free.c ├── malloc_free_struct.c ├── malloc_struct.c ├── multireturn.c ├── nested_struct.c ├── pointer_subtraction.c ├── reachable_globals.c ├── rep_3_f_int_star.c ├── rep_4_f_int_star.c ├── rep_4_f_void_star.c ├── return.c ├── return_struct.c ├── sized_array_simple.c ├── small_ites4.c ├── small_ites8.c ├── store_to_0x0.c ├── store_to_0x0_fix.c ├── straightline.c ├── struct.c ├── struct_all.c ├── struct_argument.c ├── struct_argument_cl_fail.c ├── struct_argument_esp_fail.c ├── struct_array_copy.c ├── struct_assign_1.c ├── struct_assign_2.c ├── struct_assign_3.c ├── struct_assign_4.c ├── struct_assign_5.c ├── struct_field.c ├── struct_init.c ├── struct_local.c ├── struct_pass.c ├── switch.c ├── track_global_frees.c ├── two_elt_array_fptr.c ├── two_elt_array_global.c ├── two_elt_array_local.c ├── unused_global.c ├── unused_global_2.c ├── update_global_var.c ├── while.c ├── while2loads.c ├── write_to_busInfo_struct.c └── writer_reader.c ├── scripts ├── compare_results.gp ├── compare_results.ml ├── gather_results.ml └── sort_tests.ml ├── sll ├── append.c ├── append_fs.c ├── append_ret.c ├── append_ret_fs.c ├── copy.c ├── copy_leak.c ├── create.c ├── create_body.c ├── create_fs.c ├── create_fs_via_tmps.c ├── create_kernel.c ├── create_seg.c ├── create_via_tmps.c ├── destroy.c ├── destroy_seg.c ├── destroy_seg_leak.c ├── filter.c ├── filter_fs.c ├── filter_ret.c ├── find.c ├── find_ret.c ├── heap.h ├── insert.c ├── insert_ret.c ├── insertion_sort.c ├── insertion_sort_inlined.c ├── insertion_sort_inlined_leak.c ├── print.c ├── print_fs.c ├── remove_ret.c ├── reverse.c ├── reverse_div.c ├── reverse_div2.c ├── reverse_div3.c ├── reverse_div4.c ├── reverse_div5.c ├── reverse_leak.c ├── reverse_leak2.c ├── reverse_negative_sublists.c ├── reverse_negative_sublists1.c ├── reverse_negative_sublists1_leak.c ├── reverse_negative_sublists1_unsafe.c ├── reverse_negative_sublists2.c ├── reverse_negative_sublists2_leak.c ├── reverse_negative_sublists2_unsafe.c ├── reverse_negative_sublists_fs.c ├── reverse_ret.c ├── reverse_seg.c ├── reverse_seg_cyclic.c ├── sll.h ├── splice.c ├── splice_fs.c ├── straightline.c ├── traverse.c ├── traverse2.c ├── traverse3.c ├── traverse4.c ├── traverse5.c ├── traverse_1lists.c ├── traverse_2lists.c ├── traverse_3lists.c ├── traverse_4lists.c ├── traverse_5lists.c ├── traverse_seg.c ├── traverse_seg2.c └── traverse_twice.c ├── sll_rec ├── append_ret_rec.c ├── create_rec.c ├── create_rec2.c ├── create_rec3.c ├── destroy_rec.c ├── find_rec.c ├── insert_rec.c ├── insert_ret_rec.c ├── insertion_sort_rec.c ├── merge_rec.c ├── merge_rec1.c ├── merge_sort.c ├── quick_sort.c ├── remove_rec.c ├── remove_ret_rec.c ├── reverse_app_ret_rec.c ├── reverse_rec.c ├── reverse_ret_rec.c ├── splice_rec.c ├── split.c ├── traverse_rec.c ├── traverse_rec_nondet.c ├── traverse_seg_rec.c └── traverse_seg_rec_nondet.c └── ssa ├── branch.c ├── dloop.c ├── fig-19_4.c └── straightline.c /.gitignore: -------------------------------------------------------------------------------- 1 | Version.ml 2 | _build* 3 | bin 4 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "tools/Z3"] 2 | path = tools/Z3 3 | url = https://git.codeplex.com/forks/jjb/z3 4 | -------------------------------------------------------------------------------- /.ocp-indent: -------------------------------------------------------------------------------- 1 | normal 2 | base = 2 3 | type = 2 4 | in = 0 5 | with = 0 6 | match_clause = 4 7 | max_indent = 2 8 | strict_with = auto 9 | strict_else = always 10 | strict_comments = true 11 | align_ops = true 12 | align_params = always 13 | -------------------------------------------------------------------------------- /config.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | REM SLAyer setup file. 4 | REM Most of these settings are for running slayer in stand-alone mode. 5 | REM slayer running under slam needs very little of this. 6 | 7 | set SLWIN=%~dp0.. 8 | 9 | set PATH=%SLWIN%\SLAyer\bin;%PATH% 10 | set PATH=%SLWIN%\SLAyer\tools\bin;%PATH% 11 | set PATH=%SLWIN%\SLAyer\tools\Z3\build;%PATH% 12 | set PATH=%SLWIN%\SLAyer\tools\flexdll;%PATH% 13 | 14 | REM sd merge. 15 | set PATH=%$PROGRAMFILES%\Emacs\emacs\bin;%PATH% 16 | set SDMERGE=%SLWIN%\SLAyer\tools\site-lisp\msel\mymerge.bat 17 | 18 | REM dot 19 | set PATH=%PROGRAMFILES%\Graphviz2.27\bin;%PATH% 20 | 21 | REM the directory the ocaml compiler executables are installed into 22 | set OCAML=%SLWIN%\SLAyer\tools\ocaml\bin 23 | 24 | REM add ocaml compilers to PATH 25 | set PATH=%SLWIN%\SLAyer\tools\ocaml\bin;%PATH% 26 | 27 | REM add ocaml library to INCLUDE, mainly for compiling C interface code 28 | set INCLUDE=%SLWIN%\SLAyer\tools\ocaml\lib;%INCLUDE% 29 | 30 | REM must be in windows format 31 | set OCAMLLIB=%SLWIN%\SLAyer\tools\ocaml\lib 32 | -------------------------------------------------------------------------------- /config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # echo "Setting environment for building SLAyer" 4 | 5 | 6 | full=`pwd`/$BASH_SOURCE 7 | SL_SRC="${full%/*}/../" 8 | export SL_WIN=`cygpath -w $SL_SRC` 9 | export SL_UNIX=`cygpath -u $SL_WIN` 10 | #echo "Unix: $SL_UNIX Windows: $SL_WIN" 11 | 12 | # add dirs slayer builds are installed into to PATH 13 | export PATH="$SL_UNIX/SLAyer/bin:$PATH" 14 | export PATH="$SL_UNIX/SLAyer/tools/Z3/build:$PATH" 15 | 16 | # add ocaml compilers to PATH 17 | export PATH="$SL_UNIX/SLAyer/tools/ocaml/bin:$PATH" 18 | export PATH="$SL_UNIX/SLAyer/tools/ocaml/lib/stublibs:$PATH" 19 | export PATH="$SL_UNIX/SLAyer/tools/flexdll:$PATH" 20 | 21 | # add ocaml library to INCLUDE, mainly for compiling C interface code 22 | export INCLUDE="$SL_WIN\SLAyer\tools\ocaml\lib;$INCLUDE" 23 | 24 | # must be in windows format 25 | export OCAMLLIB="$SL_WIN\SLAyer\tools\ocaml\lib" 26 | -------------------------------------------------------------------------------- /src/.ocamlspot: -------------------------------------------------------------------------------- 1 | build_dir=_build 2 | -------------------------------------------------------------------------------- /src/Abstraction.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Abstraction of symbolic heaps *) 4 | 5 | open SymbolicHeap 6 | 7 | 8 | val abstract_tmr : Timer.t 9 | val abs_junk_tmr : Timer.t 10 | val abs_ls_tmr : Timer.t 11 | val abs_arith_tmr : Timer.t 12 | val abs_pure_tmr : Timer.t 13 | val normalize_tmr : Timer.t 14 | 15 | 16 | (*============================================================================ 17 | Abstraction 18 | ============================================================================*) 19 | 20 | (** [abstract xsh] applies heuristics to abstract un-needed 21 | pure predicate, arithmetic, ls, dis-equality and points-to 22 | expressions. *) 23 | val abstract : XSH.t -> XSH.t * bool 24 | -------------------------------------------------------------------------------- /src/Analysis.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Link the abstract domain and analysis algorithm together *) 4 | 5 | (**/**) 6 | open Program 7 | open SymbolicHeap 8 | open Interproc_sig 9 | (**/**) 10 | 11 | 12 | module SymbolicHeapsDomain : (INTRAPROC_DOMAIN with type t = XSH.t option) 13 | 14 | module Pair : (module type of Interproc.Pair(SymbolicHeapsDomain)) 15 | 16 | module InterprocDomain : (module type of AbstractTransitionSystem.Domain(Pair)) 17 | 18 | (* Analyze *) 19 | include (module type of Interproc.Make(InterprocDomain)) 20 | 21 | val init : Prog.t -> SymbolicHeapsDomain.t 22 | val exec_prog : Prog.t -> SymbolicHeapsDomain.t -> t 23 | 24 | (* Query analysis result *) 25 | val safe : t -> bool 26 | val errors : t -> InterprocDomain.I_D_cp.t list 27 | val leaks : t -> InterprocDomain.I_D_cp.t list 28 | val must_diverge : t -> bool 29 | val dead : t -> Position.t list 30 | val hit_limit : t -> bool 31 | -------------------------------------------------------------------------------- /src/BiEdge.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Labeled bi-directional multi-edges *) 4 | 5 | open SYMBOLIC_HEAP 6 | 7 | 8 | module Poly : POLY_BIEDGE 9 | 10 | 11 | module Make (A: TERM) : (BIEDGE with type a = A.t) 12 | -------------------------------------------------------------------------------- /src/CngRel.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Congruence-closed relations *) 4 | 5 | open CONGRUENCE_RELATION 6 | open Expression 7 | 8 | 9 | include CONGRUENCE_RELATION with type exp := Exp.t and type exps := Exps.t 10 | -------------------------------------------------------------------------------- /src/CounterExample.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Generation of counter-example trace for sdvdefect viewer *) 4 | 5 | 6 | val disprove : Analysis.t -> bool 7 | -------------------------------------------------------------------------------- /src/Discovery.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Discovery of patterns for parametric inductive predicates *) 4 | 5 | open SymbolicHeap 6 | 7 | 8 | (*============================================================================ 9 | Discovery 10 | ============================================================================*) 11 | 12 | type result = Done | More of Patn.t * (unit -> result) 13 | 14 | 15 | val discover : XSH.t -> result 16 | 17 | val fold : (Patn.t -> 'a -> 'a) -> XSH.t -> 'a -> 'a 18 | -------------------------------------------------------------------------------- /src/FLD.ml: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open Library 4 | 5 | 6 | module type FLD = sig 7 | type typ 8 | 9 | type t 10 | 11 | val off : t -> int * int option 12 | val id : t -> int 13 | val name : t -> string 14 | val typ : t -> typ 15 | 16 | val is_first : t -> bool 17 | 18 | val compare : t -> t -> int 19 | val equal : t -> t -> bool 20 | val hash : t -> int 21 | 22 | val mk : int * int option -> string -> t 23 | (** [mk offset name] creates a fresh field for [offset] and name based on [name]. *) 24 | 25 | val fmt : t formatter 26 | val fmt_caml : t formatter 27 | 28 | val marshal : out_channel -> unit 29 | val unmarshal : in_channel -> unit 30 | 31 | val unsafe_create : int -> int * int option -> string -> typ -> t 32 | 33 | val find_by_name : typ -> string -> (t * typ) option 34 | (** [find_by_name ty name] returns the member of [ty] named [name]. *) 35 | 36 | end 37 | -------------------------------------------------------------------------------- /src/Frame.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Heuristic for localization of analysis of procedure calls *) 4 | 5 | open Variable 6 | open Program 7 | open SymbolicHeap 8 | 9 | 10 | (** For a procedure call [{ call } proc(actuals)], 11 | [footprint call proc actuals] is a pair ([footprint],[frame]) such that 12 | 1. [footprint] is a sub-heap of [call] that over-approximates the 13 | footprint of the call; and 14 | 2. ([footprint] * [frame]) = [call]. 15 | *) 16 | val footprint : XSH.t -> Proc.t -> Var.t list -> XSH.t * XSH.t 17 | 18 | val frame_tmr : Timer.t 19 | -------------------------------------------------------------------------------- /src/Graph.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Mutable edge- and vertex-labelled multi-graphs *) 4 | 5 | open Library 6 | 7 | 8 | module type GRAPH = Graph_sig.GRAPH 9 | 10 | module Make 11 | (Index: sig 12 | type t 13 | val compare: t -> t -> int 14 | val equal: t -> t -> bool 15 | val hash: t -> int 16 | val fmt : t formatter 17 | end) 18 | (VertexLabel: sig 19 | type t 20 | val compare: t -> t -> int 21 | val equal: t -> t -> bool 22 | val fmt : t formatter 23 | end) 24 | (EdgeLabel: sig 25 | type t 26 | val compare: t -> t -> int 27 | val equal : t -> t -> bool 28 | val fmt : t formatter 29 | end) 30 | : 31 | (GRAPH 32 | with type index = Index.t 33 | and type v_label = VertexLabel.t 34 | and type e_label = EdgeLabel.t 35 | ) 36 | -------------------------------------------------------------------------------- /src/HashCons.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Hash-consing construction based on weak hash tables *) 4 | 5 | open Library 6 | 7 | 8 | type 'a hc = private { 9 | desc : 'a; 10 | id : int; 11 | hash : int; 12 | } 13 | 14 | 15 | module Make (H : sig include HashedType val fmt: t formatter end) : sig 16 | 17 | type t 18 | 19 | val create : int -> t 20 | 21 | val intern : t -> H.t -> H.t hc 22 | 23 | val find : t -> H.t hc -> H.t hc 24 | 25 | val find_all : t -> H.t hc -> H.t hc list 26 | 27 | val iter : (H.t hc -> unit) -> t -> unit 28 | 29 | val fold : (H.t hc -> 'z -> 'z) -> t -> 'z -> 'z 30 | 31 | val stats : t -> int * int * int * int * int * int 32 | 33 | end 34 | -------------------------------------------------------------------------------- /src/HeapAbstraction.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Abstraction of spatial part of symbolic heaps *) 4 | 5 | open Variable 6 | open SymbolicHeap 7 | 8 | 9 | (*============================================================================ 10 | HeapAbstraction 11 | ============================================================================*) 12 | 13 | val abstract : Vars.t * SH.t -> (Vars.t * SH.t) option 14 | -------------------------------------------------------------------------------- /src/HeapGraph.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Graph representation of heap structure of symbolic heaps *) 4 | 5 | open Library 6 | 7 | open Expression 8 | open SYMBOLIC_HEAP 9 | open SymbolicHeap 10 | 11 | 12 | module Edge : sig 13 | include BIEDGE 14 | with type a = Exp.t option 15 | 16 | val meet : t -> t -> t 17 | 18 | val append : t -> t -> t option 19 | 20 | val to_ls : Patn.t -> t -> SH.t 21 | end 22 | 23 | 24 | include Set.S with type elt = Edge.t 25 | 26 | val fmt : t formatter 27 | 28 | val add_with_closure : Edge.t -> t -> t 29 | 30 | val union_with_closure : t -> t -> t 31 | 32 | val transitive_closure : t -> t 33 | 34 | 35 | val add_with_closure_tmr : Timer.t 36 | -------------------------------------------------------------------------------- /src/Hooks.ml: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Hooks for very applicaton-specific behavior. *) 4 | 5 | open Library 6 | 7 | 8 | let var_name name = 9 | if !Config.vVar > 2 then 10 | name 11 | else 12 | match name with 13 | | "arg_tmp" -> "at" 14 | | "cast_tmp" -> "ct" 15 | | "incr_load_tmp" -> "ilt" 16 | | "load_tmp" -> "lt" 17 | | "lval_cast_tmp" -> "lct" 18 | | "lval_kill_tmp" -> "lct" 19 | | "store_cast_tmp" -> "sct" 20 | | _ when !Config.vVar > 1 -> 21 | name 22 | | "_WDF_DEVICE_EXTENSION_TYPE_INFO" -> "DETI" 23 | | _ -> 24 | String.filteri (fun i c -> i = 0 || c <> Char.lowercase c) name 25 | -------------------------------------------------------------------------------- /src/Hooks.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Hooks for very applicaton-specific behavior. *) 4 | 5 | 6 | val var_name : string -> string 7 | -------------------------------------------------------------------------------- /src/Initialize.ml: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Initialization *) 4 | 5 | open Library 6 | 7 | 8 | let thunks = ref [] 9 | 10 | let register thunk = 11 | thunks := thunk :: !thunks 12 | 13 | let initialize program = 14 | List.iter (fun thunk -> thunk program) !thunks 15 | -------------------------------------------------------------------------------- /src/Initialize.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open Program 4 | 5 | 6 | val register : (Prog.t -> unit) -> unit 7 | 8 | val initialize : Prog.t -> unit 9 | -------------------------------------------------------------------------------- /src/Inline.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Optimize program by inlining function calls *) 4 | 5 | open Program 6 | 7 | 8 | (** Inline Cals, starting from [p.main]. *) 9 | val prog : Prog.t -> Prog.t 10 | -------------------------------------------------------------------------------- /src/Instrumentation.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open Variable 4 | open Expression 5 | open SymbolicHeap 6 | open Program 7 | 8 | 9 | val instrument : Prog.t -> Analysis.t -> unit 10 | 11 | 12 | val approximate : Vars.t -> XSH.t -> Vars.t * Exp.t 13 | -------------------------------------------------------------------------------- /src/Interproc.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Interprocedural abstract fixed-point computation *) 4 | 5 | open Program 6 | open Interproc_sig 7 | 8 | 9 | module Pair (Inv: INTRAPROC_DOMAIN) : (RELATION_DOMAIN with type pred = Inv.t) 10 | 11 | 12 | (** Construct an interprocedural analysis given a domain for representing sets 13 | of states and an interprocedural domain, parametric in the intraprocedural 14 | domain and in the lifting from intraprocedural abstract states to 15 | interprocedural abstract states *) 16 | module Make (InterprocDomain: INTERPROC_DOMAIN) : sig 17 | 18 | module Summaries : sig type t end 19 | module Heights : sig type t end 20 | 21 | type t = { 22 | program: Prog.t; 23 | invariants: InterprocDomain.r; 24 | summaries: Summaries.t; 25 | heights: Heights.t; 26 | mutable safe: bool; 27 | mutable hit_limit: bool; 28 | } 29 | 30 | val exec_prog : Prog.t -> InterprocDomain.RD.pred -> t 31 | end 32 | -------------------------------------------------------------------------------- /src/Library.ml: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (* Extensions of the standard library *) 4 | 5 | (* Note: 6 | - review the various set modules and make their interfaces 7 | consistent with each other and equally complete 8 | *) 9 | 10 | 11 | include NSLib 12 | 13 | include NSArray 14 | include NSOption 15 | include NSList 16 | include NSSortedList 17 | include NSTuple 18 | include NSSet 19 | include NSMultiSet 20 | (* include NSPolySet *) 21 | include NSIndexedSet 22 | include NSMultiIndexedSet 23 | include NSMultiIndexedMultiSet 24 | include NSMap 25 | include NSMultiMap 26 | include NSImperativeMap 27 | include NSImperativeMultiMap 28 | include NSHashtbl 29 | include NSPolyHashMap 30 | include NSHashMap 31 | include NSHashMultiMap 32 | include NSImperativeSet 33 | include NSHashSet 34 | include NSBinaryRelation 35 | include NSString 36 | -------------------------------------------------------------------------------- /src/Library/NSArray.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open NSLib 4 | 5 | (** Operations on ['a array]. See also standard 6 | {{:file:../../../doc/ocaml%20manual/libref/Array.html}Array}. *) 7 | 8 | module Array : sig 9 | 10 | include module type of Array 11 | 12 | val swap : 'a array -> int -> int -> unit 13 | 14 | val reverse : 'a array -> int -> int -> unit 15 | 16 | (* val for_all2 : ('a -> 'b -> bool) -> 'a array -> 'b array -> bool *) 17 | val equal : ('a -> 'a -> bool) -> 'a array -> 'a array -> bool 18 | val compare : ('a -> 'a -> int) -> 'a array -> 'a array -> int 19 | 20 | val fmt : 21 | (unit,Format.formatter,unit)format -> 'a formatter -> 'a array formatter 22 | 23 | val for_all : ('a -> bool) -> 'a array -> bool 24 | 25 | end 26 | -------------------------------------------------------------------------------- /src/Library/NSBinaryRelation.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open NSLib 4 | open NSSet 5 | 6 | 7 | (** Binary Relations of ordered values. *) 8 | module BinaryRelation : sig 9 | module Make (Ord : OrderedType) : sig 10 | include Set.S with type elt = Ord.t * Ord.t 11 | val inverse : t -> t 12 | val fold_product : (elt -> elt -> 'z -> 'z) -> t -> t -> 'z -> 'z 13 | val close : t -> t 14 | val choose_maximal_path : t -> elt list 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /src/Library/NSHashSet.ml: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open NSPolyHashMap 4 | 5 | 6 | (* Note: remove polymorphic interface *) 7 | module HashSet = struct 8 | type 'a t = ('a, unit) PolyHMap.t 9 | 10 | let create = PolyHMap.create 11 | let add s x = PolyHMap.add s x () 12 | let remove s x = PolyHMap.remove s x 13 | 14 | let cardinal = PolyHMap.length 15 | let mem s x = PolyHMap.mem s x 16 | 17 | let iter f = PolyHMap.iter (fun x () -> f x) 18 | let exists p = PolyHMap.exists (fun x () -> p x) 19 | let fold f = PolyHMap.fold (fun x () -> f x) 20 | let to_list s = PolyHMap.fold (fun x () l -> x :: l) s [] 21 | end 22 | -------------------------------------------------------------------------------- /src/Library/NSHashSet.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | 4 | (** Imperative sets of hashed values. *) 5 | module HashSet : sig 6 | type 'a t 7 | 8 | val create : int -> 'a t 9 | val add : 'a t -> 'a -> unit 10 | val remove : 'a t -> 'a -> unit 11 | 12 | val cardinal : 'a t -> int 13 | val mem : 'a t -> 'a -> bool 14 | 15 | val iter : ('a -> unit) -> 'a t -> unit 16 | val exists : ('a -> bool) -> 'a t -> bool 17 | val fold : ('a -> 'b -> 'b) -> 'a t -> 'b -> 'b 18 | val to_list : 'a t -> 'a list 19 | end 20 | -------------------------------------------------------------------------------- /src/Library/NSImperativeSet.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open NSLib 4 | 5 | 6 | (** Imperative sets of ordered values. *) 7 | module ImperativeSet : sig 8 | module type S = sig 9 | type v 10 | type t 11 | 12 | val create : unit -> t 13 | val clear : t -> unit 14 | val copy : t -> t 15 | val add : t -> v -> unit 16 | val remove : t -> v -> unit 17 | 18 | val is_empty : t -> bool 19 | val mem : t -> v -> bool 20 | 21 | val iter : (v -> unit) -> t -> unit 22 | val exists : (v -> bool) -> t -> bool 23 | val fold : (v -> 'a -> 'a) -> t -> 'a -> 'a 24 | val to_list : t -> v list 25 | end 26 | 27 | module Make (Val : OrderedType) : (S with type v = Val.t) 28 | end 29 | -------------------------------------------------------------------------------- /src/Library/NSIndexedSet.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open NSSet 4 | 5 | 6 | module type IndexedType = sig 7 | type t 8 | val equal: t -> t -> bool 9 | val compare: t -> t -> int 10 | type idx 11 | val index : t -> idx 12 | val equal_idx : idx -> idx -> bool 13 | val compare_idx : idx -> idx -> int 14 | end 15 | 16 | module IndexedSet : sig 17 | module type S = sig 18 | include Set.S 19 | type idx 20 | val memi : idx -> t -> bool 21 | val find : idx -> t -> elt 22 | val tryfind : idx -> t -> elt option 23 | val keys : t -> idx list 24 | val fold_keys : (idx -> elt -> 'a -> 'a) -> t -> 'a -> 'a 25 | end 26 | 27 | module Make(Idx: IndexedType) : 28 | (S with type elt = Idx.t and type idx = Idx.idx) 29 | end 30 | -------------------------------------------------------------------------------- /src/Library/NSMultiIndexedMultiSet.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open NSLib 4 | open NSMultiSet 5 | open NSMultiIndexedSet 6 | 7 | 8 | module MultiIndexedMultiSet : sig 9 | module type S = sig 10 | include MultiSet.S 11 | type idx 12 | type elts 13 | val memi : idx -> t -> bool 14 | val find : idx -> t -> elts 15 | val keys : t -> idx list 16 | end 17 | 18 | module Make (Idx: MultiIndexedType) (EltSet: Set0 with type elt = Idx.t) : 19 | (S with type idx = Idx.idx and type elt = Idx.t and type elts = EltSet.t) 20 | end 21 | -------------------------------------------------------------------------------- /src/Library/NSMultiIndexedSet.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open NSSet 4 | 5 | 6 | module type MultiIndexedType = sig 7 | type t 8 | val equal: t -> t -> bool 9 | val compare: t -> t -> int 10 | type idx 11 | val index : t -> idx 12 | val indices : t -> idx list 13 | val equal_idx : idx -> idx -> bool 14 | val compare_idx : idx -> idx -> int 15 | end 16 | 17 | module MultiIndexedSet : sig 18 | module type S = sig 19 | include Set.S 20 | type idx 21 | val memi : idx -> t -> bool 22 | val find : idx -> t -> elt 23 | val tryfind : idx -> t -> elt option 24 | val keys : t -> idx list 25 | end 26 | 27 | module Make(Idx: MultiIndexedType) : 28 | (S with type elt = Idx.t and type idx = Idx.idx) 29 | end 30 | -------------------------------------------------------------------------------- /src/Library/NSPolyHashMap.ml: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open NSHashtbl 4 | 5 | 6 | module PolyHMap = struct 7 | include Hashtbl 8 | let add = replace 9 | end 10 | -------------------------------------------------------------------------------- /src/Library/NSString.ml: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | 4 | module String = struct 5 | include String 6 | 7 | let filteri fn s = 8 | let len = length s in 9 | let s' = create len in 10 | let start = ref (-1) in 11 | let count = ref 0 in 12 | for i = 0 to len - 1 do 13 | if fn i s.[i] then ( 14 | s'.[!count] <- s.[i] ; 15 | incr count ; 16 | if !start < 0 then start := i ; 17 | ) 18 | done ; 19 | if !start < 0 then start := 0 ; 20 | sub s' !start !count 21 | 22 | end 23 | -------------------------------------------------------------------------------- /src/Library/NSString.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | 4 | (** Operations on strings. See also standard 5 | {{:file:../../../doc/ocaml%20manual/libref/String.html}String}. *) 6 | module String : sig 7 | include module type of String 8 | val filteri : (int -> char -> bool) -> string -> string 9 | end 10 | -------------------------------------------------------------------------------- /src/Library/NSTuple.ml: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open NSList 4 | 5 | 6 | module Tuple = struct 7 | 8 | let map2 f g (x,y) = f x, g y 9 | let map3 fn fo fp (x,y,z) = fn x, fo y, fp z 10 | 11 | let fmt fn ff = Format.fprintf ff "@[(%a)@]" (List.fmt ",@," fn) 12 | 13 | end 14 | -------------------------------------------------------------------------------- /src/Library/NSTuple.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open NSLib 4 | 5 | 6 | (** Operations on tuples. *) 7 | module Tuple : sig 8 | val map2 : ('a->'b) -> ('c->'d) -> 'a*'c -> 'b*'d 9 | val map3 : ('a->'b) -> ('c->'d) -> ('e->'f) -> 'a*'c*'e -> 'b*'d*'f 10 | val fmt : 'a formatter -> 'a list formatter 11 | end 12 | -------------------------------------------------------------------------------- /src/Livevars.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open Program 4 | 5 | 6 | val liveness_prog : Prog.t -> Prog.t 7 | -------------------------------------------------------------------------------- /src/Log.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Debug message logging *) 4 | 5 | open Library 6 | 7 | 8 | module type LOG = sig 9 | val printf : int -> ('a,Format.formatter,unit)format -> 'a 10 | val incf : int -> ('a,Format.formatter,unit)format -> 'a 11 | val decf : int -> ('a,Format.formatter,unit)format -> 'a 12 | 13 | val warnf : ('a,Format.formatter,unit,bool)format4 -> 'a 14 | 15 | val latch : unit -> int 16 | val latch_incf : int -> 'a format_str -> 'a formatter -> 'a -> int 17 | val resetf : int -> int -> ('a,Format.formatter,unit)format -> 'a 18 | 19 | val shift_verb : int -> (unit -> 'a) -> 'a 20 | end 21 | 22 | val mk_raw : out_channel -> int ref -> (module LOG) 23 | 24 | val raw : int ref -> (module LOG) 25 | 26 | val mk : out_channel -> int ref -> (module LOG) 27 | 28 | val std : int ref -> (module LOG) 29 | -------------------------------------------------------------------------------- /src/README: -------------------------------------------------------------------------------- 1 | Instructions for building 2 | 3 | 4 | The Makefile depends on SLAyer/config.sh having been sourced: 5 | $ source ../config.sh 6 | 7 | 8 | - To compile debug (byte and native) code: 9 | $ make dbg 10 | 11 | - To compile optimized (native) code: 12 | $ make opt 13 | 14 | Executables are dropped in ../bin 15 | 16 | Warning: The dependency tracking for the OCaml Z3 bindings is not 17 | robust enough to recover from failed builds, so if the make falls over 18 | while trying to build z3dll, execute 'make clean_mlz3' before retrying 19 | 'make'. 20 | 21 | - To compile only a single module (and its dependencies): 22 | $ make M= module 23 | -------------------------------------------------------------------------------- /src/README.txt: -------------------------------------------------------------------------------- 1 | Instructions for building 2 | 3 | 4 | The Makefile depends on SLAyer/config.sh having been sourced: 5 | $ source ../config.sh 6 | 7 | 8 | - To compile debug (byte and native) code: 9 | $ make dbg 10 | 11 | - To compile optimized (native) code: 12 | $ make opt 13 | 14 | Executables are dropped in ../bin 15 | 16 | Warning: The dependency tracking for the OCaml Z3 bindings is not 17 | robust enough to recover from failed builds, so if the make falls over 18 | while trying to build z3dll, execute 'make clean_mlz3' before retrying 19 | 'make'. 20 | 21 | - To compile only a single module (and its dependencies): 22 | $ make M= module 23 | -------------------------------------------------------------------------------- /src/Reachability.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Reachability via pointers in symbolic heaps *) 4 | 5 | open Variable 6 | open Expression 7 | open SymbolicHeap 8 | open SYMBOLIC_HEAP 9 | 10 | 11 | val reachability_graphs_tmr : Timer.t 12 | 13 | 14 | (** [is_reachable root sh dt loc] holds if the branch of [sh] for [dt] proves 15 | that [loc] is reachable from an expression satisfying [root]. *) 16 | val is_reachable : (Exp.t -> bool) -> SH.t -> SH.t -> Exp.t -> bool 17 | 18 | 19 | (** Determine whether to abstract two edges into one, based on whether the 20 | intermediate allocs are existential, the same universal expressions reach 21 | to the allocs of the edges, and the edges are not cyclic. *) 22 | val should_append : 23 | (Vars.t * SH.t) -> (Exp.t option) edg -> (Exp.t option) edg -> SH.t -> bool 24 | -------------------------------------------------------------------------------- /src/Statistics.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | 4 | val report : Timer.t -> Timer.t -> Timer.t -> unit 5 | -------------------------------------------------------------------------------- /src/Timer.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Timers for runtime statistics *) 4 | 5 | type t = { 6 | mutable ustart: float; 7 | mutable sstart: float; 8 | mutable ufinish: float; 9 | mutable sfinish: float; 10 | mutable uduration: float; 11 | mutable sduration: float; 12 | mutable running: bool; 13 | mutable pending: int; 14 | mutable count: int; 15 | mutable max: float; 16 | mutable enabled: bool; 17 | mutable name: string; 18 | } 19 | 20 | val init : t 21 | val create : string -> t 22 | val enable : t -> unit 23 | val disable : t -> unit 24 | val start : t -> unit 25 | val stop : t -> unit 26 | val stop_report : t -> float -> (float->float->unit) -> unit 27 | val log : t -> out_channel -> string -> unit 28 | val time : t -> (unit -> 'a) -> 'a 29 | -------------------------------------------------------------------------------- /src/TransformProgram.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open Program 4 | 5 | val normalize : Prog.t -> Prog.t 6 | 7 | 8 | val normalize_tmr : Timer.t 9 | -------------------------------------------------------------------------------- /src/Type.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Types for determining object layout *) 4 | 5 | open FLD 6 | open TYP 7 | 8 | 9 | module 10 | rec Fld : (FLD with type typ := Typ.t) 11 | and Typ : (TYP with type fld := Fld.t) 12 | -------------------------------------------------------------------------------- /src/UniqueId.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Unique Identifiers *) 4 | 5 | 6 | module type S = sig 7 | type data 8 | type uniq 9 | 10 | val compare : uniq -> uniq -> int 11 | val equal : uniq -> uniq -> bool 12 | val hash : uniq -> int 13 | 14 | val id : uniq -> int 15 | val gensym : data -> uniq 16 | 17 | val marshal : out_channel -> unit 18 | val unmarshal : in_channel -> unit 19 | 20 | val unsafe_create : int -> data -> uniq 21 | end 22 | 23 | module Make (M: sig 24 | type data 25 | type uniq 26 | val get : uniq -> int 27 | val set : int -> data -> uniq 28 | end) : 29 | (S with type uniq = M.uniq and type data = M.data) 30 | -------------------------------------------------------------------------------- /src/UnitTests/Frame_test.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | val test : unit -> unit 4 | -------------------------------------------------------------------------------- /src/UnitTests/Graph_test.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | val test : unit -> unit 4 | -------------------------------------------------------------------------------- /src/UnitTests/Prover_test.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open Expression 4 | open SymbolicHeap 5 | 6 | 7 | val test : unit -> unit 8 | 9 | 10 | val eq : Exp.value -> Exp.value -> XSH.t 11 | val dq : Exp.value -> Exp.value -> XSH.t 12 | val pt : Exp.value -> XSH.t 13 | val ptV : Exp.value -> Exp.var -> XSH.t 14 | val ptF : Exp.value -> Exp.value -> XSH.t 15 | val sll : Exp.var -> Exp.value -> Exp.value -> XSH.t 16 | -------------------------------------------------------------------------------- /src/UnitTests/TestGen.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Utility code to generate stand-alone unit tests *) 4 | 5 | 6 | val gen : string -> (Format.formatter -> unit) -> unit 7 | -------------------------------------------------------------------------------- /src/UnitTests/TestGenProver.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** Utility code to generate stand-alone unit tests *) 4 | 5 | open Variable 6 | open SymbolicHeap 7 | 8 | 9 | val gen_query : int * string * (Vars.t * SH.t * Vars.t * SH.t) -> unit 10 | -------------------------------------------------------------------------------- /src/UnitTests/Variable_test.ml: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | open Library 4 | 5 | open Variable 6 | 7 | let log = Log.std Variable.verbose 8 | let printf x = Log.printf log x 9 | 10 | 11 | let test () = 12 | printf 0 "testing Variable" ; 13 | 14 | let old = Var.gensym "old" () in 15 | let young = Var.gensym "young" () in 16 | assert (Var.compare old young < 0) 17 | -------------------------------------------------------------------------------- /src/UnitTests/Variable_test.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | val test : unit -> unit 4 | -------------------------------------------------------------------------------- /src/_tags: -------------------------------------------------------------------------------- 1 | <**/contaminated*/*.ml>: warn_z 2 | -------------------------------------------------------------------------------- /src/doc/depend_module.mli: -------------------------------------------------------------------------------- 1 | (** Module dependency graph. 2 | @see Module dependency graph. *) 3 | -------------------------------------------------------------------------------- /src/frontend_esp.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | 3 | (** ESP->SLAyer translator *) 4 | 5 | open Program 6 | 7 | 8 | val program_of_file : string list -> Prog.t 9 | -------------------------------------------------------------------------------- /src/slayer.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (c) Microsoft Corporation. All rights reserved. *) 2 | -------------------------------------------------------------------------------- /test/cex/csll/destroy_iter_rem_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /** 4 | Create and destroy a cyclic singly-linked list. 5 | 6 | Works by iteratively unlinking and freeing nodes from the list until it has 7 | length one, then frees the remaining node. 8 | **/ 9 | 10 | #include "sll.h" 11 | 12 | 13 | void CSLL_destroy(PSLL_ENTRY head) { 14 | PSLL_ENTRY curr, next; 15 | curr = head->Flink; 16 | while( head != curr ) { 17 | free(curr); 18 | next = curr->Flink; 19 | head->Flink = next; 20 | curr = next; 21 | } 22 | free(head); 23 | } 24 | 25 | 26 | void main() { 27 | PSLL_ENTRY head, tail; 28 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 29 | head = SLL_create_seg(nondet(), tail); 30 | tail->Flink = head; 31 | CSLL_destroy(head); 32 | } 33 | -------------------------------------------------------------------------------- /test/cex/csll/destroy_test_dangling_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /** 4 | Create and destroy a cyclic singly-linked list. 5 | 6 | Works by freeing the first node, followed by all others until seeing a 7 | pointer back to the first one. Since this performs a test against a 8 | dangling pointer, it has unspecified behavior according to section 6.2.4.2 9 | of the ISO C99 standard. 10 | **/ 11 | 12 | #include "sll.h" 13 | 14 | 15 | void destroy(PSLL_ENTRY x) { 16 | PSLL_ENTRY h = x, c; 17 | do { 18 | c = x; 19 | x = x->Flink; 20 | free(c); 21 | } while(x != h); 22 | } 23 | 24 | 25 | void main() { 26 | PSLL_ENTRY head, tail; 27 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 28 | head = SLL_create_seg(nondet(), tail); 29 | // tail->Flink = head; 30 | destroy(head); 31 | } 32 | -------------------------------------------------------------------------------- /test/cex/csll/remove2_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* Similar to remove, but does not destroy the list. */ 4 | 5 | #include "../../csll/csll.h" 6 | 7 | 8 | void CSLL_remove(PSLL_ENTRY head, int fo) { 9 | PSLL_ENTRY prev, entry, tmp; 10 | 11 | prev = head; 12 | entry = head->Flink; 13 | while( entry != head ) { 14 | if( entry->Data == fo ) { 15 | /* remove entry */ 16 | free(entry); 17 | tmp = entry->Flink; 18 | prev->Flink = tmp; 19 | entry = tmp; 20 | } else { 21 | prev = entry; 22 | entry = entry->Flink; 23 | } 24 | } 25 | } 26 | 27 | 28 | void main() { 29 | PSLL_ENTRY head, tail; 30 | 31 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 32 | head = SLL_create_seg(nondet(), tail); 33 | tail->Flink = head; 34 | 35 | CSLL_remove(head, 42); 36 | 37 | /* CSLL_destroy(head); */ 38 | } 39 | -------------------------------------------------------------------------------- /test/cex/csll/remove_for2_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* 4 | Similar to remove2, but using a for loop. 5 | */ 6 | 7 | #include "csll.h" 8 | 9 | 10 | void CSLL_remove(PSLL_ENTRY head, int fo) { 11 | PSLL_ENTRY prev, entry, tmp; 12 | for( prev = head, entry = head->Flink; 13 | entry != head; 14 | prev = entry, entry = entry->Flink ) { 15 | if( entry->Data == fo ) { 16 | prev->Flink = tmp; 17 | free(entry); 18 | tmp = entry->Flink; 19 | entry = prev; 20 | } 21 | } 22 | } 23 | 24 | 25 | void main() { 26 | PSLL_ENTRY head, tail; 27 | 28 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 29 | head = SLL_create_seg(nondet(), tail); 30 | tail->Flink = head; 31 | 32 | CSLL_remove(head, 42); 33 | 34 | CSLL_destroy(head); 35 | } 36 | -------------------------------------------------------------------------------- /test/cex/csll/remove_for_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* 4 | Similar to remove, but using a for loop. 5 | */ 6 | #include "csll.h" 7 | 8 | 9 | void CSLL_remove(PSLL_ENTRY head, int fo) { 10 | PSLL_ENTRY prev, entry, tmp; 11 | for( prev = head, entry = head->Flink; 12 | entry != head; 13 | prev = entry, entry = entry->Flink ) { 14 | if( entry->Data == fo ) { 15 | free(entry); 16 | tmp = entry->Flink; 17 | prev->Flink = tmp; 18 | entry = prev; 19 | } 20 | } 21 | } 22 | 23 | 24 | void main() { 25 | PSLL_ENTRY head, tail; 26 | 27 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 28 | head = SLL_create_seg(nondet(), tail); 29 | tail->Flink = head; 30 | 31 | CSLL_remove(head, 42); 32 | 33 | CSLL_destroy(head); 34 | } 35 | -------------------------------------------------------------------------------- /test/cex/csll/remove_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY find(PSLL_ENTRY head, int fo) { 6 | PSLL_ENTRY prev, entry, tmp; 7 | 8 | prev = head; 9 | entry = head->Flink; 10 | while(entry != head) { 11 | if (entry->Data == fo) { 12 | /* remove entry */ 13 | tmp = entry->Flink; 14 | prev->Flink = tmp; 15 | if (nondet()) { 16 | return entry; 17 | } else { 18 | free(entry); 19 | } 20 | } else { 21 | prev = entry; 22 | } 23 | entry = entry->Flink; 24 | } 25 | 26 | return NULL; 27 | } 28 | 29 | void main() { 30 | PSLL_ENTRY head, tail, mark; 31 | int i; 32 | PSLL_ENTRY tmp; 33 | 34 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 35 | 36 | head = tail; 37 | for(i = 0; i < 4; i++) { 38 | tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 39 | tmp->Flink = head; 40 | head = tmp; 41 | } 42 | 43 | tail->Flink = head; 44 | 45 | find(head, 42); 46 | 47 | } 48 | -------------------------------------------------------------------------------- /test/cex/simple/changing_truth_value_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /* Returns: POSSIBLY UNSAFE *\ 6 | \* Exptected Return: Unsafe */ 7 | 8 | int main() 9 | { 10 | int v = nondet() % 10; 11 | int j; 12 | int* i; 13 | if(v) i = (int*)malloc(sizeof(int)); 14 | 15 | 16 | for(j = 0; j < 4; j++) { 17 | v += (nondet() % 4); 18 | } 19 | 20 | if(v) { 21 | *i = 0; 22 | free(i); 23 | } 24 | return 0; 25 | } 26 | -------------------------------------------------------------------------------- /test/cex/simple/changing_truth_value_unsafe_garbage.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /* Returns: POSSIBLY UNSAFE *\ 6 | \* Exptected Return: Unsafe */ 7 | 8 | int main() 9 | { 10 | int v = nondet() % 10; 11 | int j; 12 | int* i; 13 | int a; 14 | int* b; 15 | int c = 0; 16 | if(v) i = (int*)malloc(sizeof(int)); 17 | 18 | 19 | for(j = 0; j < 4; j++) { 20 | v += (nondet() % 4); 21 | } 22 | 23 | for(a = 0; a <4; a++) { 24 | c += 2; 25 | } 26 | if (v) { 27 | b = (int*)malloc(sizeof(int)*c); 28 | } 29 | if(v) { 30 | *i = 0; 31 | free(i); 32 | } 33 | return 0; 34 | } 35 | -------------------------------------------------------------------------------- /test/cex/simple/maybe_malloc_then_write.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /* Result: POSSIBLY UNSAFE *\ 6 | \* Expected Result: UNSAFE */ 7 | 8 | /* JEK: a and b are still irrelevant, i.e. sliceable, here*/ 9 | 10 | void main() 11 | { 12 | int* x; 13 | int a; 14 | 15 | if (nondet()) { 16 | x = malloc(sizeof(int)); 17 | } 18 | 19 | while (nondet()) { 20 | *x = a; 21 | } 22 | 23 | } 24 | -------------------------------------------------------------------------------- /test/cex/simple/no_loops_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | int main() 6 | { 7 | int *a; 8 | int *b; 9 | int *c; 10 | int *d; 11 | 12 | if(nondet()) { 13 | a = (int*)malloc(sizeof(int)); 14 | } 15 | 16 | if(nondet()) { 17 | b = a; 18 | } 19 | 20 | if(nondet()) { 21 | c = b; 22 | } 23 | 24 | if(nondet()) { 25 | d = c; 26 | } 27 | 28 | *d = 17; 29 | free(b); 30 | } 31 | -------------------------------------------------------------------------------- /test/cex/simple/nontrivial_list_2_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _SLL_ENTRY { 6 | int Data; 7 | struct _SLL_ENTRY *Flink; 8 | } SLL_ENTRY, *PSLL_ENTRY; 9 | 10 | int main() { 11 | int i; 12 | int j = nondet()%3+5; 13 | SLL_ENTRY* list = NULL; 14 | while(nondet() || j) { 15 | SLL_ENTRY* tmp = (SLL_ENTRY*)malloc(sizeof(SLL_ENTRY)); 16 | tmp->Flink = list; 17 | list = tmp; 18 | j--; 19 | } 20 | 21 | j = nondet()%5+5; 22 | 23 | for(i = 0; i < j; i++) { 24 | list = list->Flink; 25 | } 26 | return 0; 27 | } 28 | -------------------------------------------------------------------------------- /test/cex/simple/nontrivial_list_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _SLL_ENTRY { 6 | int Data; 7 | struct _SLL_ENTRY *Flink; 8 | } SLL_ENTRY, *PSLL_ENTRY; 9 | 10 | int main() { 11 | int i = 0; 12 | SLL_ENTRY* list = NULL; 13 | for(i = 0; i < 5; i++) { 14 | SLL_ENTRY* tmp = (SLL_ENTRY*)malloc(sizeof(SLL_ENTRY)); 15 | tmp->Flink = list; 16 | list = tmp; 17 | } 18 | 19 | for(i = 0; i < 7; i++) { 20 | list = list->Flink; 21 | } 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /test/cex/simple/simple_list_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _SLL_ENTRY { 6 | int Data; 7 | struct _SLL_ENTRY *Flink; 8 | } SLL_ENTRY, *PSLL_ENTRY; 9 | 10 | int main() 11 | { 12 | int i; 13 | SLL_ENTRY* list = NULL; 14 | for(i = 0; i < 10; i++) { 15 | SLL_ENTRY* tmp = (SLL_ENTRY*)malloc(sizeof(SLL_ENTRY)); 16 | tmp->Flink = list; 17 | list = tmp; 18 | } 19 | 20 | while(nondet()) { 21 | list = list->Flink; 22 | } 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /test/cex/simple/simple_loop_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /* Result: POSSIBLY UNSAFE *\ 6 | \* Expected Result: UNSAFE */ 7 | 8 | int main() 9 | { 10 | int *i = NULL; 11 | int j; 12 | 13 | for(j = 0; j < 5; j++) { 14 | if(nondet()) { 15 | i = (int*)malloc(sizeof(int)); 16 | } 17 | } 18 | 19 | *i = 1; 20 | free(i); 21 | } 22 | -------------------------------------------------------------------------------- /test/cex/simple/simple_loop_unsafe_garbage.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /*JEK: a and b, nd all their commands, should be irrelevent, i.e. sliceable here */ 6 | 7 | /* Result: POSSIBLY UNSAFE *\ 8 | \* Expected Result: UNSAFE */ 9 | 10 | int main() 11 | { 12 | int a = 7; 13 | int *b = NULL; 14 | int *i = NULL; 15 | int j; 16 | 17 | for(j = 0; j < 5; j++) { 18 | if(nondet()) { 19 | i = (int*)malloc(sizeof(int)); 20 | a ++ ; 21 | } 22 | } 23 | 24 | b = (int*)malloc(a*(sizeof(int))); 25 | *i = 1; 26 | free(b); 27 | free(i); 28 | } 29 | -------------------------------------------------------------------------------- /test/cex/simple/two_loops_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /* Result: POSSIBLY UNSAFE *\ 6 | \* Expected Result: UNSAFE */ 7 | 8 | int main() 9 | { 10 | int *i = NULL; 11 | int *k = NULL; 12 | int j; 13 | 14 | for(j = 0; j < 45; j++) { 15 | if(nondet()) { 16 | i = (int*)malloc(sizeof(int)); 17 | } 18 | } 19 | 20 | for(j = 0; j < 17; j++) { 21 | if(nondet()) { 22 | k = i; 23 | } 24 | } 25 | 26 | *k = 1; 27 | free(k); 28 | } 29 | -------------------------------------------------------------------------------- /test/cex/simple/very_simple_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /* Result: POSSIBLY UNSAFE *\ 6 | \* Expected Result: UNSAFE */ 7 | 8 | 9 | int main() 10 | { 11 | int* x; 12 | *x = 3; 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /test/cex/simple/very_simple_unsafe_garbage_4.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /* Result: POSSIBLY UNSAFE *\ 6 | \* Expected Result: UNSAFE */ 7 | 8 | /* JEK: a and b are still irrelevant, i.e. sliceable, here 9 | - easy, because *x=a; not in error-path ... */ 10 | 11 | int main() 12 | { 13 | int* x; 14 | int a = 2; 15 | int* b; 16 | b = malloc(sizeof(int)*a); 17 | 18 | x = malloc(sizeof(int)); 19 | *x = a; 20 | 21 | free(x); 22 | *x = 3; 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /test/cex/simple/very_simple_unsafe_garbage_easy.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /* Result: POSSIBLY UNSAFE *\ 6 | \* Expected Result: UNSAFE */ 7 | 8 | /* JEK: a and b are irrelevant, i.e. sliceable here */ 9 | 10 | int main() 11 | { 12 | int* x; 13 | int a = 2; 14 | int* b; 15 | b = malloc(sizeof(int)*a); 16 | *x = 3; 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /test/cex/simple/very_simple_unsafe_garbage_even_less_easy.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /* Result: POSSIBLY UNSAFE *\ 6 | \* Expected Result: UNSAFE */ 7 | 8 | /* JEK: a and b are still irrelevant, i.e. sliceable, here*/ 9 | 10 | int main() 11 | { 12 | int* x; 13 | int a = 2; 14 | int* b; 15 | b = malloc(sizeof(int)*a); 16 | 17 | if (nondet()) { 18 | x = malloc(sizeof(int)); 19 | *x = a; 20 | } 21 | 22 | *x = 3; 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /test/cex/simple/very_simple_unsafe_garbage_less_easy.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | /* Result: POSSIBLY UNSAFE *\ 6 | \* Expected Result: UNSAFE */ 7 | 8 | /* JEK: a and b are still irrelevant, i.e. sliceable, here*/ 9 | 10 | int main() 11 | { 12 | int* x; 13 | int a = 2; 14 | int* b; 15 | b = malloc(sizeof(int)*a); 16 | 17 | if (nondet()) { 18 | x = malloc(sizeof(int)*a); 19 | } 20 | 21 | *x = 3; 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /test/cex/sll/append_fs_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void append(PSLL_ENTRY *a, PSLL_ENTRY y) { 6 | PSLL_ENTRY *z = a; 7 | 8 | while(*z != NULL) { 9 | z = &(*z)->Flink; 10 | } 11 | *z = y; 12 | } 13 | 14 | void main() { 15 | PSLL_ENTRY x, x1, x2, x3, y, y1, y2; 16 | x3 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x3->Flink = NULL; 17 | x2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x2->Flink = x3; 18 | x1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x1->Flink = x2; 19 | x = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x->Flink = x1; 20 | y2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y2->Flink = NULL; 21 | y1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y1->Flink = y2; 22 | y = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y->Flink = y1; 23 | append(&x, y); 24 | free(x3->Flink); 25 | SLL_destroy(x); 26 | } 27 | -------------------------------------------------------------------------------- /test/cex/sll/append_ret_fs_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY append(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | PSLL_ENTRY t, n, r; 7 | if (x != NULL) { 8 | t = x; 9 | n = x->Flink; 10 | while (n != NULL) { 11 | n = n->Flink; 12 | t = n; 13 | } 14 | t->Flink = y; 15 | return x; 16 | } else { 17 | return y; 18 | } 19 | } 20 | 21 | void main() { 22 | PSLL_ENTRY x, x1, x2, x3, y, y1, y2; 23 | x3 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x3->Flink = NULL; 24 | x2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x2->Flink = x3; 25 | x1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x1->Flink = x2; 26 | x = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x->Flink = x1; 27 | free(x3->Flink); 28 | y2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y2->Flink = NULL; 29 | y1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y1->Flink = y2; 30 | y = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y->Flink = y1; 31 | x = append(x, y); 32 | SLL_destroy(x); 33 | } 34 | -------------------------------------------------------------------------------- /test/cex/sll/append_ret_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY append(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | PSLL_ENTRY t, n, r; 7 | if (x != NULL) { 8 | t = x; 9 | n = x->Flink; 10 | while (n != NULL) { 11 | n = n->Flink; 12 | t = n; 13 | } 14 | t->Flink = y; 15 | return x; 16 | } else { 17 | return y; 18 | } 19 | } 20 | 21 | void main() { 22 | PSLL_ENTRY x, y; 23 | x = SLL_create(nondet()); 24 | y = SLL_create(nondet()); 25 | x = append(x, y); 26 | SLL_destroy(x); 27 | } 28 | -------------------------------------------------------------------------------- /test/cex/sll/append_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void append(PSLL_ENTRY* z, PSLL_ENTRY y) { 6 | while(*z != NULL) { 7 | z = &(*z)->Flink; 8 | } 9 | *z = y; 10 | } 11 | 12 | void main() { 13 | PSLL_ENTRY x, y, z; 14 | x = SLL_create(nondet()); 15 | y = SLL_create(nondet()); 16 | z = SLL_create(nondet()); 17 | append(&x, y); 18 | free(&z); 19 | SLL_destroy(x); 20 | } 21 | -------------------------------------------------------------------------------- /test/cex/sll/copy_fs_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY copy(PSLL_ENTRY a) { 6 | PSLL_ENTRY y, x = a; 7 | SLL_ENTRY* * z = &y; 8 | 9 | while(x != NULL) /* listseg(y,*z) * listseg(-,x) * list(x) */ { 10 | x = x->Flink; 11 | *z = (SLL_ENTRY*)malloc(sizeof(SLL_ENTRY)); 12 | (*z)->Data = x->Data; 13 | z = &(*z)->Flink; 14 | x = x->Flink; 15 | } 16 | *z = NULL; 17 | return y; 18 | } 19 | 20 | void main() { 21 | PSLL_ENTRY x, x1, x2, x3, x4, y; 22 | x4 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x3->Flink = NULL; 23 | x3 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x3->Flink = x4; 24 | x2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x2->Flink = x3; 25 | x1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x1->Flink = x2; 26 | x = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x->Flink = x1; 27 | y = copy(x); 28 | SLL_destroy(x); 29 | SLL_destroy(y); 30 | } 31 | -------------------------------------------------------------------------------- /test/cex/sll/copy_leak_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY copy(PSLL_ENTRY a) { 6 | PSLL_ENTRY y, x = a; 7 | SLL_ENTRY* * z = &y; 8 | 9 | while(x != NULL) /* listseg(y,*z) * listseg(-,x) * list(x) */ { 10 | *z = (SLL_ENTRY*)malloc(sizeof(SLL_ENTRY)); 11 | (*z)->Data = x->Data; 12 | z = &(*z)->Flink; 13 | x = x->Flink; 14 | } 15 | *z = NULL; 16 | return y; 17 | } 18 | 19 | void main() { 20 | PSLL_ENTRY x = NULL, y = NULL; 21 | x = SLL_create(nondet()); 22 | y = copy(x); 23 | free(&y); 24 | /* SLL_destroy(x); */ 25 | /* SLL_destroy(y); */ 26 | } 27 | -------------------------------------------------------------------------------- /test/cex/sll/copy_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY copy(PSLL_ENTRY a) { 6 | PSLL_ENTRY y, x = a; 7 | SLL_ENTRY* * z = &y; 8 | 9 | while(x != NULL) /* listseg(y,*z) * listseg(-,x) * list(x) */ { 10 | *z = (SLL_ENTRY*)malloc(sizeof(SLL_ENTRY)); 11 | (*z)->Data = x->Data; 12 | z = &(*z)->Flink; 13 | x = x->Flink; 14 | } 15 | *z = NULL; 16 | return y; 17 | } 18 | 19 | void main() { 20 | PSLL_ENTRY x = NULL, y = NULL; 21 | x = SLL_create(nondet()); 22 | SLL_destroy(x); 23 | y = copy(x); 24 | } 25 | -------------------------------------------------------------------------------- /test/cex/sll/create_body_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | int i; 7 | PSLL_ENTRY head, tmp; 8 | 9 | head = NULL; 10 | tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 11 | tmp->Flink = head; 12 | head = head->Flink; 13 | printf_s("created link\n") ; 14 | 15 | return head; 16 | } 17 | 18 | void main(void) { 19 | PSLL_ENTRY x; 20 | 21 | x = create(1); 22 | 23 | free(x); 24 | } 25 | -------------------------------------------------------------------------------- /test/cex/sll/create_via_tmps_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | 6 | void main(void) { 7 | PSLL_ENTRY x= NULL; 8 | int i, len; 9 | for (i=0; iData == i) { 10 | t = *z; 11 | free(t); 12 | *z = t->Flink; 13 | } else { 14 | z = &(*z)->Flink; 15 | } 16 | } 17 | 18 | void main() { 19 | PSLL_ENTRY x, x1, x2, x3, x4, x5; 20 | x5 = cons(1, NULL); 21 | x4 = cons(4, x5); 22 | x3 = cons(1, x4); 23 | x2 = cons(3, x3); 24 | x1 = cons(2, x2); 25 | x = cons(1, x1); 26 | print_list(x); printf_s("\n"); 27 | filter(&x, 1); 28 | print_list(x); 29 | SLL_destroy(x); 30 | } 31 | -------------------------------------------------------------------------------- /test/cex/sll/filter_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void filter(PSLL_ENTRY *a, int i) { 6 | PSLL_ENTRY t, *z = a; 7 | 8 | while(*z != NULL) 9 | if((*z)->Data == i) { 10 | t = *z; 11 | *z = t->Flink; 12 | free(t); 13 | } else { 14 | z = &(*z)->Flink; 15 | } 16 | 17 | free(t); 18 | } 19 | 20 | void main() { 21 | PSLL_ENTRY x = SLL_create(nondet()); 22 | 23 | print_list(x); printf_s("\n"); 24 | 25 | filter(&x, 1); 26 | 27 | print_list(x); 28 | 29 | SLL_destroy(x); 30 | } 31 | -------------------------------------------------------------------------------- /test/cex/sll/insertion_sort_inlined_lead_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void main() { 6 | PSLL_ENTRY x = NULL, y, c, h, elem, prev; 7 | x = SLL_create(17); 8 | 9 | c = x; 10 | x = NULL; 11 | while (c != NULL) { 12 | c = c->Flink; 13 | y = c; 14 | y->Flink = NULL; 15 | elem = x; 16 | prev = NULL; 17 | while (elem != NULL) { 18 | if (elem->Data >= y->Data) { 19 | y->Flink = elem; 20 | if (prev == NULL) { x = y; goto retn; } 21 | prev->Flink = y; 22 | goto retn; 23 | } 24 | prev = elem; 25 | elem = elem->Flink; 26 | } 27 | y->Flink = elem; 28 | if (prev == NULL) { x = y; goto retn; } 29 | prev->Flink = y; 30 | retn: ; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /test/cex/sll/insertion_sort_inlined_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void main() { 6 | PSLL_ENTRY x = NULL, y, c, h, elem, prev; 7 | x = SLL_create(17); 8 | 9 | c = x; 10 | x = NULL; 11 | while (c != NULL) { 12 | y = c; 13 | c = c->Flink; 14 | y->Flink = NULL; 15 | elem = x; 16 | prev = NULL; 17 | while (elem != NULL) { 18 | if (elem->Data >= y->Data) { 19 | y->Flink = elem; 20 | if (prev == NULL) { x = y; goto retn; } 21 | prev->Flink = y; 22 | goto retn; 23 | } 24 | elem = elem->Flink; 25 | prev = elem; 26 | } 27 | y->Flink = elem; 28 | if (prev == NULL) { x = y; goto retn; } 29 | prev->Flink = y; 30 | retn: ; 31 | } 32 | 33 | SLL_destroy(c); 34 | SLL_destroy(x); 35 | } 36 | -------------------------------------------------------------------------------- /test/cex/sll/insertion_sort_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY insert(PSLL_ENTRY l, PSLL_ENTRY x) { 6 | PSLL_ENTRY elem, prev; 7 | elem = l; 8 | prev = NULL; 9 | while (elem != NULL) { 10 | if (elem->Data >= x->Data) { 11 | x->Flink = elem; 12 | if (prev == NULL) return x; 13 | prev->Flink = x; 14 | return l; 15 | } 16 | prev = elem; 17 | elem = elem->Flink; 18 | } 19 | x->Flink = elem; 20 | if (prev == NULL) return x; 21 | prev->Flink = x; 22 | return l; 23 | } 24 | 25 | PSLL_ENTRY insertion_sort(PSLL_ENTRY x) { 26 | PSLL_ENTRY h, ret, cand; 27 | h = x; 28 | ret = NULL; 29 | while (h != NULL) { 30 | h = h->Flink; 31 | cand = h; 32 | cand->Flink = NULL; 33 | ret = insert(ret, cand); 34 | } 35 | return ret; 36 | } 37 | 38 | void main() { 39 | PSLL_ENTRY x; 40 | x = SLL_create(17); 41 | x = insertion_sort(x); 42 | SLL_destroy(x); 43 | } 44 | -------------------------------------------------------------------------------- /test/cex/sll/list_of_objects.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create and destroy a singly-linked list of pointers to heap objects. 5 | **/ 6 | 7 | #include "slayer.h" 8 | 9 | 10 | typedef struct _SLL_ENTRY { 11 | void* Data; 12 | struct _SLL_ENTRY *Flink; 13 | } SLL_ENTRY, *PSLL_ENTRY; 14 | 15 | 16 | void main(void) { 17 | PSLL_ENTRY head, item; 18 | 19 | head = NULL; 20 | while (nondet()) { 21 | item = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 22 | item->Data = (int*)malloc(sizeof(int)); 23 | item->Flink = head; 24 | head = item; 25 | } 26 | 27 | while (head) { 28 | item = head; 29 | head = item->Flink; 30 | free(item->Data); 31 | free(item); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /test/cex/sll/list_of_objects_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create and destroy a singly-linked list of pointers to heap objects. 5 | **/ 6 | 7 | #include "slayer.h" 8 | 9 | 10 | typedef struct _SLL_ENTRY { 11 | void* Data; 12 | struct _SLL_ENTRY *Flink; 13 | } SLL_ENTRY, *PSLL_ENTRY; 14 | 15 | 16 | void main(void) { 17 | PSLL_ENTRY head, item; 18 | 19 | head = NULL; 20 | while (nondet()) { 21 | item = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 22 | item->Data = (int*)malloc(sizeof(int)); 23 | head = item; 24 | item->Flink = head; 25 | } 26 | 27 | while (head) { 28 | item = head; 29 | head = item->Flink; 30 | free(item->Data); 31 | free(item); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /test/cex/sll/remove_ret_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY sll_remove(PSLL_ENTRY l, PSLL_ENTRY x) { 6 | PSLL_ENTRY elem, prev, t; 7 | elem = l; 8 | prev = NULL; 9 | while (elem != NULL) { 10 | if (elem == x) { 11 | if (prev == NULL) { 12 | t = elem->Flink; 13 | free(elem); 14 | return t; 15 | } else { 16 | free(elem); 17 | t = elem->Flink; 18 | prev->Flink = t; 19 | } 20 | return l; 21 | } 22 | prev = elem; 23 | elem = elem->Flink; 24 | } 25 | return l; 26 | } 27 | 28 | void main() { 29 | PSLL_ENTRY x = NULL, y = NULL; 30 | y = cons(3, y); 31 | y = cons(2, y); 32 | x = cons(1, y); 33 | x = sll_remove(x, y); 34 | SLL_destroy(x); 35 | } 36 | -------------------------------------------------------------------------------- /test/cex/sll/reverse_div2_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then destroy a singly-linked list. 5 | 6 | Similar to reverse_div2.c but is also unsafe due to an omitted NULL test. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse_div(PSLL_ENTRY *l) { 13 | PSLL_ENTRY c = *l, r = NULL; 14 | while(c != NULL) { 15 | PSLL_ENTRY t; 16 | t = c; 17 | c = c->Flink; 18 | t->Flink = r; 19 | r = t; 20 | if (nondet() /* && z!=NULL */) { 21 | t = c; 22 | c = c->Flink; 23 | t->Flink = r; 24 | r = t; 25 | } 26 | } 27 | *l = r; 28 | } 29 | 30 | 31 | void main() { 32 | PSLL_ENTRY head; 33 | 34 | head = SLL_create(nondet()); 35 | 36 | reverse_div(&head); 37 | 38 | SLL_destroy(head); 39 | } 40 | -------------------------------------------------------------------------------- /test/cex/sll/reverse_div3_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, attempt to reverse, and then destroy a singly-linked list. 5 | 6 | Similar to reverse.c but sometimes breaks the list, gets lost, and 7 | diverges. May also crash when destroying a cyclic list created by 8 | the broken reversal. 9 | **/ 10 | 11 | #include "sll.h" 12 | 13 | 14 | void reverse(PSLL_ENTRY *l) { 15 | PSLL_ENTRY c = *l, r = NULL; 16 | while(c != NULL) { 17 | PSLL_ENTRY t; 18 | t = c; 19 | if (c->Data != 5) 20 | c = c->Flink; 21 | r = t; 22 | t->Flink = r; 23 | } 24 | *l = r; 25 | } 26 | 27 | void main() { 28 | PSLL_ENTRY head; 29 | 30 | head = SLL_create(nondet()); 31 | 32 | reverse(&head); 33 | 34 | SLL_destroy(head); 35 | } 36 | -------------------------------------------------------------------------------- /test/cex/sll/reverse_div4_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /** 4 | Create, attempt to reverse, and then leak a singly-linked list. 5 | 6 | Similar to reverse_div3.c but never advances the cursor pointer. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse(PSLL_ENTRY *l) { 13 | PSLL_ENTRY c = *l, r = NULL; 14 | while(c != NULL) { 15 | PSLL_ENTRY t; 16 | r = t; 17 | t->Flink = r; 18 | t = c; 19 | } 20 | *l = r; 21 | } 22 | 23 | void main() { 24 | PSLL_ENTRY head; 25 | 26 | head = SLL_create(nondet()); 27 | 28 | reverse(&head); 29 | 30 | SLL_destroy(head); 31 | } 32 | -------------------------------------------------------------------------------- /test/cex/sll/reverse_div_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | Create, reverse, and then destroy a singly-linked list. 4 | 5 | Similar to reverse.c but may nondeterministically do nothing during 6 | reversal, thereby causing divergence. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse_div(PSLL_ENTRY *l) { 13 | PSLL_ENTRY c = *l, r = NULL; 14 | while(c != NULL) { 15 | if (nondet()) { /* nondeterministically do nothing */ 16 | PSLL_ENTRY t; 17 | c = c->Flink; 18 | t = c; 19 | t->Flink = r; 20 | r = t; 21 | } 22 | } 23 | *l = r; 24 | } 25 | 26 | 27 | void main() { 28 | PSLL_ENTRY head; 29 | 30 | head = SLL_create(nondet()); 31 | 32 | reverse_div(&head); 33 | 34 | SLL_destroy(head); 35 | } 36 | -------------------------------------------------------------------------------- /test/cex/sll/reverse_leak2_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then destroy a singly-linked list. 5 | 6 | Similar to reverse_leak.c but chooses leaked item nondeterministically. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse(PSLL_ENTRY *l) { 13 | PSLL_ENTRY c = *l, r = NULL; 14 | while(c != NULL) { 15 | PSLL_ENTRY t; 16 | c = c->Flink; 17 | t = c; 18 | if (nondet()) { /* leak t */ 19 | t->Flink = r; 20 | r = t; 21 | } 22 | } 23 | *l = r; 24 | } 25 | 26 | void main() { 27 | PSLL_ENTRY head; 28 | 29 | head = SLL_create(nondet()); 30 | 31 | reverse(&head); 32 | 33 | SLL_destroy(head); 34 | } 35 | -------------------------------------------------------------------------------- /test/cex/sll/reverse_leak_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then destroy a singly-linked list. 5 | 6 | Similar to reverse.c but may leak an item. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse(PSLL_ENTRY *l) { 13 | PSLL_ENTRY c = *l, r = NULL; 14 | while(c != NULL) { 15 | PSLL_ENTRY t; 16 | c = c->Flink; 17 | t = c; 18 | if (t->Data != 1) { /* leak t */ 19 | t->Flink = r; 20 | r = t; 21 | } 22 | } 23 | *l = r; 24 | } 25 | 26 | void main() { 27 | PSLL_ENTRY head; 28 | 29 | head = SLL_create(nondet()); 30 | 31 | reverse(&head); 32 | 33 | SLL_destroy(head); 34 | } 35 | -------------------------------------------------------------------------------- /test/cex/sll/reverse_ret_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY reverse(PSLL_ENTRY a) { 6 | PSLL_ENTRY x = a; 7 | PSLL_ENTRY o, t; 8 | o = NULL; 9 | while (x != NULL) { 10 | t = x->Flink; 11 | x->Flink = o; 12 | o = x; 13 | x = t; 14 | } 15 | return o; 16 | } 17 | 18 | void main() { 19 | PSLL_ENTRY x = NULL, y = NULL; 20 | x = cons(4, x); 21 | x = cons(3, x); 22 | x = cons(2, x); 23 | x = cons(1, x); 24 | x = reverse(x); 25 | assert(x==NULL); 26 | SLL_destroy(x); 27 | } 28 | -------------------------------------------------------------------------------- /test/cex/sll/reverse_seg_cyclic_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then leak a singly-linked list segment. 5 | 6 | Similar to reverse_seg.c but the segment might be cyclic or a lasso. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse_seg(PSLL_ENTRY *z, SLL_ENTRY *w) { 13 | PSLL_ENTRY t, x = *z, y = w; 14 | while(x != w) { 15 | t = x; 16 | x = x->Flink; 17 | t->Flink = y; 18 | y = t; 19 | } 20 | *z = y; 21 | } 22 | 23 | void main() { 24 | int length; 25 | PSLL_ENTRY head, tail; 26 | 27 | head = SLL_create_seg(length, tail); 28 | head = NULL; 29 | reverse_seg(&head, tail); 30 | } 31 | -------------------------------------------------------------------------------- /test/cex/sll/reverse_seg_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then destroy a singly-linked list segment. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void reverse_seg(PSLL_ENTRY *z, SLL_ENTRY *w) { 11 | PSLL_ENTRY t, x = *z, y = w; 12 | while(x != w) { 13 | t = x; 14 | x = x->Flink; 15 | t->Flink = y; 16 | y = t; 17 | } 18 | *z = y; 19 | } 20 | 21 | void main() { 22 | int length; 23 | PSLL_ENTRY head, tail; 24 | 25 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 26 | 27 | head = SLL_create_seg(length, tail); 28 | 29 | reverse_seg(&head, tail); 30 | 31 | SLL_destroy_seg(head, tail); 32 | free(tail); 33 | free(head); 34 | } 35 | -------------------------------------------------------------------------------- /test/cex/sll/reverse_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | /* 11 | Reverse the list pointed to by l. 12 | Implemented by poping off each item of *l into r. 13 | */ 14 | void reverse(PSLL_ENTRY *l) { 15 | PSLL_ENTRY c = *l, r = NULL; 16 | while(c != NULL) { 17 | PSLL_ENTRY t; 18 | c = c->Flink; 19 | t = c; 20 | t->Flink = r; 21 | r = t; 22 | } 23 | *l = r; 24 | } 25 | 26 | void main() { 27 | PSLL_ENTRY head; 28 | 29 | head = SLL_create(nondet()); 30 | 31 | reverse(&head); 32 | 33 | SLL_destroy(head); 34 | } 35 | -------------------------------------------------------------------------------- /test/cex/sll/splice_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY splice(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | PSLL_ENTRY p, q, t; 7 | p = x; 8 | q = y; 9 | if (p == NULL) return q; 10 | if (q == NULL) return p; 11 | while (1) { 12 | q = t->Flink; 13 | t = q; 14 | t->Flink = p->Flink; 15 | p->Flink = t; 16 | if (p == NULL) return x; 17 | p = t->Flink; 18 | if (q == NULL) return x; 19 | if (p == NULL) { 20 | t->Flink = q; 21 | return x; 22 | } 23 | } 24 | if (p == NULL) 25 | t->Flink = q; 26 | return x; 27 | } 28 | 29 | void main() { 30 | PSLL_ENTRY x, y, z; 31 | x = SLL_create(nondet()); 32 | y = SLL_create(nondet()); 33 | z = splice(x, y); 34 | SLL_destroy(z); 35 | } 36 | -------------------------------------------------------------------------------- /test/cex/sll/traverse3_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | 6 | Similar to traverse.c but only conditionally performs the creation and 7 | traversal. 8 | **/ 9 | 10 | #include "sll.h" 11 | 12 | void traverse(PSLL_ENTRY head) { 13 | PSLL_ENTRY tmp = head->Flink; 14 | 15 | while(tmp != NULL) { 16 | tmp = tmp->Flink ; 17 | } 18 | } 19 | 20 | 21 | void main(void) { 22 | PSLL_ENTRY head; 23 | int length; 24 | 25 | head = SLL_create(nondet()); 26 | traverse(head); 27 | SLL_destroy(head); 28 | } 29 | -------------------------------------------------------------------------------- /test/cex/sll/traverse_1lists_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse(PSLL_ENTRY head) { 11 | while(head != NULL) { 12 | head = head->Flink ; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head,head1; 18 | 19 | head = SLL_create(nondet()); 20 | head1 = SLL_create(nondet()); 21 | traverse(head); 22 | free(head1); 23 | SLL_destroy(head); 24 | } 25 | -------------------------------------------------------------------------------- /test/cex/sll/traverse_2lists_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse(PSLL_ENTRY head) { 11 | while(head != NULL) { 12 | head = head->Flink ; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head,head1,head2; 18 | 19 | head = SLL_create(nondet()); 20 | head1 = SLL_create(nondet()); 21 | head2 = SLL_create(nondet()); 22 | traverse(head); 23 | SLL_destroy(head); 24 | free(head2); 25 | } 26 | -------------------------------------------------------------------------------- /test/cex/sll/traverse_5lists_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse(PSLL_ENTRY head) { 11 | while(head != NULL) { 12 | head = head->Flink ; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head,head1,head2,head3,head4,head5; 18 | 19 | head = SLL_create(nondet()); 20 | head1 = SLL_create(nondet()); 21 | head2 = SLL_create(nondet()); 22 | head3 = SLL_create(nondet()); 23 | head4 = SLL_create(nondet()); 24 | head5 = SLL_create(nondet()); 25 | traverse(head); 26 | SLL_destroy(head); 27 | free(head5); 28 | } 29 | -------------------------------------------------------------------------------- /test/cex/sll/traverse_seg_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list segment. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse_seg(PSLL_ENTRY x, PSLL_ENTRY y) { 11 | while(x != y) { 12 | x = x->Flink; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head, tail; 18 | 19 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 20 | 21 | head = SLL_create_seg(nondet(), tail); 22 | 23 | traverse_seg(head, tail); 24 | 25 | SLL_destroy_seg(head, tail); 26 | free(tail); 27 | free(head); 28 | } 29 | -------------------------------------------------------------------------------- /test/cex/sll/traverse_twice_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, re-traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | void traverse(PSLL_ENTRY head) { 10 | while(head->Flink != NULL) { 11 | head = head->Flink; 12 | } 13 | } 14 | 15 | void main(void) { 16 | PSLL_ENTRY head; 17 | 18 | head = SLL_create(nondet()); 19 | traverse(head); 20 | traverse(head); 21 | SLL_destroy(head); 22 | } 23 | -------------------------------------------------------------------------------- /test/cex/sll/traverse_unsafe.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse(PSLL_ENTRY head) { 11 | while(head != NULL) { 12 | head = head->Flink ; 13 | free(head); 14 | } 15 | } 16 | 17 | void main(void) { 18 | PSLL_ENTRY head; 19 | 20 | head = SLL_create(nondet()); 21 | traverse(head); 22 | SLL_destroy(head); 23 | } 24 | -------------------------------------------------------------------------------- /test/cex/sll_rec/create_rec2_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* like create_rec.c but using length <= 0 instead of 0 <= length */ 4 | 5 | #include "sll.h" 6 | 7 | PSLL_ENTRY create(int length) { 8 | PSLL_ENTRY head, tmp; 9 | 10 | if (length <= 0) { 11 | head = NULL; 12 | } else { 13 | tmp = create(length - 1); 14 | head = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 15 | head->Flink = tmp->Flink; 16 | } 17 | return head; 18 | } 19 | 20 | void main(void) { 21 | int length; 22 | PSLL_ENTRY head, tmp; 23 | 24 | length = length % 100; 25 | tmp = head = create(length); 26 | 27 | print_list(head); 28 | } 29 | -------------------------------------------------------------------------------- /test/cex/sll_rec/create_rec3_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* like create_rec.c but allocate the new link before making the recursive 4 | call, so that the frame is unbounded */ 5 | 6 | #include "sll.h" 7 | 8 | PSLL_ENTRY create(int length) { 9 | PSLL_ENTRY head; 10 | 11 | if (0 <= length) { 12 | head = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 13 | head->Flink->Flink = create(length - 1); 14 | } else { 15 | head = NULL; 16 | } 17 | return head; 18 | } 19 | 20 | void main(void) { 21 | int length; 22 | PSLL_ENTRY head, tmp; 23 | 24 | length = length % 100; 25 | tmp = head = create(length); 26 | 27 | print_list(head); 28 | } 29 | -------------------------------------------------------------------------------- /test/cex/sll_rec/create_rec_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | PSLL_ENTRY head, tmp; 7 | 8 | if (0 <= length) { 9 | tmp = create(length - 1); 10 | // head = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 11 | head->Flink = tmp; 12 | } else { 13 | head = NULL; 14 | } 15 | return head; 16 | } 17 | 18 | void main(void) { 19 | int length; 20 | PSLL_ENTRY head, tmp; 21 | 22 | length = length % 100; 23 | tmp = head = create(length); 24 | 25 | print_list(head); 26 | } 27 | -------------------------------------------------------------------------------- /test/cex/sll_rec/find_rec_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | // return first link of x greater than n 6 | PSLL_ENTRY find(PSLL_ENTRY x, int n) { 7 | PSLL_ENTRY r; 8 | 9 | if (x == NULL) return NULL; 10 | if (x->Data > n) return x; 11 | r = find(x->Flink, n); 12 | return r; 13 | } 14 | 15 | void main() { 16 | PSLL_ENTRY x = NULL, y = NULL; 17 | x = cons(4, x); 18 | x = cons(3, x); 19 | x = cons(2, x); 20 | assert( x==NULL); 21 | x = cons(1, x); 22 | y = find(x, 2); 23 | print_list(y); 24 | } 25 | -------------------------------------------------------------------------------- /test/cex/sll_rec/merge_rec_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY merge(PSLL_ENTRY p, PSLL_ENTRY q) { 6 | PSLL_ENTRY r, t; 7 | 8 | if (p == NULL) return q; 9 | if (q == NULL) return p; 10 | if (p->Data <= q->Data) { 11 | r = p->Flink; 12 | t = merge(r, q); 13 | p->Flink = t; 14 | return p; 15 | } else { 16 | r = q->Flink; 17 | t = merge(p, r); 18 | q->Flink = t; 19 | return q; 20 | } 21 | return r; 22 | } 23 | 24 | void main() { 25 | PSLL_ENTRY x = NULL, y = NULL, z; 26 | x = cons(5, x); 27 | x = cons(3, x); 28 | x = cons(1, x); 29 | assert(x==NULL); 30 | y = cons(6, y); 31 | y = cons(4, y); 32 | y = cons(2, y); 33 | print_list(x); printf_s("\n"); 34 | print_list(y); printf_s("\n"); 35 | z = merge(x, y); 36 | print_list(z); 37 | } 38 | -------------------------------------------------------------------------------- /test/cex/sll_rec/reverse_app_ret_rec_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY append(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | PSLL_ENTRY r; 7 | 8 | if (x != NULL) { 9 | x->Flink = append(x->Flink, y); 10 | return x; 11 | } else { 12 | return y; 13 | } 14 | return r; 15 | } 16 | 17 | /* reverse recursively using append */ 18 | PSLL_ENTRY reverse(PSLL_ENTRY x) { 19 | PSLL_ENTRY xf, t = NULL, u; 20 | 21 | if (x == NULL) return t; 22 | xf = x->Flink; 23 | x->Flink = NULL; 24 | t->Flink = append(reverse(xf), x); 25 | } 26 | 27 | void main() { 28 | PSLL_ENTRY x = NULL, y = NULL; 29 | x = cons(4, x); 30 | x = cons(3, x); 31 | x = cons(2, x); 32 | x = cons(1, x); 33 | print_list(x); printf_s("\n"); 34 | x = reverse(x); 35 | print_list(x); 36 | } 37 | -------------------------------------------------------------------------------- /test/cex/sll_rec/reverse_rec_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | typedef struct _SLL_ENTRY cell, *list, *listseg; 6 | 7 | list list_reverse_rec_aux(list x, list y) { 8 | if(y == NULL) { 9 | return x; 10 | } else { 11 | list tmp = y->Data; 12 | y->Flink = x; 13 | return list_reverse_rec_aux(y, tmp); 14 | } 15 | } 16 | 17 | void list_reverse(list *z) { 18 | *z = list_reverse_rec_aux(NULL, *z); 19 | } 20 | 21 | int main() { 22 | list x; 23 | x = cons(1, cons(2, cons(3, NULL))); 24 | list_reverse(&x); 25 | print_list(x); printf_s("\n"); 26 | } 27 | -------------------------------------------------------------------------------- /test/cex/sll_rec/traverse_rec_nondet_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | int i; 7 | PSLL_ENTRY head, tmp; 8 | 9 | head = NULL; 10 | for(i = 0; nondet(); i++) { 11 | tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 12 | tmp->Flink = head; 13 | head = tmp; 14 | } 15 | 16 | return head; 17 | } 18 | 19 | void traverse(PSLL_ENTRY x) { 20 | if(x->Flink != NULL) { 21 | traverse(x->Flink); 22 | } 23 | } 24 | 25 | void main(void) { 26 | int length; 27 | PSLL_ENTRY head; 28 | 29 | length = length % 100; 30 | head = create(length); 31 | 32 | traverse(head); 33 | 34 | return; 35 | } 36 | -------------------------------------------------------------------------------- /test/cex/sll_rec/traverse_rec_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | int i; 7 | PSLL_ENTRY head, tmp; 8 | 9 | head = NULL; 10 | for(i = 0; i < length; i++) { 11 | // tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 12 | tmp->Flink = head; 13 | head = tmp; 14 | } 15 | 16 | return head; 17 | } 18 | 19 | void traverse(PSLL_ENTRY x) { 20 | if(x != NULL) { 21 | traverse(x->Flink); 22 | } 23 | } 24 | 25 | void main(void) { 26 | int length; 27 | PSLL_ENTRY head; 28 | 29 | length = length % 100; 30 | head = create(length); 31 | 32 | traverse(head); 33 | /* traverse(head); */ 34 | 35 | return; 36 | } 37 | -------------------------------------------------------------------------------- /test/cex/sll_rec/traverse_seg_rec_nondet_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | int i; 7 | PSLL_ENTRY head, tmp; 8 | 9 | head = NULL; 10 | for(i = 0; nondet(); i++) { 11 | // tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 12 | tmp->Flink = head; 13 | head = tmp; 14 | } 15 | 16 | return head; 17 | } 18 | 19 | void traverse(PSLL_ENTRY a, PSLL_ENTRY y) { 20 | PSLL_ENTRY x = a; 21 | 22 | if(x != y) { 23 | x = x->Flink; 24 | traverse(x, y); 25 | } 26 | } 27 | 28 | void main(void) { 29 | int length; 30 | PSLL_ENTRY head; 31 | 32 | length = length % 100; 33 | head = create(length); 34 | 35 | traverse(head, NULL); 36 | /* traverse(head); */ 37 | 38 | return; 39 | } 40 | -------------------------------------------------------------------------------- /test/cex/sll_rec/traverse_seg_rec_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | int i; 7 | PSLL_ENTRY head, tmp; 8 | 9 | head = NULL; 10 | for(i = 0; i < length; i++) { 11 | // tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 12 | tmp->Flink = head; 13 | head = tmp; 14 | } 15 | 16 | return head; 17 | } 18 | 19 | void traverse(PSLL_ENTRY a, PSLL_ENTRY y) { 20 | PSLL_ENTRY x = a; 21 | 22 | if(x != y) { 23 | x = x->Flink; 24 | traverse(x, y); 25 | } 26 | } 27 | 28 | void main(void) { 29 | int length; 30 | PSLL_ENTRY head; 31 | 32 | length = length % 100; 33 | head = create(length); 34 | 35 | traverse(head, NULL); 36 | /* traverse(head); */ 37 | 38 | return; 39 | } 40 | -------------------------------------------------------------------------------- /test/config.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | REM setup file for running SLAyer tests, source after SLAyer/config.cmd 4 | 5 | REM The slam frontend uses the SDV cl.exe. 6 | set PATH=%SLWIN%\SLAyer\tools\sdv\product\bin;%PATH% 7 | set PATH=%SLWIN%\SLAyer\tools\sdv\product\bin\engine;%PATH% 8 | set PATH=%SLWIN%\SLAyer\tools\sdv\product\bin\engine\slayer;%PATH% 9 | set PATH=%SLWIN%\SLAyer\tools\sdv\product\bin\parser\x86_esp;%PATH% 10 | set PATH=%SLWIN%\SLAyer\tools\sdv\dev\bin;%PATH% 11 | 12 | REM For cl.exe to pick up slayer.h, etc. 13 | set INCLUDE=%SLWIN%\SLAyer\include;%INCLUDE% 14 | set INCLUDE=%SLWIN%\SLAyer\test\sll;%INCLUDE% 15 | set INCLUDE=%SLWIN%\SLAyer\test\csll;%INCLUDE% 16 | set INCLUDE=%SLWIN%\SLAyer\test\kmdf;%INCLUDE% 17 | set INCLUDE=%SLWIN%\SLAyer\test\kmdf\toaster\inc;%INCLUDE% 18 | set INCLUDE=%SLWIN%\SLAyer\test\kmdf\toaster\func\shared;%INCLUDE% 19 | -------------------------------------------------------------------------------- /test/csll/csll.h: -------------------------------------------------------------------------------- 1 | // common definitions for cyclic singly-linked lists 2 | 3 | #include "../sll/sll.h" 4 | 5 | 6 | /* assumes cyclic list is non-empty */ 7 | void CSLL_destroy(PSLL_ENTRY head) { 8 | PSLL_ENTRY curr, next; 9 | curr = head->Flink; 10 | while( curr != head ) { 11 | next = curr->Flink; 12 | free(curr); 13 | curr = next; 14 | } 15 | free(head); 16 | } 17 | 18 | 19 | /* assumes cyclic list is non-empty */ 20 | void CSLL_print(PSLL_ENTRY head) { 21 | PSLL_ENTRY curr; 22 | 23 | printf("("); 24 | print_link(head); 25 | curr = head->Flink; 26 | do { 27 | printf(",\n "); 28 | print_link(curr); 29 | curr = curr->Flink; 30 | } while (curr != head); 31 | printf(")\n"); 32 | } 33 | -------------------------------------------------------------------------------- /test/csll/destroy.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /** 4 | Create and destroy a cyclic singly-linked list. 5 | 6 | Works by remembering the first node in the list, freeing all others, then 7 | freeing the first one. 8 | **/ 9 | 10 | #include "csll.h" 11 | 12 | 13 | void main() { 14 | PSLL_ENTRY head, tail; 15 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 16 | head = SLL_create_seg(nondet(), tail); 17 | tail->Flink = head; 18 | CSLL_destroy(head); 19 | } 20 | -------------------------------------------------------------------------------- /test/csll/destroy_iter_rem.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /** 4 | Create and destroy a cyclic singly-linked list. 5 | 6 | Works by iteratively unlinking and freeing nodes from the list until it has 7 | length one, then frees the remaining node. 8 | **/ 9 | 10 | #include "sll.h" 11 | 12 | 13 | void CSLL_destroy(PSLL_ENTRY head) { 14 | PSLL_ENTRY curr, next; 15 | curr = head->Flink; 16 | while( head != curr ) { 17 | next = curr->Flink; 18 | head->Flink = next; 19 | free(curr); 20 | curr = next; 21 | } 22 | free(head); 23 | } 24 | 25 | 26 | void main() { 27 | PSLL_ENTRY head, tail; 28 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 29 | head = SLL_create_seg(nondet(), tail); 30 | tail->Flink = head; 31 | CSLL_destroy(head); 32 | } 33 | -------------------------------------------------------------------------------- /test/csll/destroy_test_dangling.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /** 4 | Create and destroy a cyclic singly-linked list. 5 | 6 | Works by freeing the first node, followed by all others until seeing a 7 | pointer back to the first one. Since this performs a test against a 8 | dangling pointer, it has unspecified behavior according to section 6.2.4.2 9 | of the ISO C99 standard. 10 | **/ 11 | 12 | #include "sll.h" 13 | 14 | 15 | void destroy(PSLL_ENTRY x) { 16 | PSLL_ENTRY h = x, c; 17 | do { 18 | c = x; 19 | x = x->Flink; 20 | free(c); 21 | } while(x != h); 22 | } 23 | 24 | 25 | void main() { 26 | PSLL_ENTRY head, tail; 27 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 28 | head = SLL_create_seg(nondet(), tail); 29 | tail->Flink = head; 30 | destroy(head); 31 | } 32 | -------------------------------------------------------------------------------- /test/csll/fill_walk_drain.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _SLL_ENTRY { 6 | int Data; 7 | struct _SLL_ENTRY *Flink; 8 | } SLL_ENTRY, *PSLL_ENTRY; 9 | 10 | PSLL_ENTRY newEntry() { return malloc(sizeof(SLL_ENTRY)); } 11 | 12 | void fill(PSLL_ENTRY head) { 13 | while (nondet()) { 14 | PSLL_ENTRY entry = newEntry(); 15 | entry->Flink = head->Flink; 16 | head->Flink = entry; 17 | } 18 | } 19 | 20 | void walk(PSLL_ENTRY head) { 21 | PSLL_ENTRY entry = head->Flink; 22 | while (entry != head) { 23 | entry = entry->Flink; 24 | } 25 | } 26 | 27 | void drain(PSLL_ENTRY head) { 28 | PSLL_ENTRY entry = head->Flink; 29 | while (entry != head) { 30 | PSLL_ENTRY next = entry->Flink; 31 | free(entry); 32 | entry = next; 33 | } 34 | } 35 | 36 | void main() { 37 | PSLL_ENTRY head = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 38 | head->Flink = head; 39 | fill(head); 40 | walk(head); 41 | drain(head); 42 | free(head); 43 | } 44 | -------------------------------------------------------------------------------- /test/csll/remove.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "csll.h" 4 | 5 | 6 | /* remove any entry of the cyclic list containing head whose Data field is fo, 7 | except head itself */ 8 | void CSLL_remove(PSLL_ENTRY head, int fo) { 9 | PSLL_ENTRY prev, entry, tmp; 10 | 11 | prev = head; 12 | entry = head->Flink; 13 | while( entry != head ) { 14 | if( entry->Data == fo ) { 15 | /* remove entry */ 16 | tmp = entry->Flink; 17 | prev->Flink = tmp; 18 | free(entry); 19 | entry = tmp; 20 | } else { 21 | prev = entry; 22 | entry = entry->Flink; 23 | } 24 | } 25 | } 26 | 27 | 28 | void main() { 29 | PSLL_ENTRY head, tail; 30 | 31 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 32 | head = SLL_create_seg(nondet(), tail); 33 | tail->Flink = head; 34 | 35 | CSLL_remove(head, 42); 36 | 37 | CSLL_destroy(head); 38 | } 39 | -------------------------------------------------------------------------------- /test/csll/remove2.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* Similar to remove, but does not destroy the list. */ 4 | 5 | #include "csll.h" 6 | 7 | 8 | void CSLL_remove(PSLL_ENTRY head, int fo) { 9 | PSLL_ENTRY prev, entry, tmp; 10 | 11 | prev = head; 12 | entry = head->Flink; 13 | while( entry != head ) { 14 | if( entry->Data == fo ) { 15 | /* remove entry */ 16 | tmp = entry->Flink; 17 | prev->Flink = tmp; 18 | free(entry); 19 | entry = tmp; 20 | } else { 21 | prev = entry; 22 | entry = entry->Flink; 23 | } 24 | } 25 | } 26 | 27 | 28 | void main() { 29 | PSLL_ENTRY head, tail; 30 | 31 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 32 | head = SLL_create_seg(nondet(), tail); 33 | tail->Flink = head; 34 | 35 | CSLL_remove(head, 42); 36 | 37 | /* CSLL_destroy(head); */ 38 | } 39 | -------------------------------------------------------------------------------- /test/csll/remove_for.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* 4 | Similar to remove, but using a for loop. 5 | */ 6 | #include "csll.h" 7 | 8 | 9 | void CSLL_remove(PSLL_ENTRY head, int fo) { 10 | PSLL_ENTRY prev, entry, tmp; 11 | for( prev = head, entry = head->Flink; 12 | entry != head; 13 | prev = entry, entry = entry->Flink ) { 14 | if( entry->Data == fo ) { 15 | tmp = entry->Flink; 16 | prev->Flink = tmp; 17 | free(entry); 18 | entry = prev; 19 | } 20 | } 21 | } 22 | 23 | 24 | void main() { 25 | PSLL_ENTRY head, tail; 26 | 27 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 28 | head = SLL_create_seg(nondet(), tail); 29 | tail->Flink = head; 30 | 31 | CSLL_remove(head, 42); 32 | 33 | CSLL_destroy(head); 34 | } 35 | -------------------------------------------------------------------------------- /test/csll/remove_for2.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* 4 | Similar to remove2, but using a for loop. 5 | */ 6 | #include "csll.h" 7 | 8 | 9 | void CSLL_remove(PSLL_ENTRY head, int fo) { 10 | PSLL_ENTRY prev, entry, tmp; 11 | for( prev = head, entry = head->Flink; 12 | entry != head; 13 | prev = entry, entry = entry->Flink ) { 14 | if( entry->Data == fo ) { 15 | tmp = entry->Flink; 16 | prev->Flink = tmp; 17 | free(entry); 18 | entry = prev; 19 | } 20 | } 21 | } 22 | 23 | 24 | void main() { 25 | PSLL_ENTRY head, tail; 26 | 27 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 28 | head = SLL_create_seg(nondet(), tail); 29 | tail->Flink = head; 30 | 31 | CSLL_remove(head, 42); 32 | 33 | CSLL_destroy(head); 34 | } 35 | -------------------------------------------------------------------------------- /test/csll/remove_leak.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "csll.h" 4 | 5 | 6 | /* remove any entry of the cyclic list containing head whose Data field is fo, 7 | except head itself */ 8 | void CSLL_remove(PSLL_ENTRY head, int fo) { 9 | PSLL_ENTRY prev, entry, tmp; 10 | 11 | prev = head; 12 | entry = head->Flink; 13 | while(entry != head) { 14 | if (entry->Data == fo) { 15 | /* remove entry */ 16 | tmp = entry->Flink; 17 | prev->Flink = tmp; 18 | /* don't free entry, it gets leaked here */ 19 | entry->Flink = entry; 20 | } else { 21 | prev = entry; 22 | } 23 | entry = entry->Flink; 24 | } 25 | } 26 | 27 | 28 | void main() { 29 | PSLL_ENTRY head, tail; 30 | 31 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 32 | head = SLL_create_seg(nondet(), tail); 33 | tail->Flink = head; 34 | 35 | CSLL_remove(head, 42); 36 | 37 | CSLL_destroy(head); 38 | } 39 | -------------------------------------------------------------------------------- /test/dev/frec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | // frec not inlineable: calls itself. 4 | void frec (int x) 5 | { 6 | /* int x = y; */ 7 | if (x==0) return; 8 | else frec(x-1); 9 | } 10 | 11 | void main() 12 | { 13 | frec(99); 14 | } 15 | -------------------------------------------------------------------------------- /test/dev/irreducible.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | void main() { 6 | int x, y; 7 | 8 | x++; 9 | if(x / 2) { 10 | L0: 11 | if(x <= 0) goto L3; 12 | x--; 13 | goto L1; 14 | } else { 15 | L1: 16 | y++; 17 | goto L0; 18 | } 19 | L3: 20 | 21 | return; 22 | } 23 | -------------------------------------------------------------------------------- /test/dev/straight.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include 4 | 5 | typedef struct _LIST_ENTRY { 6 | struct _LIST_ENTRY *Flink; 7 | struct _LIST_ENTRY *Blink; 8 | } LIST_ENTRY, *PLIST_ENTRY; 9 | 10 | void main(void) { 11 | int length = 10; 12 | PLIST_ENTRY head, tmp; 13 | 14 | head = NULL; 15 | tmp = (PLIST_ENTRY)malloc(sizeof(LIST_ENTRY)); 16 | tmp->Flink = head; 17 | head = tmp; 18 | tmp = tmp->Flink; 19 | 20 | return; 21 | } 22 | -------------------------------------------------------------------------------- /test/dev/straight_func.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | 6 | typedef struct _LIST_ENTRY { 7 | struct _LIST_ENTRY *Flink; 8 | struct _LIST_ENTRY *Blink; 9 | } LIST_ENTRY, *PLIST_ENTRY; 10 | 11 | PLIST_ENTRY create(int length) { 12 | /* int i; */ 13 | PLIST_ENTRY head, tmp; 14 | 15 | head = NULL; 16 | /* for(i = 0; i < length; i++) { */ 17 | tmp = (PLIST_ENTRY)malloc(sizeof(LIST_ENTRY)); 18 | tmp->Flink = head; 19 | head = tmp; 20 | /* } */ 21 | return head; 22 | } 23 | 24 | void traverse(PLIST_ENTRY head) { 25 | PLIST_ENTRY tmp = head; 26 | 27 | while(tmp != NULL) { 28 | tmp = tmp->Flink ; 29 | } 30 | } 31 | 32 | void destroy(PLIST_ENTRY head) { 33 | PLIST_ENTRY t, c = head; 34 | 35 | /* while(c != NULL) { */ 36 | t = c; 37 | c = c->Flink; 38 | free(t); 39 | } 40 | 41 | void main(void) { 42 | int length = 10; 43 | PLIST_ENTRY head; 44 | head = create(length); 45 | traverse(head); 46 | destroy(head); 47 | return; 48 | } 49 | -------------------------------------------------------------------------------- /test/kmdf/1394/wdf_driver_config_init.c: -------------------------------------------------------------------------------- 1 | /***************************************************************************** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | 1394 Feature: WDF_DRIVER_CONFIG_INIT. 5 | Source: %SLAM%/WDK/inc/wdf/kmdf/1.9/, line 123. 6 | Expected Result: SAFE. 7 | *****************************************************************************/ 8 | #include "harness.h" 9 | #include "1394.h" 10 | 11 | /* 12 | * Stub of function at pnp.c, line 26. 13 | */ 14 | NTSTATUS 15 | t1394_EvtDeviceAdd( 16 | /* IN */ WDFDRIVER Driver, 17 | /* IN */ PWDFDEVICE_INIT DeviceInit 18 | ) 19 | { 20 | return STATUS_SUCCESS; 21 | } 22 | 23 | 24 | /* 25 | * Harness. 26 | */ 27 | int main () 28 | { 29 | WDF_DRIVER_CONFIG config; 30 | 31 | WDF_DRIVER_CONFIG_INIT( 32 | &config, 33 | t1394_EvtDeviceAdd 34 | ); 35 | 36 | } 37 | -------------------------------------------------------------------------------- /test/kmdf/microtests/WdfStringCreate_ObjectDelete.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "harness.h" 4 | 5 | void 6 | main () { 7 | WDFSTRING s; 8 | NTSTATUS status; 9 | 10 | status = WdfStringCreate(NULL,WDF_NO_OBJECT_ATTRIBUTES,&s); 11 | if (NT_SUCCESS(status)) { 12 | WdfObjectDelete(s); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /test/multi/link/extern.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | int f() { return 0; } 4 | 5 | int g() { return 1; } 6 | -------------------------------------------------------------------------------- /test/multi/link/main.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include 4 | 5 | int f(); 6 | 7 | static int g() { return 2; } 8 | 9 | void main() { 10 | int x; 11 | int y; 12 | 13 | x = f(); 14 | y = g(); 15 | 16 | assert(x == 0); /* succeeds if f from extern.c called */ 17 | assert(y == 2); /* succeeds if g from main.c called */ 18 | } 19 | -------------------------------------------------------------------------------- /test/other/addr_of_global_struct.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Test case for PS #603. The load to x below is like 5 | (&fdoAttributes)->ContextTypeInfo = (&_WDF_DEVICE_EXTENSION_TYPE_INFO)->UniqueType; 6 | from wdf_device_create.c 7 | The other loads are variations of the x one. 8 | **/ 9 | 10 | 11 | struct _RECT { 12 | int Length; 13 | int Width; 14 | }; 15 | 16 | typedef struct _RECT RECT; 17 | 18 | RECT r; 19 | 20 | void main () 21 | { 22 | int x,y,z ; 23 | RECT *pr; 24 | 25 | // #1 addr of r directly 26 | x = (&r)->Length ; 27 | 28 | // #2 addr or r via an intermediate 29 | pr = &r; 30 | y = pr->Length; 31 | 32 | // #3 access r.Length 33 | z = r.Length ; 34 | 35 | End: return; 36 | } 37 | -------------------------------------------------------------------------------- /test/other/address_arith.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | struct s { 4 | int *a; 5 | int *b; 6 | }; 7 | 8 | void main() { 9 | struct s x; 10 | int **ptr; 11 | int y; 12 | 13 | x.b = &y; 14 | ptr = &x.a; 15 | ptr++; 16 | *ptr = 0; // UNSAFE unless we know there is no padding between a and b members of s 17 | *x.b = 0; // UNSAFE if we do know there is no padding between a and b members of s 18 | } 19 | -------------------------------------------------------------------------------- /test/other/address_of.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | y is an alias of &x. 5 | **/ 6 | 7 | #include "slayer.h" 8 | 9 | void main() { 10 | int x; 11 | int *y = &x; 12 | *y = 0; 13 | FAIL_IF(x != 0) ; 14 | return; 15 | } 16 | -------------------------------------------------------------------------------- /test/other/address_of2.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | p is an alias of x. 5 | **/ 6 | 7 | #include "slayer.h" 8 | 9 | /* 10 | f's x should be heapified (it has it's address taken). It needs to be 11 | alloc/free-ed at the start/end of f. 12 | 13 | This program is a test-case for a bug # in SlamTranslator in which the 14 | to-be-heapified set wasn't implemented as a set. x was being malloc/free-ed 15 | as many times as it occured in the body of f. 16 | 17 | */ 18 | void f() { 19 | int x; 20 | int *p; 21 | 22 | p = &x; 23 | p = &x; // Just another mention of &x. 24 | *p = 0; 25 | FAIL_IF(x!=0); 26 | 27 | return; 28 | } 29 | 30 | void main() 31 | { 32 | f(); 33 | } 34 | -------------------------------------------------------------------------------- /test/other/address_of_global.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | y is an alias of the global x. 5 | **/ 6 | 7 | int x; 8 | 9 | void main() { 10 | int *y = &x; 11 | *y = 0; 12 | assert(x==0); 13 | return; 14 | } 15 | -------------------------------------------------------------------------------- /test/other/address_of_malloced_struct.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | y is an alias of an s->a. 5 | **/ 6 | 7 | #include "slayer.h" 8 | 9 | typedef struct _ls {int car; struct ls* cdr;} ls; 10 | 11 | void main() { 12 | ls* x; 13 | int* y; 14 | x = (ls*)malloc(sizeof(ls)); 15 | x->car = 42; 16 | y = 0; 17 | y = &(x->car); 18 | FAIL_IF( *y != 42 ) ; 19 | free(x); 20 | return; 21 | } 22 | -------------------------------------------------------------------------------- /test/other/address_of_struct.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | pa is an alias of an s.a. 5 | **/ 6 | 7 | #include "slayer.h" 8 | 9 | struct s { 10 | int a; 11 | }; 12 | 13 | void main() { 14 | int *pa; 15 | struct s x; 16 | 17 | pa = &(x.a); 18 | *pa = 0; 19 | 20 | FAIL_IF(x.a != 0); 21 | return; 22 | 23 | } 24 | -------------------------------------------------------------------------------- /test/other/address_taken_assigned_by_return.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | int f() { 4 | return 1; 5 | } 6 | 7 | main() { 8 | int s; 9 | int * ps; 10 | ps = & s; 11 | s = f(); 12 | assert(*ps == 1); 13 | } 14 | -------------------------------------------------------------------------------- /test/other/anonymous_union.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | typedef struct _T { 4 | union { 5 | int a; 6 | struct { 7 | char b; 8 | char c; 9 | short d; 10 | }; 11 | }; 12 | void* e; 13 | } T, *PT; 14 | 15 | 16 | void main() 17 | { 18 | T t; 19 | PT pt = &t; 20 | assert( pt != NULL ); 21 | } 22 | -------------------------------------------------------------------------------- /test/other/array_access.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Check that the A access is valid. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | int A[4] = { 0, 1, 2, 3 }; 10 | 11 | void main() 12 | { 13 | int x; 14 | x = A[0]; 15 | x = A[1]; 16 | x = A[2]; 17 | x = A[3]; 18 | x = A[55]; /* We don't check array bounds */ 19 | x = A[-2]; 20 | x = -2[A]; 21 | } 22 | -------------------------------------------------------------------------------- /test/other/array_arguments_heap.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | This is how t1394_EvtIoDeviceControl passes Arguments to t1394_AsyncWrite. 5 | */ 6 | #include "slayer.h" 7 | 8 | struct T { 9 | int Id ; 10 | int Arguments[2] ; 11 | }; 12 | 13 | void init (int iArguments[2]) 14 | { 15 | struct T *p ; 16 | p = (struct T *)malloc(sizeof(struct T)); 17 | p->Id = 0; 18 | p->Arguments[0] = iArguments[0] ; 19 | p->Arguments[1] = iArguments[1] ; 20 | free(p); 21 | } 22 | 23 | void main() 24 | { 25 | 26 | struct T *t; 27 | t = (struct T *)malloc(sizeof(struct T)); 28 | t->Id = -1; 29 | t->Arguments[0] = 0 ; 30 | t->Arguments[1] = 1 ; 31 | init(t->Arguments); 32 | 33 | { int x; x = t->Arguments[0]; } 34 | free(t); 35 | } 36 | -------------------------------------------------------------------------------- /test/other/array_arguments_stack.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | This is a simpler version of how t1394_EvtIoDeviceControl passes Arguments to 5 | t1394_AsyncWrite. 6 | */ 7 | 8 | #include "slayer.h" 9 | 10 | struct T { 11 | int Id ; 12 | int Arguments[2] ; 13 | }; 14 | 15 | void init (int iArguments[2]) 16 | //void init (int *iArguments) 17 | { 18 | struct T *p ; 19 | p = (struct T *)malloc(sizeof(struct T)); 20 | p->Id = 0; 21 | p->Arguments[0] = iArguments[0] ; 22 | p->Arguments[1] = iArguments[1] ; 23 | free(p); 24 | } 25 | 26 | void main() 27 | { 28 | int Arguments[2] = { 10, 100 }; 29 | init( Arguments ); 30 | 31 | { int x; x = Arguments[0]; } 32 | 33 | } 34 | 35 | -------------------------------------------------------------------------------- /test/other/array_of_guids.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* 4 | This is step5.tmh, line 1758. 5 | 6 | extern const __declspec(selectany) GUID WPP_LOCAL_TraceGuids[] = { {0x528b9093,0x3035,0xc568,{0x9e,0xfd,0xdd,0x0f,0xd9,0x14,0x13,0x35}}, }; 7 | 8 | Check that the WPP+Local_TraceGuids access is valid. 9 | */ 10 | 11 | #include "slayer.h" 12 | 13 | struct GUID { 14 | int A; 15 | int B; 16 | int C; 17 | int D[4]; 18 | }; 19 | 20 | // a global guid 21 | //struct GUID a_guid[] = { { 1, 2, 3, {100,101,102,103}}, } ; 22 | // /\ write to a_guid[0].D[0],... 23 | 24 | struct GUID a_guid[1]; 25 | 26 | void main() 27 | { 28 | a_guid[0].A = 1 ; 29 | a_guid[0].B = 2 ; 30 | a_guid[0].C = 3 ; 31 | a_guid[0].D[0] = 100 ; 32 | a_guid[0].D[1] = 101 ; 33 | a_guid[0].D[2] = 102 ; 34 | a_guid[0].D[3] = 103 ; 35 | } 36 | -------------------------------------------------------------------------------- /test/other/assume_assert.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | #include 5 | 6 | #pragma warning(disable:4700) /* Using uninitialized memory */ 7 | #pragma warning(disable:6001) /* Using uninitialized memory */ 8 | 9 | void main() { 10 | int i; 11 | assume(i > 0); 12 | assert(i > 0); 13 | i--; 14 | assert(i); /* UNSAFE */ 15 | _SLAyer_unreachable(); 16 | _SLAyer_error(); 17 | } 18 | -------------------------------------------------------------------------------- /test/other/backjump.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Structured gotos. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | void main() { 10 | int x, y; 11 | L: y = 0; 12 | if(y==0) return; 13 | FAIL ; 14 | x = 0; 15 | goto L; 16 | } 17 | -------------------------------------------------------------------------------- /test/other/bitfield.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | typedef struct _T { 4 | unsigned char a : 1; 5 | unsigned char : 2; /* 2 bits of padding */ 6 | unsigned char b : 2; 7 | unsigned char : 0; /* pad to next char/byte boundary */ 8 | unsigned char c : 3; 9 | unsigned long : 0; /* pad to next long/word boundary */ 10 | unsigned char d : 4; 11 | } T, *PT; 12 | 13 | void main() 14 | { 15 | T t; 16 | t.a = 0; 17 | t.b = 3; 18 | t.c = 2; 19 | t.d = 4; 20 | assert( t.a != t.d ); 21 | assert( t.a != t.c ); 22 | assert( t.a != t.b ); 23 | } 24 | -------------------------------------------------------------------------------- /test/other/bool_to_int.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | C's bool representation. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | int main() { 10 | int four, eq_four; 11 | four = 4; 12 | eq_four = (four == 4); 13 | FAIL_IF( eq_four != 1 ); 14 | } 15 | -------------------------------------------------------------------------------- /test/other/call.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Unique ids over fun calls. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | void f() { 10 | int x = 1; 11 | return; 12 | } 13 | 14 | void main() { 15 | int x = 0; 16 | f(); 17 | FAIL_IF(x!=0); 18 | return; 19 | } 20 | -------------------------------------------------------------------------------- /test/other/call_arg.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Access local/global through fun call. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | int g; 10 | 11 | void f(int a, int *z) { 12 | int y = a; 13 | 14 | FAIL_IF( y!=*z ); 15 | *z = g; 16 | y = 13; 17 | return; 18 | } 19 | 20 | void main() { 21 | int x = 0; 22 | f(0, &x); 23 | FAIL_IF( x!=g ); 24 | return; 25 | } 26 | -------------------------------------------------------------------------------- /test/other/call_arg_unique.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | We have a fun call convention to have unique actuals. 5 | */ 6 | 7 | void f(int a, int b) { 8 | int y = a + b; 9 | return; 10 | } 11 | 12 | void main() { 13 | int x = 0; 14 | int y = 1; 15 | 16 | f(x,x); // Should become f(x1,x2) 17 | f(x,y); // Should become f(x3,y1) 18 | return; 19 | } 20 | -------------------------------------------------------------------------------- /test/other/cast_bt_types.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | struct I { int i; }; 6 | struct IJ { int i; int j; }; 7 | 8 | void main() 9 | { 10 | int *x; 11 | struct I *pi; 12 | struct IJ *pij; 13 | 14 | x = malloc(sizeof(int)); 15 | // x->(int) [] 16 | 17 | pi = (struct I*)x; 18 | pi->i = 32; 19 | // x->(I) [i:32] 20 | 21 | pij = (struct IJ*)x; 22 | pij->i = 10; 23 | pij->j = 100; // UNSAFE! 24 | // x->(IJ) [i:10;j:100] 25 | 26 | x = (int*)pij; 27 | free(x); 28 | 29 | } 30 | -------------------------------------------------------------------------------- /test/other/cast_guard_implicit.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | int a; 6 | 7 | void main() { 8 | int x; 9 | x = &a; 10 | assert(x != &a); 11 | return; 12 | } 13 | -------------------------------------------------------------------------------- /test/other/cast_guard_int.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | int a; 6 | 7 | void main() { 8 | int x; 9 | x = &a; 10 | assert(x == (int)&a); 11 | return; 12 | } 13 | -------------------------------------------------------------------------------- /test/other/cast_guard_ptr.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | int a; 6 | 7 | void main() { 8 | int x; 9 | x = &a; 10 | assert((int*)x == &a); 11 | return; 12 | } 13 | -------------------------------------------------------------------------------- /test/other/compound_assignment.c: -------------------------------------------------------------------------------- 1 | 2 | #include "SLAyer.h" 3 | 4 | int *x; 5 | int *y; 6 | 7 | int *f() 8 | { 9 | free(y); 10 | *x += 1; 11 | return x; 12 | } 13 | 14 | void main() 15 | { 16 | x = (int*)malloc(sizeof(int)); 17 | y = (int*)malloc(sizeof(int)); 18 | *x = 0; 19 | 20 | *(f()) += 1; 21 | // Should only evaluate *(f()) once. 22 | // Integers are too abstracted by SLAyer to prove this, 23 | // added free(y) to track if it is called twice. 24 | //assert(*x == 2); 25 | 26 | free(x); 27 | } 28 | -------------------------------------------------------------------------------- /test/other/control_guard.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Statement inside an Expr. 5 | */ 6 | 7 | void main() { 8 | int x = 0; 9 | if(x++, x) { x = 42; } 10 | return; 11 | } 12 | -------------------------------------------------------------------------------- /test/other/copy_struct_on_stack.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | The fe needs to move s1, s2 to the heap and change the s1=s2 copy 5 | to field-wise copy s1.x=s2.x;... . 6 | */ 7 | 8 | struct S { 9 | int x; 10 | int y; 11 | char z; 12 | }; 13 | 14 | void main() 15 | { 16 | struct S s1 = {1,2,'3'}; 17 | struct S s2 = {4,5,'6'}; 18 | 19 | s1 = s2; 20 | } 21 | -------------------------------------------------------------------------------- /test/other/dead_code.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Frontend drops deadcode. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | void main() { 10 | int x; 11 | x = 0; 12 | return; 13 | FAIL; 14 | } 15 | -------------------------------------------------------------------------------- /test/other/deref_NULL2.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | int main() { 4 | int x; 5 | int *y = 0; 6 | x = *y; 7 | } 8 | -------------------------------------------------------------------------------- /test/other/deref_ZERO.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | void** ZERO = 0; 4 | 5 | void main() { 6 | *ZERO = (void*)1; 7 | return; 8 | } 9 | -------------------------------------------------------------------------------- /test/other/deref_via_call.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | deref_via_call.c : assign into a local, but by passing it's address down a 5 | chain of function calls. 6 | 7 | This program should be safe. 8 | */ 9 | 10 | #include 11 | 12 | int g; 13 | 14 | void set_to_global_addr(int*** ppi) 15 | { 16 | **ppi = &g; 17 | } 18 | 19 | void set_to_global_addr_wrapper(int** pi) 20 | { 21 | int** l_pi = pi; 22 | int*** ppi; 23 | ppi = &l_pi; 24 | set_to_global_addr(ppi); 25 | } 26 | 27 | void main () 28 | { 29 | int **p = (int*) malloc (sizeof(int)); 30 | *p = NULL; 31 | set_to_global_addr_wrapper(p); 32 | 33 | assert (*p != NULL); 34 | 35 | free(p); 36 | } 37 | -------------------------------------------------------------------------------- /test/other/deref_via_call3.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | deref_via_call.c : assign into a local, but by passing it's address down a 5 | chain of function calls. 6 | 7 | This program should be safe. 8 | */ 9 | 10 | #include 11 | 12 | int a,b,c; 13 | 14 | void add10(int* ppi) 15 | { 16 | *ppi = *ppi + 10; 17 | } 18 | 19 | int add10_wrapper(int pi) 20 | { 21 | add10(&pi); 22 | return pi; 23 | } 24 | 25 | void main () 26 | { 27 | add10_wrapper(1); 28 | } 29 | -------------------------------------------------------------------------------- /test/other/dynamic_size_array.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | void main() { 6 | int n; 7 | int* a; 8 | int i; 9 | 10 | n = n % 16; 11 | a = malloc(n * sizeof(int)); 12 | 13 | for(i=0; iZ; 30 | free(t); 31 | } 32 | -------------------------------------------------------------------------------- /test/other/global_struct_fields.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Assignment into struct fields. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | struct Globals 10 | { 11 | int* AssocClassList; 12 | int* NumAssocClass; 13 | }; 14 | 15 | 16 | struct Globals g; 17 | 18 | void cpy (int* src, int* dest) 19 | { 20 | FAIL_IF (src == dest) ; 21 | return; 22 | } 23 | 24 | main() 25 | { 26 | int dummy; 27 | g.AssocClassList = NULL; 28 | g.NumAssocClass = &dummy; 29 | cpy(g.AssocClassList, g.NumAssocClass); 30 | } 31 | -------------------------------------------------------------------------------- /test/other/global_var.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Global variable init. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | int x = 0; 10 | 11 | void main() { 12 | int y = x; 13 | FAIL_IF (y!=0) ; 14 | return; 15 | } 16 | -------------------------------------------------------------------------------- /test/other/globals_per_proc.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Run these with 'inline' set to false. 5 | */ 6 | 7 | int x,y,z,u,v; 8 | 9 | // f uses {x} 10 | void f() 11 | { 12 | int a; 13 | int b; 14 | int c; 15 | // assert: x->_. (y->_ should have been framed away.) 16 | a = x; 17 | c = &b; 18 | } 19 | 20 | // g uses {y,x} 21 | void g() 22 | { 23 | int b = y; 24 | // assert: y->_ * x->_. (z->_ should have been framed away.) 25 | f(); 26 | } 27 | 28 | // h uses {z,y,x} 29 | void h() 30 | { 31 | int c=z; 32 | // assert: z->_ * y->_ * x->_ 33 | g(); 34 | } 35 | 36 | void main() 37 | { 38 | h(); 39 | } 40 | -------------------------------------------------------------------------------- /test/other/icall.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include 4 | 5 | typedef struct _T { 6 | int a; 7 | int b; 8 | int c; 9 | } T; 10 | 11 | // pointer to a T*->int* function. 12 | typedef int* (*FP) (T*); 13 | 14 | int* add_b (T* x) { 15 | return &(x->b); 16 | } 17 | 18 | int* add_c (T* x) { 19 | return &(x->c); 20 | } 21 | 22 | void main() { 23 | T t; 24 | int* x; 25 | int* y; 26 | FP fp; 27 | 28 | fp = &add_b; 29 | x = &(t.a); 30 | y = (*fp)(x); // Even if we write fp(x), cl will coerce this to (*fp)(x). 31 | assert(x != y); 32 | 33 | fp = &add_c; 34 | x = &(t.a); 35 | y = (*fp)(x); 36 | assert(x != y); 37 | } 38 | -------------------------------------------------------------------------------- /test/other/icall_with_global1.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include 4 | 5 | int x; 6 | 7 | int y; 8 | 9 | // pointer to two function types. 10 | typedef int (*FP) (); 11 | typedef void (*FP2) (); 12 | 13 | void add_b () { 14 | x ++; 15 | } 16 | 17 | int add_c () { 18 | return y + 1; 19 | } 20 | 21 | FP fp; 22 | FP2 fp2; 23 | 24 | //Access {fp, y} 25 | //Modifies nothing. 26 | void f() { 27 | int z; 28 | z = (*fp)(); 29 | } 30 | 31 | //Accesses {fp2, x} 32 | //Writes x (if modified globals are not heapified) 33 | void g() { 34 | (*fp2)(); 35 | } 36 | 37 | //Accesses (fp2,fp,x,y,add_c,add_b) 38 | //Writes fp,fp2,x (without heapification of globals) 39 | void main() { 40 | fp = &add_c; 41 | fp2 = &add_b; 42 | 43 | f(); 44 | g(); 45 | } 46 | -------------------------------------------------------------------------------- /test/other/icall_with_global2.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include 4 | 5 | int x; 6 | 7 | int y; 8 | 9 | // pointer to two function types. 10 | typedef void (*FP) (void*); 11 | typedef void (*FP2) (int*); 12 | 13 | void add_b (void * f) { 14 | x ++; 15 | } 16 | 17 | void add_c (int * f) { 18 | y ++; 19 | } 20 | 21 | FP2 fp; 22 | FP fp2; 23 | 24 | //Access {fp, y} 25 | //Writes { y} (without heapification) 26 | void f() { 27 | int z; 28 | (*fp)(&z); 29 | } 30 | 31 | //Accesses {fp2, x} 32 | //Writes x (if modified globals are not heapified) 33 | void g() { 34 | int z; 35 | void * p; 36 | p = (void*) &z; 37 | (*fp2)(p); 38 | } 39 | 40 | //Accesses (fp2,fp,x,y,add_c,add_b) 41 | //Writes fp,fp2,x (without heapification of globals) 42 | void main() { 43 | fp = &add_c; 44 | fp2 = &add_b; 45 | 46 | f(); 47 | g(); 48 | } 49 | -------------------------------------------------------------------------------- /test/other/icall_with_global3.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include 4 | 5 | int x; 6 | 7 | int y; 8 | 9 | // pointer to two function types. 10 | typedef void (*FP) (int*); 11 | typedef void (*FP2) (int*); 12 | 13 | void add_b (int * f) { 14 | x ++; 15 | } 16 | 17 | void add_c (int * f) { 18 | y ++; 19 | } 20 | 21 | FP2 fp; 22 | FP fp2; 23 | 24 | //Access {fp, y} with type approximation also {x} 25 | //Writes { y} (without heapification) 26 | void f() { 27 | int z; 28 | (*fp)(&z); 29 | } 30 | 31 | //Accesses {fp2, x} with type approximation also {y} 32 | //Writes x (if modified globals are not heapified) 33 | void g() { 34 | int z; 35 | (*fp2)(&z); 36 | } 37 | 38 | //Accesses (fp2,fp,x,y,add_c,add_b) 39 | //Writes fp,fp2,x (without heapification of globals) 40 | void main() { 41 | fp = &add_c; 42 | fp2 = &add_b; 43 | 44 | f(); 45 | g(); 46 | } 47 | -------------------------------------------------------------------------------- /test/other/if.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | void main() { 4 | int x, y; 5 | y = 0; 6 | if(x==y) { x = 0; } else { x = 1; } 7 | y = 5; 8 | return; 9 | } 10 | -------------------------------------------------------------------------------- /test/other/if_integer.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Update x->car if n. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | typedef struct cell cell; 10 | struct cell { 11 | int car; 12 | cell* cdr; 13 | }; 14 | 15 | int main() { 16 | int n; 17 | cell *x; 18 | 19 | n = 5; 20 | x = (cell*)malloc(sizeof(cell)); 21 | x->car = 0; 22 | 23 | if (n) { 24 | x->car = x->car + 1; 25 | x->cdr = 0; 26 | } 27 | 28 | assert( x->car == 1 ); 29 | 30 | free(x); 31 | 32 | return 0; 33 | } 34 | -------------------------------------------------------------------------------- /test/other/if_pointer.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Update x->car if x. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | typedef struct cell cell; 10 | struct cell { 11 | int car; 12 | cell* cdr; 13 | }; 14 | 15 | int main() { 16 | cell *x ; 17 | 18 | if (x) { 19 | x->car = x->car * 2 ; 20 | x->cdr = 0; 21 | } 22 | else { 23 | x = (cell*)malloc(sizeof(cell)); 24 | x->car = 0; 25 | } 26 | 27 | return 0; 28 | } 29 | -------------------------------------------------------------------------------- /test/other/ifguard.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | void main() { 6 | int x = 0, y = 0; 7 | if(x==0) { 8 | FAIL_IF(y != x); 9 | return; 10 | } 11 | FAIL ; 12 | return; 13 | } 14 | -------------------------------------------------------------------------------- /test/other/inline_args.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | compare is inlineable. 5 | Check that: 6 | 1. args passed correctly; 7 | 2. result returned correctly; 8 | 3. we continue to the right place. 9 | */ 10 | 11 | #include "slayer.h" 12 | 13 | int a, b, c, d, e, f; 14 | 15 | 16 | void* compare (void* x, void* y, void* z) 17 | { 18 | void* result; 19 | 20 | if (x==y) goto xy_eq; 21 | else if (y==z) goto yz_eq; 22 | else goto no_eq; 23 | 24 | xy_eq: result=&a; return result; 25 | 26 | yz_eq: result=&b; return result; 27 | 28 | no_eq: result=&c; return result; 29 | } 30 | 31 | void main() 32 | { 33 | int *x, *y, *z; 34 | void* result; 35 | 36 | x=&d; y=&d; z=&f; 37 | result = compare (x,y,z); 38 | if (result != &a) FAIL; 39 | 40 | x=&d; y=&e; z=&e; 41 | result = compare (x,y,z); 42 | if (result != &b) FAIL; 43 | 44 | x=&d; y=&e; z=&f; 45 | result = compare (x,y,z); 46 | if (result != &c) FAIL; 47 | } 48 | -------------------------------------------------------------------------------- /test/other/mainret.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | int main() { 4 | return -1; 5 | } 6 | -------------------------------------------------------------------------------- /test/other/malloc.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | int main() { 6 | int *x = (int*)malloc(sizeof(int)); 7 | int *y = (int*)malloc(sizeof(int)); 8 | *x = 42; 9 | *y = 13; 10 | } 11 | -------------------------------------------------------------------------------- /test/other/malloc_free.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | int main() { 6 | int *x = (int*)malloc(sizeof(int)); 7 | int *y = (int*)malloc(sizeof(int)); 8 | *x = 42; 9 | free(x); 10 | *y = 13; 11 | free(y); 12 | } 13 | -------------------------------------------------------------------------------- /test/other/malloc_free_struct.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct cell cell; 6 | struct cell { 7 | int car; 8 | cell* cdr; 9 | }; 10 | 11 | int main() { 12 | cell *x = (cell*)malloc(sizeof(cell)); 13 | x->car = 42; 14 | x->cdr = 0; 15 | free(x); 16 | } 17 | -------------------------------------------------------------------------------- /test/other/malloc_struct.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct cell cell; 6 | struct cell { 7 | int car; 8 | cell* cdr; 9 | }; 10 | 11 | int main() { 12 | cell *x = (cell*)malloc(sizeof(cell)); 13 | x->car = 42; 14 | x->cdr = 0; 15 | } 16 | -------------------------------------------------------------------------------- /test/other/multireturn.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | int f() { 4 | int x, y; 5 | x = 0; 6 | if(x==y) return 0; 7 | x = 4; 8 | y = x; 9 | return 1; 10 | } 11 | 12 | int main() { 13 | f(); 14 | } 15 | -------------------------------------------------------------------------------- /test/other/nested_struct.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _cell { 6 | int car; 7 | struct _cell* cdr; 8 | struct foo { 9 | int bar; 10 | } baz; 11 | } cell; 12 | 13 | void main() { 14 | cell* x = (cell*)malloc(sizeof(cell)); 15 | cell y; 16 | (*x).car = 1; 17 | y.car = 2; 18 | y.baz.bar = 42; 19 | (*x).baz.bar = 21; 20 | return; 21 | } 22 | -------------------------------------------------------------------------------- /test/other/pointer_subtraction.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | main() { 4 | long *a; 5 | long *b; 6 | long *c; 7 | c = a - b; 8 | } 9 | -------------------------------------------------------------------------------- /test/other/reachable_globals.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | struct list 6 | { 7 | int data; 8 | struct list * next; 9 | }; 10 | 11 | struct list* l; 12 | struct list* m; 13 | 14 | // {l,c0,c1,c2} should be in f's footprint. 15 | // m shouldn't be. 16 | void f() 17 | { 18 | struct list *x = l; 19 | } 20 | 21 | void main() 22 | { 23 | struct list *c0, *c1, *c2; 24 | 25 | m = (struct list*) malloc(sizeof(struct list)); 26 | 27 | c2 = (struct list*) malloc(sizeof(struct list)); 28 | c2->data = 2; 29 | c2->next = (struct list *)NULL; 30 | 31 | c1 = (struct list*) malloc(sizeof(struct list)); 32 | c1->data = 1; 33 | c1->next = c2; 34 | 35 | c0 = (struct list*) malloc(sizeof(struct list)); 36 | c0->data = 0; 37 | c0->next = c1; 38 | 39 | // loc: c0 c1 c2 40 | // content: (0,c1) (1,c2) (2,NULL) 41 | l = c0; 42 | f(); 43 | } 44 | -------------------------------------------------------------------------------- /test/other/rep_3_f_int_star.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | int * f() { 4 | return malloc(sizeof(int)); 5 | } 6 | 7 | void main(void) { 8 | int * x, * x1, * x2; 9 | 10 | x = f(); 11 | x1 = f(); 12 | x1 = f(); 13 | 14 | free(x); 15 | } 16 | -------------------------------------------------------------------------------- /test/other/rep_4_f_int_star.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | int * f() { 4 | return malloc(sizeof(int)); 5 | } 6 | 7 | void main(void) { 8 | int * x, * x1, * x2; 9 | 10 | x = f(); 11 | x1 = f(); 12 | x1 = f(); 13 | x1 = f(); 14 | 15 | free(x); 16 | } 17 | -------------------------------------------------------------------------------- /test/other/rep_4_f_void_star.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | void * f(int size) { 4 | return malloc(size); 5 | } 6 | 7 | void main(void) { 8 | void * x, * x1, * x2; 9 | 10 | x = f(8); 11 | x1 = f(8); 12 | x1 = f(8); 13 | x1 = f(8); 14 | 15 | free(x); 16 | } 17 | -------------------------------------------------------------------------------- /test/other/return.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | int a; 6 | 7 | int* f(int* x) { 8 | return x; 9 | } 10 | 11 | void main() { 12 | int* x; 13 | x = f(&a); 14 | assert(x == &a); 15 | } 16 | -------------------------------------------------------------------------------- /test/other/return_struct.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | typedef struct _S { 4 | int a; 5 | int b; 6 | } S; 7 | 8 | S f() { 9 | S t; 10 | return t; 11 | } 12 | 13 | main() { 14 | S s; 15 | s = f(); 16 | } 17 | -------------------------------------------------------------------------------- /test/other/sized_array_simple.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Declare a fixed size array. 5 | */ 6 | 7 | void f(int x) 8 | { 9 | int i; 10 | int a[10]; 11 | for (i=0; i<10; i++) 12 | a[i] = x + i; 13 | } 14 | 15 | 16 | void main() 17 | { 18 | int x = 42; 19 | f(x); 20 | } 21 | -------------------------------------------------------------------------------- /test/other/store_to_0x0.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Frontend elides stores to a constant address. 5 | */ 6 | 7 | int main() { 8 | int x; 9 | x = *(int*)0; // x = [0], but fe translates to x=0; 10 | *(int*)0 = x; // [0] = x , but fe elides completely. 11 | } 12 | -------------------------------------------------------------------------------- /test/other/store_to_0x0_fix.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Frontend elides stores to a constant address. Fix. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | int main() { 10 | FAIL; 11 | } 12 | -------------------------------------------------------------------------------- /test/other/straightline.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | void main() { 4 | int x, y; 5 | x = 0; 6 | y = x; 7 | return; 8 | } 9 | -------------------------------------------------------------------------------- /test/other/struct.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _cell { 6 | int car; 7 | struct _cell* cdr; 8 | } cell; 9 | 10 | void main() { 11 | cell* x = (cell*)malloc(sizeof(cell)); 12 | cell y; 13 | (*x).car = 1; 14 | y.car = 2; 15 | return; 16 | } 17 | -------------------------------------------------------------------------------- /test/other/struct_all.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _cell { 6 | int car; 7 | struct _cell* cdr; 8 | } cell; 9 | 10 | int main() { 11 | int y, *z; 12 | cell v, *x, *w, **u; 13 | y = 3; 14 | z = (int*)malloc(sizeof(int)); 15 | *z = 5; 16 | y = *z; 17 | free(z); 18 | z = &y; 19 | *z = 0; 20 | if(y!=*z) FAIL; 21 | v.car = 53; 22 | v.cdr = 0; 23 | z = &v.car; 24 | x = (cell*)malloc(sizeof(cell)); 25 | (*x).car = 42; 26 | (*x).cdr = 0; 27 | y = (*x).car; 28 | w = (*x).cdr; 29 | z = &(*x).car; 30 | u = &(*x).cdr; 31 | free(x); 32 | free(malloc(sizeof(int))); 33 | } 34 | -------------------------------------------------------------------------------- /test/other/struct_argument.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | typedef struct _PA { 4 | int i; 5 | } PHYSICAL_ADDRESS; 6 | 7 | typedef struct _S { 8 | struct { 9 | PHYSICAL_ADDRESS f; 10 | } t; 11 | } S, *PS; 12 | 13 | func(PHYSICAL_ADDRESS p) { 14 | p.i = 10; 15 | } 16 | 17 | func2(S s) { 18 | s.t.f.i = 10; 19 | } 20 | 21 | main() { 22 | S s; 23 | PS d; 24 | d = (PS)malloc(sizeof(S)); 25 | func(d->t.f); 26 | s = *d; 27 | func2(s); 28 | } 29 | -------------------------------------------------------------------------------- /test/other/struct_argument_cl_fail.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | typedef struct _PA { 4 | int i; 5 | } PHYSICAL_ADDRESS; 6 | 7 | typedef struct { 8 | struct { 9 | PHYSICAL_ADDRESS f; 10 | } t; 11 | } S, *PS; 12 | 13 | func(PHYSICAL_ADDRESS p) { 14 | p.i = 10; 15 | } 16 | 17 | func2(S s) { 18 | s.t.f.i = 10; 19 | } 20 | 21 | main() { 22 | PS d; 23 | d = (PS)malloc(sizeof(S)); 24 | func(d->t.f); 25 | func2((S)*d); 26 | } 27 | -------------------------------------------------------------------------------- /test/other/struct_argument_esp_fail.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | typedef struct _PA { 4 | int i; 5 | } PHYSICAL_ADDRESS; 6 | 7 | typedef struct { 8 | struct { 9 | PHYSICAL_ADDRESS f; 10 | } t; 11 | } S, *PS; 12 | 13 | func(PHYSICAL_ADDRESS p) { 14 | p.i = 10; 15 | } 16 | 17 | func2(S s) { 18 | s.t.f.i = 10; 19 | } 20 | 21 | main() { 22 | PS d; 23 | d = (PS)malloc(sizeof(S)); 24 | func(d->t.f); 25 | func2(*d); 26 | } 27 | -------------------------------------------------------------------------------- /test/other/struct_array_copy.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | typedef struct _S { 4 | int x; 5 | int arr[30]; 6 | } S, *PS; 7 | 8 | void 9 | main() { 10 | S s; 11 | s = s; 12 | } 13 | -------------------------------------------------------------------------------- /test/other/struct_assign_1.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _cell { 6 | int car; 7 | } cell; 8 | 9 | /* 10 | Check that copy assignment is implemented when assigning a 11 | local struct into another local struct. 12 | */ 13 | int main() { 14 | cell v, x; 15 | 16 | v.car = 5; 17 | 18 | x = v; 19 | 20 | v.car = 6; 21 | 22 | assert(x.car==5); 23 | 24 | } 25 | -------------------------------------------------------------------------------- /test/other/struct_assign_2.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _cell { 6 | int car; 7 | } cell; 8 | 9 | /* 10 | Check that copy assignment is implemented when assigning a 11 | local struct into an allocated struct. 12 | */ 13 | int main() { 14 | cell v, *x; 15 | x = malloc(sizeof(cell)); 16 | 17 | v.car = 5; 18 | 19 | *x = v; 20 | 21 | v.car = 6; 22 | 23 | assert(x->car==5); 24 | 25 | free(x); 26 | } 27 | -------------------------------------------------------------------------------- /test/other/struct_assign_3.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _cell { 6 | int car; 7 | } cell; 8 | 9 | /* 10 | Check that copy assignment is implemented when assigning an 11 | allocated struct into a local struct. 12 | */ 13 | int main() { 14 | cell v, *x; 15 | x = malloc(sizeof(cell)); 16 | 17 | x->car = 5; 18 | 19 | v = *x; 20 | 21 | x->car = 6; 22 | 23 | assert(v.car==5); 24 | 25 | free(x); 26 | } 27 | -------------------------------------------------------------------------------- /test/other/struct_assign_4.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _cell { 6 | int car; 7 | } cell; 8 | 9 | /* 10 | Check that copy assignment is implemented when assigning an 11 | allocated struct into a local struct. 12 | */ 13 | int main() { 14 | cell v, x, y; 15 | 16 | x.car = 5; 17 | 18 | y = v = x; 19 | 20 | x.car = 6; 21 | 22 | assert(y.car==5); 23 | 24 | 25 | } 26 | -------------------------------------------------------------------------------- /test/other/struct_assign_5.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | typedef struct _inner_cell { 6 | int car; 7 | } inner_cell; 8 | 9 | typedef struct _cell { 10 | inner_cell car; 11 | } cell; 12 | 13 | /* 14 | Check that copy assignment is implemented when assigning an 15 | allocated struct into a local struct. 16 | */ 17 | int main() { 18 | cell v, x; 19 | 20 | x.car.car = 5; 21 | 22 | v = x; 23 | 24 | x.car.car = 6; 25 | 26 | assert(v.car.car==5); 27 | 28 | 29 | } 30 | -------------------------------------------------------------------------------- /test/other/struct_field.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Assign into struct fields. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | typedef struct _val { 10 | void * foo; 11 | } val ; 12 | 13 | int main () 14 | { 15 | val * y = (val *)malloc(sizeof(val)); 16 | val * z = (val *)malloc(sizeof(val)); 17 | int x; 18 | y->foo = &x; 19 | z->foo = y->foo; 20 | FAIL_IF(&x != z->foo); 21 | } 22 | -------------------------------------------------------------------------------- /test/other/struct_init.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Declare and initialize a struct. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | int a, b; 10 | 11 | struct pair 12 | { 13 | void* fst; 14 | void* snd; 15 | }; 16 | 17 | // XX initialization 18 | struct pair XX = {&a, &b}; 19 | 20 | void main() 21 | { 22 | // xx initialization 23 | struct pair xx = {&b, &a}; 24 | 25 | if (! ((XX.fst == &a) && (XX.snd == &b))) { FAIL; } 26 | 27 | if (! ((xx.fst == &b) && (xx.snd == &a))) { FAIL; } 28 | 29 | } 30 | 31 | -------------------------------------------------------------------------------- /test/other/struct_local.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | typedef struct _S { 4 | int f; 5 | } S; 6 | 7 | 8 | main() { 9 | S s; 10 | 11 | } 12 | -------------------------------------------------------------------------------- /test/other/struct_pass.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | typedef struct _S { 4 | int a; 5 | int b; 6 | } S; 7 | 8 | void f(S x) { 9 | x.b = 1; 10 | } 11 | 12 | main() { 13 | S s; 14 | s.b = 0; 15 | f(s); 16 | assert(s.b == 0); 17 | } 18 | -------------------------------------------------------------------------------- /test/other/switch.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | */ 5 | #include "slayer.h" 6 | 7 | void main() 8 | { 9 | int y = 0; 10 | int x; 11 | switch (x) { 12 | case 0: 13 | y = y + 0; 14 | break; 15 | case 1: 16 | y = y + 1; 17 | break; 18 | case 2: 19 | y = y + 2; 20 | // fall-through 21 | default: 22 | y = y * 10; 23 | break; 24 | } 25 | 26 | assert( x == 0 ? y == 0 : 27 | x == 1 ? y == 1 : 28 | x == 2 ? y == 20 : y == 0 ); 29 | 30 | } 31 | -------------------------------------------------------------------------------- /test/other/track_global_frees.c: -------------------------------------------------------------------------------- 1 | 2 | #define TRUE (1==1) 3 | #define FALSE (1==0) 4 | 5 | int *p; 6 | int *q; 7 | int freed_p = FALSE; 8 | int freed_q = FALSE; 9 | 10 | void delete(int* obj) 11 | { 12 | if (obj == p) { freed_p = TRUE; } 13 | if (obj == q) { freed_q = TRUE; } 14 | free(obj); 15 | } 16 | 17 | void main() 18 | { 19 | int x ; 20 | 21 | p = malloc(sizeof(int)); 22 | *p = 2; 23 | 24 | q = malloc(sizeof(int)); 25 | *q = 2; 26 | 27 | if (x) { 28 | delete(p); 29 | } else { 30 | delete(q); 31 | } 32 | 33 | if (freed_p == FALSE) { free(p); } 34 | if (freed_q == FALSE) { free(q); } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /test/other/two_elt_array_fptr.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | A table of function pointers. 5 | 6 | slam seems to do a sound abstraction for this program: PA tells it that 7 | fun_tbl[] = {f,g}, so whenever fun_tbl[_]() is called, a non-det choice is 8 | made between f() and g(). 9 | */ 10 | 11 | #include 12 | 13 | int f (int x) 14 | { 15 | return x+1; 16 | } 17 | 18 | int g (int x) 19 | { 20 | return x+10; 21 | } 22 | 23 | // pointer to a int->int function. 24 | typedef int (*FP) (int); 25 | 26 | 27 | void main() 28 | { 29 | int x, y; 30 | FP fun_tbl[2]; 31 | 32 | fun_tbl[0] = f; 33 | fun_tbl[1] = g; 34 | 35 | x = 0; 36 | y = fun_tbl[0](x); 37 | if (y == 0) FAIL; 38 | 39 | x = 0; 40 | y = fun_tbl[1](x); 41 | if (y == 0) FAIL; 42 | 43 | return; 44 | } 45 | -------------------------------------------------------------------------------- /test/other/two_elt_array_global.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | A is heapified because it's a global. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | int A[2]; 10 | 11 | main () 12 | { 13 | A[0] = 0; 14 | 1[A] = 1; 15 | } 16 | -------------------------------------------------------------------------------- /test/other/two_elt_array_local.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "slayer.h" 4 | 5 | main () 6 | { 7 | int A[2]; 8 | 9 | A[0] = 0; 10 | 1[A] = 1; 11 | } 12 | -------------------------------------------------------------------------------- /test/other/update_global_var.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Update global var in various ways. 5 | A testcase for PS#211, where x=nondet() was being translated as Mov(x,*), 6 | rather than Store(x,*). 7 | This program should be SAFE. 8 | */ 9 | 10 | #include 11 | 12 | int f(int x) 13 | { 14 | return x; 15 | } 16 | 17 | 18 | int f_cantinline_me(int x) 19 | { 20 | int i, y = 0; 21 | for (y=0; y<5; y++) { i++; } 22 | return x; 23 | 24 | } 25 | 26 | int x ; 27 | 28 | void main() { 29 | int y ; 30 | 31 | x = 0; 32 | assert(x == 0); 33 | 34 | x = f(0); 35 | assert(x == 0); 36 | 37 | x = f_cantinline_me(0); 38 | assert(x == 0); 39 | 40 | x = nondet(); 41 | y = x ; 42 | assert(x == y); 43 | 44 | return; 45 | } 46 | -------------------------------------------------------------------------------- /test/other/while.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | void main() { 4 | int x, y; 5 | y = 0; 6 | while(x!=y) { x = 0; } 7 | return; 8 | } 9 | -------------------------------------------------------------------------------- /test/other/while2loads.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | A while loop whose test loads from two memory locations. 5 | */ 6 | 7 | #include "slayer.h" 8 | 9 | void main() 10 | { 11 | 12 | int *p; 13 | int *q; 14 | p = (int*) malloc(sizeof(int)); 15 | q = (int*) malloc(sizeof(int)); 16 | *p = 10; 17 | *q = 0; 18 | 19 | while (*p != *q) (*q)++; 20 | 21 | if (*p != *q) FAIL; 22 | } 23 | -------------------------------------------------------------------------------- /test/other/writer_reader.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | 5 | +-------+ 6 | writer ---> |mailbox| ---> reader 7 | +-------+ 8 | 9 | writer tells reader of mailbox via channel. 10 | 11 | mailbox should be in writer's local-heap. 12 | It should also be in reader's local-heap: if we take account of expr equality when 13 | calculating reachability. 14 | 15 | This program should be SAFE: reader should not have mailbox framed-away. 16 | */ 17 | 18 | int mailbox; 19 | int lock = 0; 20 | 21 | void writer(int** channel) 22 | { 23 | lock = 1; 24 | mailbox = 1; 25 | *channel = &mailbox; 26 | lock = 0; 27 | } 28 | 29 | // mailbox \in footprint. 30 | void reader(int* channel) 31 | { 32 | int x; 33 | lock = 1; 34 | x = *channel; 35 | lock = 0; 36 | } 37 | 38 | void main() 39 | { 40 | int* channel; 41 | 42 | writer(&channel); 43 | // assert ( (channel == &mailbox) && (mailbox == 1) ) 44 | reader(channel); 45 | } 46 | -------------------------------------------------------------------------------- /test/sll/append.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void append(PSLL_ENTRY* z, PSLL_ENTRY y) { 6 | while(*z != NULL) { 7 | z = &(*z)->Flink; 8 | } 9 | *z = y; 10 | } 11 | 12 | void main() { 13 | PSLL_ENTRY x, y; 14 | x = SLL_create(nondet()); 15 | y = SLL_create(nondet()); 16 | append(&x, y); 17 | SLL_destroy(x); 18 | } 19 | -------------------------------------------------------------------------------- /test/sll/append_fs.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void append(PSLL_ENTRY *a, PSLL_ENTRY y) { 6 | PSLL_ENTRY *z = a; 7 | 8 | while(*z != NULL) { 9 | z = &(*z)->Flink; 10 | } 11 | *z = y; 12 | } 13 | 14 | void main() { 15 | PSLL_ENTRY x, x1, x2, x3, y, y1, y2; 16 | x3 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x3->Flink = NULL; 17 | x2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x2->Flink = x3; 18 | x1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x1->Flink = x2; 19 | x = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x->Flink = x1; 20 | y2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y2->Flink = NULL; 21 | y1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y1->Flink = y2; 22 | y = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y->Flink = y1; 23 | append(&x, y); 24 | SLL_destroy(x); 25 | } 26 | -------------------------------------------------------------------------------- /test/sll/append_ret.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY append(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | PSLL_ENTRY t, n, r; 7 | if (x != NULL) { 8 | t = x; 9 | n = x->Flink; 10 | while (n != NULL) { 11 | t = n; 12 | n = n->Flink; 13 | } 14 | t->Flink = y; 15 | return x; 16 | } else { 17 | return y; 18 | } 19 | } 20 | 21 | void main() { 22 | PSLL_ENTRY x, y; 23 | x = SLL_create(nondet()); 24 | y = SLL_create(nondet()); 25 | x = append(x, y); 26 | SLL_destroy(x); 27 | } 28 | -------------------------------------------------------------------------------- /test/sll/append_ret_fs.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY append(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | PSLL_ENTRY t, n, r; 7 | if (x != NULL) { 8 | t = x; 9 | n = x->Flink; 10 | while (n != NULL) { 11 | t = n; 12 | n = n->Flink; 13 | } 14 | t->Flink = y; 15 | return x; 16 | } else { 17 | return y; 18 | } 19 | } 20 | 21 | void main() { 22 | PSLL_ENTRY x, x1, x2, x3, y, y1, y2; 23 | x3 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x3->Flink = NULL; 24 | x2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x2->Flink = x3; 25 | x1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x1->Flink = x2; 26 | x = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x->Flink = x1; 27 | y2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y2->Flink = NULL; 28 | y1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y1->Flink = y2; 29 | y = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); y->Flink = y1; 30 | x = append(x, y); 31 | SLL_destroy(x); 32 | } 33 | -------------------------------------------------------------------------------- /test/sll/copy.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY copy(PSLL_ENTRY x) { 6 | PSLL_ENTRY y; 7 | SLL_ENTRY* * z = &y; 8 | 9 | while(x != NULL) /* listseg(y,*z) * listseg(-,x) * list(x) */ { 10 | *z = (SLL_ENTRY*)malloc(sizeof(SLL_ENTRY)); 11 | (*z)->Data = x->Data; 12 | z = &(*z)->Flink; 13 | x = x->Flink; 14 | } 15 | *z = NULL; 16 | return y; 17 | } 18 | 19 | void main() { 20 | PSLL_ENTRY x = NULL, y = NULL; 21 | x = SLL_create(nondet()); 22 | y = copy(x); 23 | SLL_destroy(x); 24 | SLL_destroy(y); 25 | } 26 | -------------------------------------------------------------------------------- /test/sll/copy_leak.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY copy(PSLL_ENTRY a) { 6 | PSLL_ENTRY y, x = a; 7 | SLL_ENTRY* * z = &y; 8 | 9 | while(x != NULL) /* listseg(y,*z) * listseg(-,x) * list(x) */ { 10 | *z = (SLL_ENTRY*)malloc(sizeof(SLL_ENTRY)); 11 | (*z)->Data = x->Data; 12 | z = &(*z)->Flink; 13 | x = x->Flink; 14 | } 15 | *z = NULL; 16 | return y; 17 | } 18 | 19 | void main() { 20 | PSLL_ENTRY x = NULL, y = NULL; 21 | x = SLL_create(nondet()); 22 | y = copy(x); 23 | SLL_destroy(x); 24 | // SLL_destroy(y); 25 | } 26 | -------------------------------------------------------------------------------- /test/sll/create.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create and then leak a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void main(void) { 11 | PSLL_ENTRY head; 12 | 13 | head = SLL_create(nondet()); 14 | } 15 | -------------------------------------------------------------------------------- /test/sll/create_body.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | int i; 7 | PSLL_ENTRY head, tmp; 8 | 9 | head = NULL; 10 | tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 11 | tmp->Flink = head; 12 | head = tmp; 13 | printf_s("created link\n") ; 14 | 15 | return head; 16 | } 17 | 18 | void main(void) { 19 | PSLL_ENTRY x; 20 | 21 | x = create(1); 22 | 23 | free(x); 24 | } 25 | -------------------------------------------------------------------------------- /test/sll/create_fs.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void main() { 6 | PSLL_ENTRY x, x1, x2, x3; 7 | x3 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x3->Flink = NULL; 8 | x2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x2->Flink = x3; 9 | x1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x1->Flink = x2; 10 | x = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x->Flink = x1; 11 | // ls(x,0) holds here. 12 | SLL_destroy(x); 13 | } 14 | -------------------------------------------------------------------------------- /test/sll/create_fs_via_tmps.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void main() { 6 | PSLL_ENTRY x = NULL; 7 | PSLL_ENTRY tmp1, tmp2, tmp3, tmp4, tmp5; 8 | tmp1 = cons(1, x); 9 | x = tmp1; 10 | tmp2 = cons(2, x); 11 | x = tmp2; 12 | tmp3 = cons(3, x); 13 | x = tmp3; 14 | tmp4 = cons(4, x); 15 | x = tmp4; 16 | // ls(x,0) doesn't hold here. 17 | SLL_destroy(x); 18 | } 19 | -------------------------------------------------------------------------------- /test/sll/create_seg.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create and then leak a singly-linked list segment. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void main(void) { 11 | PSLL_ENTRY head, tail; 12 | 13 | head = SLL_create_seg(nondet(), tail); 14 | } 15 | -------------------------------------------------------------------------------- /test/sll/create_via_tmps.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | 6 | void main(void) { 7 | PSLL_ENTRY x= NULL; 8 | int i, len; 9 | for (i=0; iFlink ) { 16 | free(head); 17 | } else { 18 | SLL_destroy_seg(head, tail->Flink); 19 | } 20 | /* tail->Flink may have been in the list, so this may leak a cycle */ 21 | } 22 | -------------------------------------------------------------------------------- /test/sll/filter.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void filter(PSLL_ENTRY *a, int i) { 6 | PSLL_ENTRY t, *z = a; 7 | 8 | while(*z != NULL) 9 | if((*z)->Data == i) { 10 | t = *z; 11 | *z = t->Flink; 12 | free(t); 13 | } else { 14 | z = &(*z)->Flink; 15 | } 16 | } 17 | 18 | void main() { 19 | PSLL_ENTRY x = SLL_create(nondet()); 20 | 21 | print_list(x); printf_s("\n"); 22 | 23 | filter(&x, 1); 24 | 25 | print_list(x); 26 | 27 | SLL_destroy(x); 28 | } 29 | -------------------------------------------------------------------------------- /test/sll/filter_fs.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void filter(PSLL_ENTRY *a, int i) { 6 | PSLL_ENTRY t, *z = a; 7 | 8 | while(*z != NULL) 9 | if((*z)->Data == i) { 10 | t = *z; 11 | *z = t->Flink; 12 | free(t); 13 | } else { 14 | z = &(*z)->Flink; 15 | } 16 | } 17 | 18 | void main() { 19 | PSLL_ENTRY x, x1, x2, x3, x4, x5; 20 | x5 = cons(1, NULL); 21 | x4 = cons(4, x5); 22 | x3 = cons(1, x4); 23 | x2 = cons(3, x3); 24 | x1 = cons(2, x2); 25 | x = cons(1, x1); 26 | print_list(x); printf_s("\n"); 27 | filter(&x, 1); 28 | print_list(x); 29 | SLL_destroy(x); 30 | } 31 | -------------------------------------------------------------------------------- /test/sll/find.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | // advance to first link of x greater than n 6 | void find(PSLL_ENTRY *a, int n) { 7 | PSLL_ENTRY *z = a; 8 | 9 | while(*z != NULL && (*z)->Data <= n) { 10 | z = &(*z)->Flink; 11 | } 12 | *a = *z; 13 | } 14 | 15 | void main() { 16 | PSLL_ENTRY x = NULL, y; 17 | x = cons(4, x); 18 | x = cons(3, x); 19 | x = cons(2, x); 20 | x = cons(1, x); 21 | y = x; 22 | find(&x, 2); 23 | SLL_destroy(y); 24 | } 25 | -------------------------------------------------------------------------------- /test/sll/find_ret.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | // return first link of x greater than n 6 | PSLL_ENTRY find(PSLL_ENTRY x, int n) { 7 | while (x != NULL) { 8 | if (x->Data > n) return x; 9 | x = x->Flink; 10 | } 11 | return NULL; 12 | } 13 | 14 | void main() { 15 | PSLL_ENTRY x = NULL, y = NULL; 16 | x = cons(4, x); 17 | x = cons(3, x); 18 | x = cons(2, x); 19 | x = cons(1, x); 20 | y = find(x, 2); 21 | SLL_destroy(x); 22 | } 23 | -------------------------------------------------------------------------------- /test/sll/heap.h: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include 4 | 5 | /* Note: be able to compile under non-SLAyer circumstances. */ 6 | #ifndef SLAyer 7 | #include 8 | #else 9 | int printf (const char *fmt,...) { return 0; } 10 | int printf_s (const char *fmt,...) { return 0; } 11 | #endif 12 | 13 | typedef struct cell { 14 | int car; 15 | struct cell* cdr; 16 | } cell; 17 | 18 | cell* new() { 19 | cell* x = (cell*)malloc(sizeof(cell)); 20 | assert(x != NULL); 21 | return x; 22 | } 23 | 24 | void print_cell(cell* x) { 25 | printf("%i", x->car); 26 | } 27 | 28 | 29 | -------------------------------------------------------------------------------- /test/sll/insert.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void insert(PSLL_ENTRY *a, PSLL_ENTRY x) { 6 | PSLL_ENTRY *l = a; 7 | 8 | while(*l != NULL && (*l)->Data < x->Data) { 9 | l = &(*l)->Flink; 10 | } 11 | x->Flink = *l; 12 | *l = x; 13 | } 14 | 15 | void main() { 16 | PSLL_ENTRY x = NULL, y = NULL; 17 | x = cons(4, x); 18 | x = cons(2, x); 19 | x = cons(1, x); 20 | insert(&x, cons(3, y)); 21 | SLL_destroy(x); 22 | } 23 | -------------------------------------------------------------------------------- /test/sll/insert_ret.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY insert(PSLL_ENTRY l, PSLL_ENTRY x) { 6 | PSLL_ENTRY elem, prev; 7 | elem = l; 8 | prev = NULL; 9 | while (elem != NULL) { 10 | if (elem->Data >= x->Data) { 11 | x->Flink = elem; 12 | if (prev == NULL) return x; 13 | prev->Flink = x; 14 | return l; 15 | } 16 | prev = elem; 17 | elem = elem->Flink; 18 | } 19 | x->Flink = elem; 20 | if (prev == NULL) return x; 21 | prev->Flink = x; 22 | return l; 23 | } 24 | 25 | void main() { 26 | PSLL_ENTRY x = NULL, y = NULL; 27 | x = cons(4, x); 28 | x = cons(2, x); 29 | x = cons(1, x); 30 | x = insert(x, cons(3, y)); 31 | SLL_destroy(x); 32 | } 33 | -------------------------------------------------------------------------------- /test/sll/insertion_sort.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY insert(PSLL_ENTRY l, PSLL_ENTRY x) { 6 | PSLL_ENTRY elem, prev; 7 | elem = l; 8 | prev = NULL; 9 | while (elem != NULL) { 10 | if (elem->Data >= x->Data) { 11 | x->Flink = elem; 12 | if (prev == NULL) return x; 13 | prev->Flink = x; 14 | return l; 15 | } 16 | prev = elem; 17 | elem = elem->Flink; 18 | } 19 | x->Flink = elem; 20 | if (prev == NULL) return x; 21 | prev->Flink = x; 22 | return l; 23 | } 24 | 25 | PSLL_ENTRY insertion_sort(PSLL_ENTRY x) { 26 | PSLL_ENTRY h, ret, cand; 27 | h = x; 28 | ret = NULL; 29 | while (h != NULL) { 30 | cand = h; 31 | h = h->Flink; 32 | cand->Flink = NULL; 33 | ret = insert(ret, cand); 34 | } 35 | return ret; 36 | } 37 | 38 | void main() { 39 | PSLL_ENTRY x; 40 | x = SLL_create(17); 41 | x = insertion_sort(x); 42 | SLL_destroy(x); 43 | } 44 | -------------------------------------------------------------------------------- /test/sll/insertion_sort_inlined.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void main() { 6 | PSLL_ENTRY x = NULL, y, c, h, elem, prev; 7 | x = SLL_create(17); 8 | 9 | c = x; 10 | x = NULL; 11 | while (c != NULL) { 12 | y = c; 13 | c = c->Flink; 14 | y->Flink = NULL; 15 | elem = x; 16 | prev = NULL; 17 | while (elem != NULL) { 18 | if (elem->Data >= y->Data) { 19 | y->Flink = elem; 20 | if (prev == NULL) { x = y; goto retn; } 21 | prev->Flink = y; 22 | goto retn; 23 | } 24 | prev = elem; 25 | elem = elem->Flink; 26 | } 27 | y->Flink = elem; 28 | if (prev == NULL) { x = y; goto retn; } 29 | prev->Flink = y; 30 | retn: ; 31 | } 32 | 33 | SLL_destroy(c); 34 | SLL_destroy(x); 35 | } 36 | -------------------------------------------------------------------------------- /test/sll/insertion_sort_inlined_leak.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void main() { 6 | PSLL_ENTRY x = NULL, y, c, h, elem, prev; 7 | x = SLL_create(17); 8 | 9 | c = x; 10 | x = NULL; 11 | while (c != NULL) { 12 | y = c; 13 | c = c->Flink; 14 | y->Flink = NULL; 15 | elem = x; 16 | prev = NULL; 17 | while (elem != NULL) { 18 | if (elem->Data >= y->Data) { 19 | y->Flink = elem; 20 | if (prev == NULL) { x = y; goto retn; } 21 | prev->Flink = y; 22 | goto retn; 23 | } 24 | prev = elem; 25 | elem = elem->Flink; 26 | } 27 | y->Flink = elem; 28 | if (prev == NULL) { x = y; goto retn; } 29 | prev->Flink = y; 30 | retn: ; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /test/sll/print.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | #include "sll.h" 3 | 4 | void main() { 5 | PSLL_ENTRY x = SLL_create(nondet()); 6 | print_list(x); 7 | SLL_destroy(x); 8 | } 9 | -------------------------------------------------------------------------------- /test/sll/print_fs.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void main() { 6 | PSLL_ENTRY x, x1, x2, x3; 7 | x3 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x3->Flink = NULL; 8 | x2 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x2->Flink = x3; 9 | x1 = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x1->Flink = x2; 10 | x = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); x->Flink = x1; 11 | print_list(x); 12 | SLL_destroy(x); 13 | } 14 | -------------------------------------------------------------------------------- /test/sll/remove_ret.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY sll_remove(PSLL_ENTRY l, PSLL_ENTRY x) { 6 | PSLL_ENTRY elem, prev, t; 7 | elem = l; 8 | prev = NULL; 9 | while (elem != NULL) { 10 | if (elem == x) { 11 | if (prev == NULL) { 12 | t = elem->Flink; 13 | free(elem); 14 | return t; 15 | } else { 16 | t = elem->Flink; 17 | prev->Flink = t; 18 | free(elem); 19 | } 20 | return l; 21 | } 22 | prev = elem; 23 | elem = elem->Flink; 24 | } 25 | return l; 26 | } 27 | 28 | void main() { 29 | PSLL_ENTRY x = NULL, y = NULL; 30 | y = cons(3, y); 31 | y = cons(2, y); 32 | x = cons(1, y); 33 | x = sll_remove(x, y); 34 | SLL_destroy(x); 35 | } 36 | -------------------------------------------------------------------------------- /test/sll/reverse.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | /* 11 | Reverse the list pointed to by l. 12 | Implemented by poping off each item of *l into r. 13 | */ 14 | void reverse(PSLL_ENTRY *l) { 15 | PSLL_ENTRY c = *l, r = NULL; 16 | while(c != NULL) { 17 | PSLL_ENTRY t; 18 | t = c; 19 | c = c->Flink; 20 | t->Flink = r; 21 | r = t; 22 | } 23 | *l = r; 24 | } 25 | 26 | void main() { 27 | PSLL_ENTRY head; 28 | 29 | head = SLL_create(nondet()); 30 | 31 | reverse(&head); 32 | 33 | SLL_destroy(head); 34 | } 35 | -------------------------------------------------------------------------------- /test/sll/reverse_div.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | Create, reverse, and then destroy a singly-linked list. 4 | 5 | Similar to reverse.c but may nondeterministically do nothing during 6 | reversal, thereby causing divergence. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse_div(PSLL_ENTRY *l) { 13 | PSLL_ENTRY c = *l, r = NULL; 14 | while(c != NULL) { 15 | if (nondet()) { /* nondeterministically do nothing */ 16 | PSLL_ENTRY t; 17 | t = c; 18 | c = c->Flink; 19 | t->Flink = r; 20 | r = t; 21 | } 22 | } 23 | *l = r; 24 | } 25 | 26 | 27 | void main() { 28 | PSLL_ENTRY head; 29 | 30 | head = SLL_create(nondet()); 31 | 32 | reverse_div(&head); 33 | 34 | SLL_destroy(head); 35 | } 36 | -------------------------------------------------------------------------------- /test/sll/reverse_div2.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then destroy a singly-linked list. 5 | 6 | Similar to reverse.c but may nondeterministically undo one step of reversal 7 | during reversal, thereby causing divergence. 8 | **/ 9 | 10 | #include "sll.h" 11 | 12 | 13 | void reverse_div(PSLL_ENTRY *l) { 14 | PSLL_ENTRY c = *l, r = NULL; 15 | while(c != NULL) { 16 | PSLL_ENTRY t; 17 | t = c; 18 | c = c->Flink; 19 | t->Flink = r; 20 | r = t; 21 | if (nondet() && c!=NULL) { 22 | t = c; 23 | c = c->Flink; 24 | t->Flink = r; 25 | r = t; 26 | } 27 | } 28 | *l = r; 29 | } 30 | 31 | 32 | void main() { 33 | PSLL_ENTRY head; 34 | 35 | head = SLL_create(nondet()); 36 | 37 | reverse_div(&head); 38 | 39 | SLL_destroy(head); 40 | } 41 | -------------------------------------------------------------------------------- /test/sll/reverse_div3.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, attempt to reverse, and then destroy a singly-linked list. 5 | 6 | Similar to reverse.c but sometimes breaks the list, gets lost, and 7 | diverges. All executions that break the list must diverge in 8 | reverse, so this program is still safe. 9 | **/ 10 | 11 | #include "sll.h" 12 | 13 | 14 | void reverse(PSLL_ENTRY *l) { 15 | PSLL_ENTRY c = *l, r = NULL; 16 | while(c != NULL) { 17 | PSLL_ENTRY t; 18 | t = c; 19 | if (c->Data != 5) 20 | c = c->Flink; 21 | t->Flink = r; 22 | r = t; 23 | } 24 | *l = r; 25 | } 26 | 27 | void main() { 28 | PSLL_ENTRY head; 29 | 30 | head = SLL_create(nondet()); 31 | 32 | reverse(&head); 33 | 34 | SLL_destroy(head); 35 | } 36 | -------------------------------------------------------------------------------- /test/sll/reverse_div4.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /** 4 | Create, attempt to reverse, and then leak a singly-linked list. 5 | 6 | Similar to reverse_div3.c but never advances the cursor pointer. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse(PSLL_ENTRY *l) { 13 | PSLL_ENTRY c = *l, r = NULL; 14 | while(c != NULL) { 15 | PSLL_ENTRY t; 16 | t = c; 17 | t->Flink = r; 18 | r = t; 19 | } 20 | *l = r; 21 | } 22 | 23 | void main() { 24 | PSLL_ENTRY head; 25 | 26 | head = SLL_create(nondet()); 27 | 28 | reverse(&head); 29 | 30 | SLL_destroy(head); 31 | } 32 | -------------------------------------------------------------------------------- /test/sll/reverse_div5.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, attempt to reverse, and then destroy a singly-linked list. 5 | 6 | Similar to reverse_div3.c but nondeterministically breaks the list, 7 | so that reverse may terminate with a cyclic list, which destroy 8 | crashes on. 9 | **/ 10 | 11 | #include "sll.h" 12 | 13 | 14 | void reverse(PSLL_ENTRY *l) { 15 | PSLL_ENTRY c = *l, r = NULL; 16 | while(c != NULL) { 17 | PSLL_ENTRY t; 18 | t = c; 19 | if (nondet()) 20 | c = c->Flink; 21 | t->Flink = r; 22 | r = t; 23 | } 24 | *l = r; 25 | } 26 | 27 | void main() { 28 | PSLL_ENTRY head; 29 | 30 | head = SLL_create(nondet()); 31 | 32 | reverse(&head); 33 | 34 | SLL_destroy(head); 35 | } 36 | -------------------------------------------------------------------------------- /test/sll/reverse_leak.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then destroy a singly-linked list. 5 | 6 | Similar to reverse.c but may leak an item. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse(PSLL_ENTRY *l) { 13 | PSLL_ENTRY c = *l, r = NULL; 14 | while(c != NULL) { 15 | PSLL_ENTRY t; 16 | t = c; 17 | c = c->Flink; 18 | if (t->Data != 1) { /* leak t */ 19 | t->Flink = r; 20 | r = t; 21 | } 22 | } 23 | *l = r; 24 | } 25 | 26 | void main() { 27 | PSLL_ENTRY head; 28 | 29 | head = SLL_create(nondet()); 30 | 31 | reverse(&head); 32 | 33 | SLL_destroy(head); 34 | } 35 | -------------------------------------------------------------------------------- /test/sll/reverse_leak2.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then destroy a singly-linked list. 5 | 6 | Similar to reverse_leak.c but chooses leaked item nondeterministically. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse(PSLL_ENTRY *l) { 13 | PSLL_ENTRY c = *l, r = NULL; 14 | while(c != NULL) { 15 | PSLL_ENTRY t; 16 | t = c; 17 | c = c->Flink; 18 | if (nondet()) { /* leak t */ 19 | t->Flink = r; 20 | r = t; 21 | } 22 | } 23 | *l = r; 24 | } 25 | 26 | void main() { 27 | PSLL_ENTRY head; 28 | 29 | head = SLL_create(nondet()); 30 | 31 | reverse(&head); 32 | 33 | SLL_destroy(head); 34 | } 35 | -------------------------------------------------------------------------------- /test/sll/reverse_negative_sublists1.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void reverse_negative_sublists(PSLL_ENTRY *z) { 6 | PSLL_ENTRY t, x, y, *w; 7 | x = *z; 8 | while(x != NULL) { 9 | while(x != NULL && x->Data >= 0) { 10 | z = &(x->Flink); 11 | x = *z; 12 | } 13 | if(x != NULL) { 14 | y = x; 15 | w = &(x->Flink); 16 | do { 17 | t = x; 18 | x = x->Flink; 19 | t->Flink = y; 20 | y = t; 21 | } 22 | while(x != NULL && x->Data < 0); 23 | *w = x; 24 | *z = y; 25 | z = w; 26 | } 27 | else { 28 | *z = NULL; 29 | } 30 | } 31 | } 32 | 33 | void main() { 34 | PSLL_ENTRY x = NULL; 35 | x = SLL_create(nondet()); 36 | reverse_negative_sublists(&x); 37 | SLL_destroy(x); 38 | } 39 | -------------------------------------------------------------------------------- /test/sll/reverse_negative_sublists1_leak.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void reverse_negative_sublists(PSLL_ENTRY *z) { 6 | PSLL_ENTRY t, x, y, *w; 7 | x = *z; 8 | while(x != NULL) { 9 | while(x != NULL && x->Data >= 0) { 10 | z = &(x->Flink); 11 | x = *z; 12 | } 13 | if(x != NULL) { 14 | y = x; 15 | w = &(x->Flink); 16 | while(x != NULL && x->Data < 0) { 17 | t = x; 18 | x = x->Flink; 19 | t->Flink = y; 20 | y = t; 21 | } 22 | *w = x; 23 | *z = y; 24 | z = w; 25 | } 26 | else { 27 | *z = NULL; 28 | } 29 | } 30 | } 31 | 32 | void main() { 33 | PSLL_ENTRY x = NULL; 34 | x = SLL_create(nondet()); 35 | reverse_negative_sublists(&x); 36 | SLL_destroy(x); 37 | } 38 | -------------------------------------------------------------------------------- /test/sll/reverse_negative_sublists1_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void reverse_negative_sublists(PSLL_ENTRY *z) { 6 | PSLL_ENTRY t, x, y, *w; 7 | x = *z; 8 | while(x != NULL) { 9 | while(x != NULL && x->Data >= 0) { 10 | z = &(x->Flink); 11 | x = *z; 12 | } 13 | if(x != NULL) { 14 | y = x; 15 | w = &(x->Flink); 16 | do { 17 | t = x; 18 | x = x->Flink; 19 | t->Flink = y; 20 | y = t; 21 | } 22 | while(x != NULL && x->Data < 0); 23 | *w = x; 24 | *z = y; 25 | } 26 | else { 27 | *z = NULL; 28 | } 29 | } 30 | } 31 | 32 | void main() { 33 | PSLL_ENTRY x = NULL; 34 | x = SLL_create(nondet()); 35 | reverse_negative_sublists(&x); 36 | SLL_destroy(x); 37 | } 38 | -------------------------------------------------------------------------------- /test/sll/reverse_negative_sublists2.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | /* a version that doesn't use pointers into records, call-by-reference, or 6 | conditional assertions */ 7 | PSLL_ENTRY reverse_negative_sublists2(PSLL_ENTRY x) { 8 | PSLL_ENTRY t, y, w, v, z; 9 | v = cons(0,x); 10 | z = v; 11 | while(x != NULL) { 12 | while(x != NULL && x->Data >= 0) { 13 | z = x; 14 | x = x->Flink; 15 | } 16 | if(x != NULL) { 17 | y = w = x; 18 | do { 19 | t = x; 20 | x = x->Flink; 21 | t->Flink = y; 22 | y = t; 23 | } 24 | while(x != NULL && x->Data < 0); 25 | w->Flink = x; 26 | z->Flink = y; 27 | z = w; 28 | } 29 | else { 30 | z->Flink = NULL; 31 | } 32 | } 33 | t = v->Flink; 34 | free(v); 35 | return t; 36 | } 37 | 38 | void main() { 39 | PSLL_ENTRY x = NULL; 40 | x = SLL_create(nondet()); 41 | x = reverse_negative_sublists2(x); 42 | SLL_destroy(x); 43 | } 44 | -------------------------------------------------------------------------------- /test/sll/reverse_negative_sublists2_leak.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | /* a version that doesn't use pointers into records, call-by-reference, or 6 | conditional assertions */ 7 | PSLL_ENTRY reverse_negative_sublists2(PSLL_ENTRY x) { 8 | PSLL_ENTRY t, y, w, v, z; 9 | v = cons(0,x); 10 | z = v; 11 | while(x != NULL) { 12 | while(x != NULL && x->Data >= 0) { 13 | z = x; 14 | x = x->Flink; 15 | } 16 | if(x != NULL) { 17 | y = w = x; 18 | while(x != NULL && x->Data < 0) { 19 | t = x; 20 | x = x->Flink; 21 | t->Flink = y; 22 | y = t; 23 | } 24 | w->Flink = x; 25 | z->Flink = y; 26 | z = w; 27 | } 28 | else { 29 | z->Flink = NULL; 30 | } 31 | } 32 | t = v->Flink; 33 | free(v); 34 | return t; 35 | } 36 | 37 | void main() { 38 | PSLL_ENTRY x = NULL; 39 | x = SLL_create(nondet()); 40 | x = reverse_negative_sublists2(x); 41 | SLL_destroy(x); 42 | } 43 | -------------------------------------------------------------------------------- /test/sll/reverse_negative_sublists2_unsafe.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | /* a version that doesn't use pointers into records, call-by-reference, or 6 | conditional assertions */ 7 | PSLL_ENTRY reverse_negative_sublists2(PSLL_ENTRY x) { 8 | PSLL_ENTRY t, y, w, v, z; 9 | v = cons(0,x); 10 | z = v; 11 | while(x != NULL) { 12 | while(x != NULL && x->Data >= 0) { 13 | z = x; 14 | x = x->Flink; 15 | } 16 | if(x != NULL) { 17 | y = w = x; 18 | do { 19 | t = x; 20 | x = x->Flink; 21 | t->Flink = y; 22 | y = t; 23 | } 24 | while(x != NULL && x->Data < 0); 25 | w->Flink = x; 26 | z->Flink = y; 27 | } 28 | else { 29 | z->Flink = NULL; 30 | } 31 | } 32 | t = v->Flink; 33 | free(v); 34 | return t; 35 | } 36 | 37 | void main() { 38 | PSLL_ENTRY x = NULL; 39 | x = SLL_create(nondet()); 40 | x = reverse_negative_sublists2(x); 41 | SLL_destroy(x); 42 | } 43 | -------------------------------------------------------------------------------- /test/sll/reverse_ret.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY reverse(PSLL_ENTRY a) { 6 | PSLL_ENTRY x = a; 7 | PSLL_ENTRY o, t; 8 | o = NULL; 9 | while (x != NULL) { 10 | t = x->Flink; 11 | x->Flink = o; 12 | o = x; 13 | x = t; 14 | } 15 | return o; 16 | } 17 | 18 | void main() { 19 | PSLL_ENTRY x = NULL, y = NULL; 20 | x = cons(4, x); 21 | x = cons(3, x); 22 | x = cons(2, x); 23 | x = cons(1, x); 24 | x = reverse(x); 25 | SLL_destroy(x); 26 | } 27 | -------------------------------------------------------------------------------- /test/sll/reverse_seg.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then destroy a singly-linked list segment. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void reverse_seg(PSLL_ENTRY *z, SLL_ENTRY *w) { 11 | PSLL_ENTRY t, x = *z, y = w; 12 | while(x != w) { 13 | t = x; 14 | x = x->Flink; 15 | t->Flink = y; 16 | y = t; 17 | } 18 | *z = y; 19 | } 20 | 21 | void main() { 22 | int length; 23 | PSLL_ENTRY head, tail; 24 | 25 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 26 | 27 | head = SLL_create_seg(length, tail); 28 | 29 | reverse_seg(&head, tail); 30 | 31 | SLL_destroy_seg(head, tail); 32 | free(tail); 33 | } 34 | -------------------------------------------------------------------------------- /test/sll/reverse_seg_cyclic.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, reverse, and then leak a singly-linked list segment. 5 | 6 | Similar to reverse_seg.c but the segment might be cyclic or a lasso. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void reverse_seg(PSLL_ENTRY *z, SLL_ENTRY *w) { 13 | PSLL_ENTRY t, x = *z, y = w; 14 | while(x != w) { 15 | t = x; 16 | x = x->Flink; 17 | t->Flink = y; 18 | y = t; 19 | } 20 | *z = y; 21 | } 22 | 23 | void main() { 24 | int length; 25 | PSLL_ENTRY head, tail; 26 | 27 | head = SLL_create_seg(length, tail); 28 | 29 | reverse_seg(&head, tail); 30 | } 31 | -------------------------------------------------------------------------------- /test/sll/splice.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY splice(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | PSLL_ENTRY p, q, t; 7 | p = x; 8 | q = y; 9 | if (p == NULL) return q; 10 | if (q == NULL) return p; 11 | while (1) { 12 | t = q; 13 | q = t->Flink; 14 | t->Flink = p->Flink; 15 | p->Flink = t; 16 | if (p == NULL) return x; 17 | p = t->Flink; 18 | if (q == NULL) return x; 19 | if (p == NULL) { 20 | t->Flink = q; 21 | return x; 22 | } 23 | } 24 | if (p == NULL) 25 | t->Flink = q; 26 | return x; 27 | } 28 | 29 | void main() { 30 | PSLL_ENTRY x, y, z; 31 | x = SLL_create(nondet()); 32 | y = SLL_create(nondet()); 33 | z = splice(x, y); 34 | SLL_destroy(z); 35 | } 36 | -------------------------------------------------------------------------------- /test/sll/splice_fs.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY splice(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | PSLL_ENTRY p, q, t; 7 | p = x; 8 | q = y; 9 | if (p == NULL) return q; 10 | if (q == NULL) return p; 11 | while (1) { 12 | t = q; 13 | q = t->Flink; 14 | t->Flink = p->Flink; 15 | p->Flink = t; 16 | if (p == NULL) return x; 17 | p = t->Flink; 18 | if (q == NULL) return x; 19 | if (p == NULL) { 20 | t->Flink = q; 21 | return x; 22 | } 23 | } 24 | if (p == NULL) 25 | t->Flink = q; 26 | return x; 27 | } 28 | 29 | void main() { 30 | PSLL_ENTRY x, x1, x2, y, y1, y2, y3, z; 31 | x2 = cons(3, NULL); 32 | x1 = cons(2, x2); 33 | x = cons(1, x1); 34 | y3 = cons(7, NULL); 35 | y2 = cons(6, y3); 36 | y1 = cons(5, y2); 37 | y = cons(4, y1); 38 | z = splice(x, y); 39 | SLL_destroy(z); 40 | } 41 | -------------------------------------------------------------------------------- /test/sll/straightline.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create and then leak a singly-linked list of fixed length. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | void main() { 10 | PSLL_ENTRY x = NULL; 11 | x = cons(4, x); 12 | x = cons(3, x); 13 | x = cons(2, x); 14 | x = cons(1, x); 15 | x = cons(4, x); 16 | x = cons(3, x); 17 | x = cons(2, x); 18 | x = cons(1, x); 19 | } 20 | -------------------------------------------------------------------------------- /test/sll/traverse.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse(PSLL_ENTRY head) { 11 | while(head != NULL) { 12 | head = head->Flink ; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head; 18 | 19 | head = SLL_create(nondet()); 20 | traverse(head); 21 | SLL_destroy(head); 22 | } 23 | -------------------------------------------------------------------------------- /test/sll/traverse2.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | 6 | Similar to traverse.c but using a pointer to the Flink field itself instead 7 | of to the struct containing Flink. 8 | **/ 9 | 10 | #include "sll.h" 11 | 12 | 13 | void traverse(PSLL_ENTRY *a) { 14 | PSLL_ENTRY *z = a; 15 | 16 | while(*z != NULL) { 17 | z = &(*z)->Flink; 18 | } 19 | } 20 | 21 | void main(void) { 22 | PSLL_ENTRY head; 23 | 24 | head = SLL_create(nondet()); 25 | traverse(&head); 26 | SLL_destroy(head); 27 | } 28 | -------------------------------------------------------------------------------- /test/sll/traverse3.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | 6 | Similar to traverse.c but only conditionally performs the creation and 7 | traversal. 8 | **/ 9 | 10 | #include "sll.h" 11 | 12 | void traverse(PSLL_ENTRY head) { 13 | PSLL_ENTRY tmp = head; 14 | 15 | while(tmp != NULL) { 16 | tmp = tmp->Flink ; 17 | } 18 | } 19 | 20 | 21 | void main(void) { 22 | PSLL_ENTRY head; 23 | int length; 24 | 25 | if (length == 1000) { 26 | head = SLL_create(length); 27 | traverse(head); 28 | SLL_destroy(head); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /test/sll/traverse4.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | 6 | Similar to traverse3.c but the length variable is global. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void traverse(PSLL_ENTRY head) { 13 | PSLL_ENTRY tmp = head; 14 | 15 | while(tmp != NULL) { 16 | tmp = tmp->Flink ; 17 | } 18 | } 19 | 20 | int length; 21 | 22 | void main(void) { 23 | PSLL_ENTRY head; 24 | 25 | if (length == 1000) { 26 | head = SLL_create(length); 27 | traverse(head); 28 | SLL_destroy(head); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /test/sll/traverse5.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | 6 | Similar to traverse.c but using a temporary variable. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void traverse(PSLL_ENTRY head) { 13 | PSLL_ENTRY tmp = head; 14 | 15 | while(tmp != NULL) { 16 | tmp = tmp->Flink ; 17 | } 18 | } 19 | 20 | void main(void) { 21 | PSLL_ENTRY head; 22 | 23 | head = SLL_create(nondet()); 24 | traverse(head); 25 | SLL_destroy(head); 26 | } 27 | -------------------------------------------------------------------------------- /test/sll/traverse_1lists.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse(PSLL_ENTRY head) { 11 | while(head != NULL) { 12 | head = head->Flink ; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head,head1; 18 | 19 | head = SLL_create(nondet()); 20 | head1 = SLL_create(nondet()); 21 | traverse(head); 22 | SLL_destroy(head); 23 | SLL_destroy(head1); 24 | } 25 | -------------------------------------------------------------------------------- /test/sll/traverse_2lists.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse(PSLL_ENTRY head) { 11 | while(head != NULL) { 12 | head = head->Flink ; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head,head1,head2; 18 | 19 | head = SLL_create(nondet()); 20 | head1 = SLL_create(nondet()); 21 | head2 = SLL_create(nondet()); 22 | traverse(head); 23 | SLL_destroy(head); 24 | SLL_destroy(head1); 25 | SLL_destroy(head2); 26 | } 27 | -------------------------------------------------------------------------------- /test/sll/traverse_3lists.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse(PSLL_ENTRY head) { 11 | while(head != NULL) { 12 | head = head->Flink ; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head,head1,head2,head3; 18 | 19 | head = SLL_create(nondet()); 20 | head1 = SLL_create(nondet()); 21 | head2 = SLL_create(nondet()); 22 | head3 = SLL_create(nondet()); 23 | traverse(head); 24 | SLL_destroy(head); 25 | SLL_destroy(head1); 26 | SLL_destroy(head2); 27 | SLL_destroy(head3); 28 | } 29 | -------------------------------------------------------------------------------- /test/sll/traverse_4lists.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse(PSLL_ENTRY head) { 11 | while(head != NULL) { 12 | head = head->Flink ; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head,head1,head2,head3,head4; 18 | 19 | head = SLL_create(nondet()); 20 | head1 = SLL_create(nondet()); 21 | head2 = SLL_create(nondet()); 22 | head3 = SLL_create(nondet()); 23 | head4 = SLL_create(nondet()); 24 | traverse(head); 25 | SLL_destroy(head); 26 | SLL_destroy(head1); 27 | SLL_destroy(head2); 28 | SLL_destroy(head3); 29 | SLL_destroy(head4); 30 | } 31 | -------------------------------------------------------------------------------- /test/sll/traverse_5lists.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse(PSLL_ENTRY head) { 11 | while(head != NULL) { 12 | head = head->Flink ; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head,head1,head2,head3,head4,head5; 18 | 19 | head = SLL_create(nondet()); 20 | head1 = SLL_create(nondet()); 21 | head2 = SLL_create(nondet()); 22 | head3 = SLL_create(nondet()); 23 | head4 = SLL_create(nondet()); 24 | head5 = SLL_create(nondet()); 25 | traverse(head); 26 | SLL_destroy(head); 27 | SLL_destroy(head1); 28 | SLL_destroy(head2); 29 | SLL_destroy(head3); 30 | SLL_destroy(head4); 31 | SLL_destroy(head5); 32 | } 33 | -------------------------------------------------------------------------------- /test/sll/traverse_seg.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list segment. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | 10 | void traverse_seg(PSLL_ENTRY x, PSLL_ENTRY y) { 11 | while(x != y) { 12 | x = x->Flink; 13 | } 14 | } 15 | 16 | void main(void) { 17 | PSLL_ENTRY head, tail; 18 | 19 | tail = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 20 | 21 | head = SLL_create_seg(nondet(), tail); 22 | 23 | traverse_seg(head, tail); 24 | 25 | SLL_destroy_seg(head, tail); 26 | free(tail); 27 | } 28 | -------------------------------------------------------------------------------- /test/sll/traverse_seg2.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, and then destroy a singly-linked list segment. 5 | 6 | Similar to traverse_seg.c but the segment might by cyclic or a lasso. 7 | **/ 8 | 9 | #include "sll.h" 10 | 11 | 12 | void traverse_seg(PSLL_ENTRY x, PSLL_ENTRY y) { 13 | while(x != y) { 14 | x = x->Flink; 15 | } 16 | } 17 | 18 | void main(void) { 19 | PSLL_ENTRY head, tail; 20 | 21 | head = SLL_create_seg(nondet(), tail); 22 | 23 | traverse_seg(head, tail); 24 | 25 | SLL_destroy_seg(head, tail); 26 | } 27 | -------------------------------------------------------------------------------- /test/sll/traverse_twice.c: -------------------------------------------------------------------------------- 1 | /** 2 | Copyright (c) Microsoft Corporation. All rights reserved. 3 | 4 | Create, traverse, re-traverse, and then destroy a singly-linked list. 5 | **/ 6 | 7 | #include "sll.h" 8 | 9 | void traverse(PSLL_ENTRY head) { 10 | while(head != NULL) { 11 | head = head->Flink; 12 | } 13 | } 14 | 15 | void main(void) { 16 | PSLL_ENTRY head; 17 | 18 | head = SLL_create(nondet()); 19 | traverse(head); 20 | traverse(head); 21 | SLL_destroy(head); 22 | } 23 | -------------------------------------------------------------------------------- /test/sll_rec/append_ret_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY append(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | PSLL_ENTRY r; 7 | 8 | if (x != NULL) { 9 | x->Flink = append(x->Flink, y); 10 | return x; 11 | } else { 12 | return y; 13 | } 14 | } 15 | 16 | void main() { 17 | PSLL_ENTRY x = NULL, y = NULL; 18 | x = cons(4, x); 19 | x = cons(3, x); 20 | x = cons(2, x); 21 | x = cons(1, x); 22 | print_list(x); printf_s("\n"); 23 | y = cons(6, y); 24 | y = cons(1, y); 25 | y = cons(4, y); 26 | x = append(x, y); 27 | print_list(x); 28 | } 29 | -------------------------------------------------------------------------------- /test/sll_rec/create_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | PSLL_ENTRY head, tmp; 7 | 8 | if (0 <= length) { 9 | tmp = create(length - 1); 10 | head = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 11 | head->Flink = tmp; 12 | } else { 13 | head = NULL; 14 | } 15 | return head; 16 | } 17 | 18 | void main(void) { 19 | int length; 20 | PSLL_ENTRY head, tmp; 21 | 22 | length = length % 100; 23 | tmp = head = create(length); 24 | 25 | print_list(head); 26 | } 27 | -------------------------------------------------------------------------------- /test/sll_rec/create_rec2.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* like create_rec.c but using length <= 0 instead of 0 <= length */ 4 | 5 | #include "sll.h" 6 | 7 | PSLL_ENTRY create(int length) { 8 | PSLL_ENTRY head, tmp; 9 | 10 | if (length <= 0) { 11 | head = NULL; 12 | } else { 13 | tmp = create(length - 1); 14 | head = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 15 | head->Flink = tmp; 16 | } 17 | return head; 18 | } 19 | 20 | void main(void) { 21 | int length; 22 | PSLL_ENTRY head, tmp; 23 | 24 | length = length % 100; 25 | tmp = head = create(length); 26 | 27 | print_list(head); 28 | } 29 | -------------------------------------------------------------------------------- /test/sll_rec/create_rec3.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | /* like create_rec.c but allocate the new link before making the recursive 4 | call, so that the frame is unbounded */ 5 | 6 | #include "sll.h" 7 | 8 | PSLL_ENTRY create(int length) { 9 | PSLL_ENTRY head; 10 | 11 | if (0 <= length) { 12 | head = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 13 | head->Flink = create(length - 1); 14 | } else { 15 | head = NULL; 16 | } 17 | return head; 18 | } 19 | 20 | void main(void) { 21 | int length; 22 | PSLL_ENTRY head, tmp; 23 | 24 | length = length % 100; 25 | tmp = head = create(length); 26 | 27 | print_list(head); 28 | } 29 | -------------------------------------------------------------------------------- /test/sll_rec/destroy_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void destroy(PSLL_ENTRY x) { 6 | PSLL_ENTRY t, u; 7 | if (x != NULL) { 8 | t = x; 9 | u = x->Flink; 10 | free(t); 11 | destroy(u); 12 | } 13 | } 14 | 15 | void main() { 16 | PSLL_ENTRY x = NULL; 17 | x = cons(4, x); 18 | x = cons(3, x); 19 | x = cons(2, x); 20 | x = cons(1, x); 21 | destroy(x); 22 | } 23 | -------------------------------------------------------------------------------- /test/sll_rec/find_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | // return first link of x greater than n 6 | PSLL_ENTRY find(PSLL_ENTRY x, int n) { 7 | if (x == NULL) return NULL; 8 | if (x->Data > n) return x; 9 | return find(x->Flink, n); 10 | } 11 | 12 | void main() { 13 | PSLL_ENTRY x = NULL, y = NULL; 14 | x = cons(4, x); 15 | x = cons(3, x); 16 | x = cons(2, x); 17 | x = cons(1, x); 18 | y = find(x, 2); 19 | print_list(y); 20 | } 21 | -------------------------------------------------------------------------------- /test/sll_rec/insert_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void insert(PSLL_ENTRY *l, PSLL_ENTRY x) { 6 | PSLL_ENTRY u; 7 | if(*l == NULL) { 8 | x->Flink = NULL; 9 | *l = x; 10 | } else { 11 | if(x->Data > (*l)->Data) { 12 | u = (*l)->Flink; 13 | insert(&u, x); 14 | (*l)->Flink = u; 15 | } else { 16 | x->Flink = *l; 17 | *l = x; 18 | } 19 | } 20 | } 21 | 22 | void main() { 23 | PSLL_ENTRY x = NULL, y = NULL; 24 | x = cons(4, x); 25 | x = cons(2, x); 26 | x = cons(1, x); 27 | print_list(x); printf_s("\n"); 28 | insert(&x, cons(3, y)); 29 | print_list(x); 30 | } 31 | -------------------------------------------------------------------------------- /test/sll_rec/insert_ret_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY insert(PSLL_ENTRY a, PSLL_ENTRY x) { 6 | PSLL_ENTRY l = a; 7 | 8 | if (l == NULL) { 9 | x->Flink = NULL; 10 | return x; 11 | } else { 12 | if (x->Data > l->Data) { 13 | l->Flink = insert(l->Flink, x); 14 | return l; 15 | } else { 16 | x->Flink = l; 17 | return x; 18 | } 19 | } 20 | return l; 21 | } 22 | 23 | void main() { 24 | PSLL_ENTRY x = NULL, y = NULL; 25 | x = cons(4, x); 26 | x = cons(2, x); 27 | x = cons(1, x); 28 | print_list(x); printf_s("\n"); 29 | x = insert(x, cons(3, y)); 30 | print_list(x); 31 | } 32 | -------------------------------------------------------------------------------- /test/sll_rec/merge_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY merge(PSLL_ENTRY p, PSLL_ENTRY q) { 6 | PSLL_ENTRY r, t; 7 | 8 | if (p == NULL) return q; 9 | if (q == NULL) return p; 10 | if (p->Data <= q->Data) { 11 | r = p->Flink; 12 | t = merge(r, q); 13 | p->Flink = t; 14 | return p; 15 | } else { 16 | r = q->Flink; 17 | t = merge(p, r); 18 | q->Flink = t; 19 | return q; 20 | } 21 | retn: 22 | return r; 23 | } 24 | 25 | void main() { 26 | PSLL_ENTRY x = NULL, y = NULL, z; 27 | x = cons(5, x); 28 | x = cons(3, x); 29 | x = cons(1, x); 30 | y = cons(6, y); 31 | y = cons(4, y); 32 | y = cons(2, y); 33 | print_list(x); printf_s("\n"); 34 | print_list(y); printf_s("\n"); 35 | z = merge(x, y); 36 | print_list(z); 37 | } 38 | -------------------------------------------------------------------------------- /test/sll_rec/merge_rec1.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY merge(PSLL_ENTRY p, PSLL_ENTRY q) { 6 | PSLL_ENTRY r, t, t2, p2, q2; 7 | if (p == NULL) return q; 8 | if (q == NULL) return p; 9 | if (p->Data <= q->Data) { 10 | t = q; 11 | q2 = q->Flink; 12 | p2 = p; 13 | } else { 14 | t = p; 15 | p2 = p->Flink; 16 | q2 = q; 17 | } 18 | t2 = merge(p2,q2); 19 | t->Flink = t2; 20 | return t; 21 | } 22 | 23 | void main() { 24 | PSLL_ENTRY x = NULL, y = NULL, z; 25 | x = cons(5, x); 26 | x = cons(3, x); 27 | x = cons(1, x); 28 | y = cons(6, y); 29 | y = cons(4, y); 30 | y = cons(2, y); 31 | z = merge(x, y); 32 | print_list(z); 33 | } 34 | -------------------------------------------------------------------------------- /test/sll_rec/remove_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | void sll_remove(PSLL_ENTRY *l, PSLL_ENTRY x) { 6 | PSLL_ENTRY t; 7 | if(*l != NULL) { 8 | if(*l == x) { 9 | *l = (*l)->Flink; 10 | free(x); 11 | } else { 12 | t = (*l)->Flink; 13 | sll_remove(&t, x); 14 | (*l)->Flink = t; 15 | } 16 | } 17 | } 18 | 19 | void main() { 20 | PSLL_ENTRY x = NULL, y = NULL; 21 | y = cons(3, y); 22 | y = cons(2, y); 23 | x = cons(1, y); 24 | print_list(x); printf_s("\n"); 25 | sll_remove(&x, y); 26 | print_list(x); 27 | } 28 | -------------------------------------------------------------------------------- /test/sll_rec/remove_ret_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY sll_remove(PSLL_ENTRY a, PSLL_ENTRY x) { 6 | PSLL_ENTRY l = a; 7 | 8 | if (l != NULL) { 9 | if (l == x) { 10 | l = l->Flink; 11 | free(x); 12 | } else { 13 | l->Flink = sll_remove(l->Flink, x); 14 | } 15 | } 16 | return l; 17 | } 18 | 19 | void main() { 20 | PSLL_ENTRY x = NULL, y = NULL; 21 | y = cons(3, y); 22 | y = cons(2, y); 23 | x = cons(1, y); 24 | print_list(x); printf_s("\n"); 25 | x = sll_remove(x, y); 26 | print_list(x); 27 | } 28 | -------------------------------------------------------------------------------- /test/sll_rec/reverse_app_ret_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY append(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | if (x != NULL) { 7 | x->Flink = append(x->Flink, y); 8 | return x; 9 | } else { 10 | return y; 11 | } 12 | } 13 | 14 | /* reverse recursively using append */ 15 | PSLL_ENTRY reverse(PSLL_ENTRY x) { 16 | PSLL_ENTRY xf; 17 | 18 | if (x == NULL) return NULL; 19 | xf = x->Flink; 20 | x->Flink = NULL; 21 | return append(reverse(xf), x); 22 | } 23 | 24 | void main() { 25 | PSLL_ENTRY x = NULL, y = NULL; 26 | x = cons(4, x); 27 | x = cons(3, x); 28 | x = cons(2, x); 29 | x = cons(1, x); 30 | print_list(x); printf_s("\n"); 31 | x = reverse(x); 32 | print_list(x); 33 | } 34 | -------------------------------------------------------------------------------- /test/sll_rec/reverse_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | typedef struct _SLL_ENTRY cell, *list, *listseg; 6 | 7 | list list_reverse_rec_aux(list x, list y) { 8 | if(y == NULL) { 9 | return x; 10 | } else { 11 | list tmp = y->Flink; 12 | y->Flink = x; 13 | return list_reverse_rec_aux(y, tmp); 14 | } 15 | } 16 | 17 | void list_reverse(list *z) { 18 | *z = list_reverse_rec_aux(NULL, *z); 19 | } 20 | 21 | int main() { 22 | list x; 23 | x = cons(1, cons(2, cons(3, NULL))); 24 | list_reverse(&x); 25 | print_list(x); printf_s("\n"); 26 | } 27 | -------------------------------------------------------------------------------- /test/sll_rec/reverse_ret_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY reverse(PSLL_ENTRY a) { 6 | PSLL_ENTRY x = a; 7 | PSLL_ENTRY t, r; 8 | 9 | if (x != NULL) { 10 | t = x->Flink; 11 | if (t != NULL) { 12 | x->Flink = NULL; 13 | r = reverse(t); 14 | t->Flink = x; 15 | return r; 16 | } 17 | } 18 | return x; 19 | } 20 | 21 | void main() { 22 | PSLL_ENTRY x = NULL, y = NULL; 23 | x = cons(4, x); 24 | x = cons(3, x); 25 | x = cons(2, x); 26 | x = cons(1, x); 27 | print_list(x); printf_s("\n"); 28 | x = reverse(x); 29 | print_list(x); 30 | } 31 | -------------------------------------------------------------------------------- /test/sll_rec/splice_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY splice(PSLL_ENTRY x, PSLL_ENTRY y) { 6 | PSLL_ENTRY t; 7 | 8 | t = y; 9 | if (x != NULL) { 10 | x->Flink = splice(y, x->Flink); 11 | t = x; 12 | } 13 | return t; 14 | } 15 | 16 | void main() { 17 | PSLL_ENTRY x = NULL, y = NULL, z; 18 | x = cons(3, x); 19 | x = cons(2, x); 20 | x = cons(1, x); 21 | y = cons(7, y); 22 | y = cons(6, y); 23 | y = cons(5, y); 24 | y = cons(4, y); 25 | print_list(x); printf_s("\n"); 26 | print_list(y); printf_s("\n"); 27 | z = splice(x, y); 28 | print_list(z); 29 | } 30 | -------------------------------------------------------------------------------- /test/sll_rec/split.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY split(PSLL_ENTRY p) { 6 | PSLL_ENTRY t1, t3; 7 | if (p == NULL) return NULL; 8 | t1 = p->Flink; 9 | if (t1 == NULL) return NULL; 10 | t3 = split(t1->Flink); 11 | p->Flink = t1->Flink; 12 | t1->Flink = t3; 13 | return t1; 14 | } 15 | 16 | void main() { 17 | PSLL_ENTRY x = NULL, y; 18 | x = cons(6, x); 19 | x = cons(4, x); 20 | x = cons(2, x); 21 | x = cons(5, x); 22 | x = cons(3, x); 23 | x = cons(1, x); 24 | print_list(x); printf_s("\n"); 25 | y = split(x); 26 | print_list(x); printf_s("\n"); 27 | print_list(y); 28 | } 29 | -------------------------------------------------------------------------------- /test/sll_rec/traverse_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | int i; 7 | PSLL_ENTRY head, tmp; 8 | 9 | head = NULL; 10 | for(i = 0; i < length; i++) { 11 | tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 12 | tmp->Flink = head; 13 | head = tmp; 14 | } 15 | 16 | return head; 17 | } 18 | 19 | void traverse(PSLL_ENTRY x) { 20 | if(x != NULL) { 21 | traverse(x->Flink); 22 | } 23 | } 24 | 25 | void main(void) { 26 | int length; 27 | PSLL_ENTRY head; 28 | 29 | length = length % 100; 30 | head = create(length); 31 | 32 | traverse(head); 33 | /* traverse(head); */ 34 | 35 | return; 36 | } 37 | -------------------------------------------------------------------------------- /test/sll_rec/traverse_rec_nondet.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | int i; 7 | PSLL_ENTRY head, tmp; 8 | 9 | head = NULL; 10 | for(i = 0; nondet(); i++) { 11 | tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 12 | tmp->Flink = head; 13 | head = tmp; 14 | } 15 | 16 | return head; 17 | } 18 | 19 | void traverse(PSLL_ENTRY x) { 20 | if(x != NULL) { 21 | traverse(x->Flink); 22 | } 23 | } 24 | 25 | void main(void) { 26 | int length; 27 | PSLL_ENTRY head; 28 | 29 | length = length % 100; 30 | head = create(length); 31 | 32 | traverse(head); 33 | /* traverse(head); */ 34 | 35 | return; 36 | } 37 | -------------------------------------------------------------------------------- /test/sll_rec/traverse_seg_rec.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | int i; 7 | PSLL_ENTRY head, tmp; 8 | 9 | head = NULL; 10 | for(i = 0; i < length; i++) { 11 | tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 12 | tmp->Flink = head; 13 | head = tmp; 14 | } 15 | 16 | return head; 17 | } 18 | 19 | void traverse(PSLL_ENTRY a, PSLL_ENTRY y) { 20 | PSLL_ENTRY x = a; 21 | 22 | if(x != y) { 23 | x = x->Flink; 24 | traverse(x, y); 25 | } 26 | } 27 | 28 | void main(void) { 29 | int length; 30 | PSLL_ENTRY head; 31 | 32 | length = length % 100; 33 | head = create(length); 34 | 35 | traverse(head, NULL); 36 | /* traverse(head); */ 37 | 38 | return; 39 | } 40 | -------------------------------------------------------------------------------- /test/sll_rec/traverse_seg_rec_nondet.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | #include "sll.h" 4 | 5 | PSLL_ENTRY create(int length) { 6 | int i; 7 | PSLL_ENTRY head, tmp; 8 | 9 | head = NULL; 10 | for(i = 0; nondet(); i++) { 11 | tmp = (PSLL_ENTRY)malloc(sizeof(SLL_ENTRY)); 12 | tmp->Flink = head; 13 | head = tmp; 14 | } 15 | 16 | return head; 17 | } 18 | 19 | void traverse(PSLL_ENTRY a, PSLL_ENTRY y) { 20 | PSLL_ENTRY x = a; 21 | 22 | if(x != y) { 23 | x = x->Flink; 24 | traverse(x, y); 25 | } 26 | } 27 | 28 | void main(void) { 29 | int length; 30 | PSLL_ENTRY head; 31 | 32 | length = length % 100; 33 | head = create(length); 34 | 35 | traverse(head, NULL); 36 | /* traverse(head); */ 37 | 38 | return; 39 | } 40 | -------------------------------------------------------------------------------- /test/ssa/branch.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | // simple branch 4 | 5 | #include "slayer.h" 6 | 7 | void main() { 8 | int x; 9 | 10 | x = 0; 11 | if (nondet()) { 12 | x = x + 1; 13 | } else { 14 | x = x + 2; 15 | } 16 | x = x + 3; 17 | 18 | } 19 | -------------------------------------------------------------------------------- /test/ssa/dloop.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft Corporation. All rights reserved. */ 2 | 3 | // Two loops using [head] variable 4 | 5 | #include "slayer.h" 6 | 7 | void main() { 8 | int i, j; 9 | int head = 0; 10 | int length = nondet(); 11 | 12 | for (i=0; i