GaloisInc/macaw
1
1
Fork 0
mirror of https://github.com/GaloisInc/macaw.git synced 2024-11-30 05:55:02 +03:00
Code Issues Projects Releases Wiki Activity
c3b8bac579
macaw/macaw-aarch32-symbolic/tests
History
Tristan Ravitch 9ce3d43188
AArch32: Support conditional returns (#243) 
Adds support in macaw-aarch32 for conditional returns. These are not supported in core macaw, and are thus architecture-specific block terminators.

This required changes to the type of arch-specific block terminators. Before, `ArchTermStmt` was only parameterized by a state thread (`ids`).  This meant that they could not contain macaw (or crucible) values.  Some work on. AArch32 requires being able to store condition values in arch terminators (to support conditional returns). This change modifies the `ArchTermStmt` to enable this, which requires a bit of plumbing through various definitions and some extra instances.

In support of actually using this, it also became necessary to plumb fallthrough block labels through the architecture-specific terminator translation in macaw-symbolic.

Note that this change was overdue, as the PowerPC backend was storing macaw values in a way that would have rendered them unusable in the macaw-ppc-symbolic translation, had any interpretation been provided.  These new changes will enable a handler to be written for the conditional PowerPC trap instructions.

PowerPC, x86, and ARM have been updated.

Improves the macaw-aarch32 tests. There is now a command line option to save the generated macaw IR for each
discovered function to /tmp. Note that this reuses some infrastructure from the macaw-symbolic tests. This
shared functionality should be extracted into a macaw-testing library.
2021-11-19 16:20:50 -08:00
..
fail Add a testing framework for macaw-symbolic (#184) 2021-03-01 09:21:44 -08:00
pass AArch32: Support conditional returns (#243) 2021-11-19 16:20:50 -08:00
Main.hs Add optional override for MacawArchStmtExtensions to genArchVals (#230) 2021-09-14 18:24:47 -07:00
README.org Add a testing framework for macaw-symbolic (#184) 2021-03-01 09:21:44 -08:00

README.org

Overview

This test suite tests that symbolic execution of AArch32 programs works. It is also a convenient place to test the semantics. The test harness looks for binaries in the pass and fail subdirectories. In both cases, it enumerates the functions whose names are prefixed by test_, each of which are symbolically executed with fully symbolic initial states. It treats the return value of each test function as an assertion that it will attempt to prove (i.e., it checks the satisfiability of the assertion). Test cases in pass are expected to return a value that is always true, while the test cases in fail are expected to not always be true (but note that the precise models are not inspected). The test harness uses yices for path satisfiability checking and z3 to prove goals. Since path satisfiability checking is enabled, test cases can include loops as long as they symbolically terminate.

Usage

The test runner has two command line options (beyond the defaults for tasty):

  • --save-macaw: Saves the Macaw IR for each test case to /tmp for debugging purposes
  • --save-smt: Saves the generated SMTLib for each test to /tmp for debugging purposes

Limitations

  • It currently tests both optimized an unoptimized binaries. It is intended that this set will expand and that a wide variety of compilers will be tested.
  • Only two solvers are involved in the test, rather than a whole matrix
  • Function calls are not supported in test cases
  • There are no facilities for generating symbolic data beyond the initial symbolic arguments to each function