klee
Memory.h
Go to the documentation of this file.
1//===-- Memory.h ------------------------------------------------*- C++ -*-===//
2//
3// The KLEE Symbolic Virtual Machine
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9
10#ifndef KLEE_MEMORY_H
11#define KLEE_MEMORY_H
12
13#include "Context.h"
14#include "TimingSolver.h"
15
16#include "klee/Expr/Expr.h"
17
18#include "llvm/ADT/StringExtras.h"
19
20#include <string>
21#include <vector>
22
23namespace llvm {
24 class Value;
25}
26
27namespace klee {
28
29class ArrayCache;
30class BitArray;
31class ExecutionState;
32class MemoryManager;
33class Solver;
34
35class MemoryObject {
36 friend class STPBuilder;
37 friend class ObjectState;
38 friend class ExecutionState;
39 friend class ref<MemoryObject>;
40 friend class ref<const MemoryObject>;
41
42private:
43 static int counter;
45 mutable class ReferenceCounter _refCount;
46
47public:
48 unsigned id;
49 uint64_t address;
50
52 unsigned size;
53 mutable std::string name;
54
55 bool isLocal;
56 mutable bool isGlobal;
57 bool isFixed;
58
59 bool isUserSpecified;
60
61 MemoryManager *parent;
62
66 const llvm::Value *allocSite;
67
68 // DO NOT IMPLEMENT
69 MemoryObject(const MemoryObject &b);
70 MemoryObject &operator=(const MemoryObject &b);
71
72public:
73 // XXX this is just a temp hack, should be removed
74 explicit
75 MemoryObject(uint64_t _address)
76 : id(counter++),
77 address(_address),
78 size(0),
79 isFixed(true),
80 parent(NULL),
81 allocSite(0) {
82 }
83
84 MemoryObject(uint64_t _address, unsigned _size,
85 bool _isLocal, bool _isGlobal, bool _isFixed,
86 const llvm::Value *_allocSite,
87 MemoryManager *_parent)
88 : id(counter++),
89 address(_address),
90 size(_size),
91 name("unnamed"),
92 isLocal(_isLocal),
93 isGlobal(_isGlobal),
94 isFixed(_isFixed),
95 isUserSpecified(false),
96 parent(_parent),
97 allocSite(_allocSite) {
98 }
99
100 ~MemoryObject();
101
103 void getAllocInfo(std::string &result) const;
104
105 void setName(std::string name) const {
106 this->name = name;
107 }
108
109 ref<ConstantExpr> getBaseExpr() const {
110 return ConstantExpr::create(address, Context::get().getPointerWidth());
111 }
112 ref<ConstantExpr> getSizeExpr() const {
113 return ConstantExpr::create(size, Context::get().getPointerWidth());
114 }
115 ref<Expr> getOffsetExpr(ref<Expr> pointer) const {
116 return SubExpr::create(pointer, getBaseExpr());
117 }
118 ref<Expr> getBoundsCheckPointer(ref<Expr> pointer) const {
119 return getBoundsCheckOffset(getOffsetExpr(pointer));
120 }
121 ref<Expr> getBoundsCheckPointer(ref<Expr> pointer, unsigned bytes) const {
122 return getBoundsCheckOffset(getOffsetExpr(pointer), bytes);
123 }
124
125 ref<Expr> getBoundsCheckOffset(ref<Expr> offset) const {
126 if (size==0) {
127 return EqExpr::create(offset,
128 ConstantExpr::alloc(0, Context::get().getPointerWidth()));
129 } else {
130 return UltExpr::create(offset, getSizeExpr());
131 }
132 }
133 ref<Expr> getBoundsCheckOffset(ref<Expr> offset, unsigned bytes) const {
134 if (bytes<=size) {
135 return UltExpr::create(offset,
136 ConstantExpr::alloc(size - bytes + 1,
137 Context::get().getPointerWidth()));
138 } else {
139 return ConstantExpr::alloc(0, Expr::Bool);
140 }
141 }
142
146 int compare(const MemoryObject &b) const {
147 // Short-cut with id
148 if (id == b.id)
149 return 0;
150 if (address != b.address)
151 return (address < b.address ? -1 : 1);
152
153 if (size != b.size)
154 return (size < b.size ? -1 : 1);
155
156 if (allocSite != b.allocSite)
157 return (allocSite < b.allocSite ? -1 : 1);
158
159 return 0;
160 }
161};
162
163class ObjectState {
164private:
165 friend class AddressSpace;
166 friend class ref<ObjectState>;
167
168 unsigned copyOnWriteOwner; // exclusively for AddressSpace
169
171 class ReferenceCounter _refCount;
172
173 ref<const MemoryObject> object;
174
176 uint8_t *concreteStore;
177
179 BitArray *concreteMask;
180
183 ref<Expr> *knownSymbolics;
184
187 mutable BitArray *unflushedMask;
188
189 // mutable because we may need flush during read of const
190 mutable UpdateList updates;
191
192public:
193 unsigned size;
194
195 bool readOnly;
196
197public:
201 ObjectState(const MemoryObject *mo);
202
205 ObjectState(const MemoryObject *mo, const Array *array);
206
207 ObjectState(const ObjectState &os);
208 ~ObjectState();
209
210 const MemoryObject *getObject() const { return object.get(); }
211
212 void setReadOnly(bool ro) { readOnly = ro; }
213
215 void initializeToZero();
216
218 void initializeToRandom();
219
220 ref<Expr> read(ref<Expr> offset, Expr::Width width) const;
221 ref<Expr> read(unsigned offset, Expr::Width width) const;
222 ref<Expr> read8(unsigned offset) const;
223
224 void write(unsigned offset, ref<Expr> value);
225 void write(ref<Expr> offset, ref<Expr> value);
226
227 void write8(unsigned offset, uint8_t value);
228 void write16(unsigned offset, uint16_t value);
229 void write32(unsigned offset, uint32_t value);
230 void write64(unsigned offset, uint64_t value);
231 void print() const;
232
233 /*
234 Looks at all the symbolic bytes of this object, gets a value for them
235 from the solver and puts them in the concreteStore.
236 */
237 void flushToConcreteStore(TimingSolver *solver,
238 const ExecutionState &state) const;
239
240private:
241 const UpdateList &getUpdates() const;
242
243 void makeConcrete();
244
245 void makeSymbolic();
246
247 ref<Expr> read8(ref<Expr> offset) const;
248 void write8(unsigned offset, ref<Expr> value);
249 void write8(ref<Expr> offset, ref<Expr> value);
250
251 void fastRangeCheckOffset(ref<Expr> offset, unsigned *base_r,
252 unsigned *size_r) const;
253 void flushRangeForRead(unsigned rangeBase, unsigned rangeSize) const;
254 void flushRangeForWrite(unsigned rangeBase, unsigned rangeSize);
255
257 bool isByteConcrete(unsigned offset) const;
258
260 bool isByteKnownSymbolic(unsigned offset) const;
261
263 bool isByteUnflushed(unsigned offset) const;
264
265 void markByteConcrete(unsigned offset);
266 void markByteSymbolic(unsigned offset);
267 void markByteFlushed(unsigned offset);
268 void markByteUnflushed(unsigned offset);
269 void setKnownSymbolic(unsigned offset, Expr *value);
270
271 ArrayCache *getArrayCache() const;
272};
273
274} // End klee namespace
275
276#endif /* KLEE_MEMORY_H */
klee::ArrayCache
Provides an interface for creating and destroying Array objects.
Definition: ArrayCache.h:31
klee::ConstantExpr::create
static ref< ConstantExpr > create(uint64_t v, Width w)
Definition: Expr.h:1079
klee::ConstantExpr::alloc
static ref< ConstantExpr > alloc(const llvm::APInt &v)
Definition: Expr.h:1065
klee::Context::get
static const Context & get()
get - Return the global singleton instance of the Context.
Definition: Context.cpp:30
klee::ExecutionState
ExecutionState representing a path under exploration.
Definition: ExecutionState.h:147
klee::Expr
Class representing symbolic expressions.
Definition: Expr.h:91
klee::Expr::Width
unsigned Width
The type of an expression is simply its width, in bits.
Definition: Expr.h:97
klee::Expr::Bool
static const Width Bool
Definition: Expr.h:100
klee::MemoryObject::setName
void setName(std::string name) const
Definition: Memory.h:105
klee::MemoryObject::_refCount
class ReferenceCounter _refCount
Required by klee::ref-managed objects.
Definition: Memory.h:45
klee::MemoryObject::getBoundsCheckOffset
ref< Expr > getBoundsCheckOffset(ref< Expr > offset) const
Definition: Memory.h:125
klee::MemoryObject::size
unsigned size
size in bytes
Definition: Memory.h:52
klee::MemoryObject::getBoundsCheckOffset
ref< Expr > getBoundsCheckOffset(ref< Expr > offset, unsigned bytes) const
Definition: Memory.h:133
klee::MemoryObject::isUserSpecified
bool isUserSpecified
Definition: Memory.h:59
klee::MemoryObject::getAllocInfo
void getAllocInfo(std::string &result) const
Get an identifying string for this allocation.
Definition: Memory.cpp:52
klee::MemoryObject::MemoryObject
MemoryObject(const MemoryObject &b)
klee::MemoryObject::getBoundsCheckPointer
ref< Expr > getBoundsCheckPointer(ref< Expr > pointer, unsigned bytes) const
Definition: Memory.h:121
klee::MemoryObject::getSizeExpr
ref< ConstantExpr > getSizeExpr() const
Definition: Memory.h:112
klee::MemoryObject::parent
MemoryManager * parent
Definition: Memory.h:61
klee::MemoryObject::compare
int compare(const MemoryObject &b) const
Definition: Memory.h:146
klee::MemoryObject::MemoryObject
MemoryObject(uint64_t _address, unsigned _size, bool _isLocal, bool _isGlobal, bool _isFixed, const llvm::Value *_allocSite, MemoryManager *_parent)
Definition: Memory.h:84
klee::MemoryObject::operator=
MemoryObject & operator=(const MemoryObject &b)
klee::MemoryObject::getBoundsCheckPointer
ref< Expr > getBoundsCheckPointer(ref< Expr > pointer) const
Definition: Memory.h:118
klee::MemoryObject::address
uint64_t address
Definition: Memory.h:49
klee::MemoryObject::getOffsetExpr
ref< Expr > getOffsetExpr(ref< Expr > pointer) const
Definition: Memory.h:115
klee::MemoryObject::allocSite
const llvm::Value * allocSite
Definition: Memory.h:66
klee::MemoryObject::id
unsigned id
Definition: Memory.h:48
klee::MemoryObject::name
std::string name
Definition: Memory.h:53
klee::MemoryObject::counter
static int counter
Definition: Memory.h:43
klee::MemoryObject::getBaseExpr
ref< ConstantExpr > getBaseExpr() const
Definition: Memory.h:109
klee::MemoryObject::MemoryObject
MemoryObject(uint64_t _address)
Definition: Memory.h:75
klee::ObjectState::read8
ref< Expr > read8(unsigned offset) const
Definition: Memory.cpp:364
klee::ObjectState::updates
UpdateList updates
Definition: Memory.h:190
klee::ObjectState::initializeToZero
void initializeToZero()
Make contents all concrete and zero.
Definition: Memory.cpp:233
klee::ObjectState::read
ref< Expr > read(ref< Expr > offset, Expr::Width width) const
Definition: Memory.cpp:434
klee::ObjectState::flushRangeForRead
void flushRangeForRead(unsigned rangeBase, unsigned rangeSize) const
Definition: Memory.cpp:261
klee::ObjectState::markByteConcrete
void markByteConcrete(unsigned offset)
Definition: Memory.cpp:326
klee::ObjectState::write64
void write64(unsigned offset, uint64_t value)
Definition: Memory.cpp:555
klee::ObjectState::object
ref< const MemoryObject > object
Definition: Memory.h:173
klee::ObjectState::write8
void write8(unsigned offset, uint8_t value)
Definition: Memory.cpp:394
klee::ObjectState::unflushedMask
BitArray * unflushedMask
Definition: Memory.h:187
klee::ObjectState::getArrayCache
ArrayCache * getArrayCache() const
Definition: Memory.cpp:137
klee::ObjectState::initializeToRandom
void initializeToRandom()
Make contents all concrete and random.
Definition: Memory.cpp:238
klee::ObjectState::setKnownSymbolic
void setKnownSymbolic(unsigned offset, Expr *value)
Definition: Memory.cpp:350
klee::ObjectState::getUpdates
const UpdateList & getUpdates() const
Definition: Memory.cpp:144
klee::ObjectState::_refCount
class ReferenceCounter _refCount
Required by klee::ref-managed objects.
Definition: Memory.h:171
klee::ObjectState::write16
void write16(unsigned offset, uint16_t value)
Definition: Memory.cpp:539
klee::ObjectState::flushRangeForWrite
void flushRangeForWrite(unsigned rangeBase, unsigned rangeSize)
Definition: Memory.cpp:283
klee::ObjectState::print
void print() const
Definition: Memory.cpp:563
klee::ObjectState::markByteFlushed
void markByteFlushed(unsigned offset)
Definition: Memory.cpp:342
klee::ObjectState::write
void write(unsigned offset, ref< Expr > value)
Definition: Memory.cpp:506
klee::ObjectState::setReadOnly
void setReadOnly(bool ro)
Definition: Memory.h:212
klee::ObjectState::getObject
const MemoryObject * getObject() const
Definition: Memory.h:210
klee::ObjectState::markByteSymbolic
void markByteSymbolic(unsigned offset)
Definition: Memory.cpp:331
klee::ObjectState::markByteUnflushed
void markByteUnflushed(unsigned offset)
Definition: Memory.cpp:337
klee::ObjectState::copyOnWriteOwner
unsigned copyOnWriteOwner
Definition: Memory.h:168
klee::ObjectState::isByteConcrete
bool isByteConcrete(unsigned offset) const
isByteConcrete ==> !isByteKnownSymbolic
Definition: Memory.cpp:314
klee::ObjectState::fastRangeCheckOffset
void fastRangeCheckOffset(ref< Expr > offset, unsigned *base_r, unsigned *size_r) const
Definition: Memory.cpp:254
klee::ObjectState::write32
void write32(unsigned offset, uint32_t value)
Definition: Memory.cpp:547
klee::ObjectState::size
unsigned size
Definition: Memory.h:193
klee::ObjectState::concreteStore
uint8_t * concreteStore
Holds all known concrete bytes.
Definition: Memory.h:176
klee::ObjectState::isByteUnflushed
bool isByteUnflushed(unsigned offset) const
isByteUnflushed(i) => (isByteConcrete(i) || isByteKnownSymbolic(i))
Definition: Memory.cpp:318
klee::ObjectState::ObjectState
ObjectState(const MemoryObject *mo)
Definition: Memory.cpp:76
klee::ObjectState::flushToConcreteStore
void flushToConcreteStore(TimingSolver *solver, const ExecutionState &state) const
Definition: Memory.cpp:195
klee::ObjectState::concreteMask
BitArray * concreteMask
concreteMask[byte] is set if byte is known to be concrete
Definition: Memory.h:179
klee::ObjectState::isByteKnownSymbolic
bool isByteKnownSymbolic(unsigned offset) const
isByteKnownSymbolic ==> !isByteConcrete
Definition: Memory.cpp:322
klee::ObjectState::makeConcrete
void makeConcrete()
Definition: Memory.cpp:212
klee::ObjectState::knownSymbolics
ref< Expr > * knownSymbolics
Definition: Memory.h:183
klee::ObjectState::makeSymbolic
void makeSymbolic()
Definition: Memory.cpp:221
klee::ReferenceCounter
Reference counter to be used as part of a ref-managed struct or class.
Definition: Ref.h:46
klee::UpdateList
Class representing a complete list of updates into an array.
Definition: Expr.h:539
klee::ref
Definition: Ref.h:82
klee
Definition: main.cpp:291