Python state_equiv Examples

Example #1

File: main.py Project: ghsecuritylab/hv6

 def test_fault(self):
     with self.assertRaises(util.NoReturn):
         self.ctx.call('@fault')
     pid = util.FreshBitVec('pid', dt.pid_t)
     s = self.state.copy()
     s.procs[s.current].killed = z3.BoolVal(True)
     newstate = spec.switch_proc(s, pid)[1]
     self._prove(z3.Exists([pid], spec.state_equiv(self.ctx, newstate)))

Example #2

File: main.py Project: ghsecuritylab/hv6

    def setUp(self):
        self.ctx = newctx()
        self.state = dt.KernelState()

        self.solver = Solver()
        self.solver.set(AUTO_CONFIG=False)

        self._pre_state = spec.state_equiv(self.ctx, self.state)
        self.ctx.add_assumption(spec.impl_invariants(self.ctx))
        self.solver.add(self._pre_state)

Example #3

 def _syscall_generic(self, name):
     args = syscall_spec.get_syscall_args(name)
     res = self.ctx.call('@' + name, *args)
     cond, newstate = getattr(spec, name)(self.state, *args)
     model = self._prove(z3.And(spec.state_equiv(self.ctx, newstate),
                                cond == (res == util.i32(0))),
                         pre=z3.And(self._pre_state, z3.BoolVal(True)),
                         return_model=INTERACTIVE)
     if INTERACTIVE and model:
         from ipdb import set_trace
         set_trace()

Example #4

File: main.py Project: TianchiLiu/verifySourceCode

    def setUp(self):
        self.ctx = newctx()
        self.state = dt.KernelState()

        self.solver = Solver()
        self.solver.set(AUTO_CONFIG=False)

        self._pre_state = spec.state_equiv(self.ctx, self.state)  #add:setUp：（开始时），状态等价,注意，只是加入了等价条件，并没有执行验证，验证是在状态转换后一起执行的
        #print "\n_pre_state: {}".format(self._pre_state)

        self.ctx.add_assumption(spec.impl_invariants(self.ctx))## add：疑问？为什么删了也可以正常运行
        self.solver.add(self._pre_state) #add:前置条件

Example #5

    def test_mmap_writable(self):
        kstate = kdt.KernelState()
        ustate = dt.UserState()

        self.solver.add(spec.state_equiv(kstate, ustate))
        self.solver.add(kspec.spec_invariants(kstate))
        self.solver.add(kspec.spec_lemma_isolation(kstate))

        current = kstate.current

        idx1 = util.FreshBitVec('idx1', kdt.size_t)
        idx2 = util.FreshBitVec('idx2', kdt.size_t)
        idx3 = util.FreshBitVec('idx3', kdt.size_t)
        idx4 = util.FreshBitVec('idx4', kdt.size_t)

        kcond, nkstate = mmap_impl(kstate, current, (idx1, idx2, idx3, idx4),
                                   kdt.PTE_P | kdt.PTE_W)
        ucond, nustate = mmap_spec(ustate, current, (idx1, idx2, idx3, idx4),
                                   kdt.PTE_P | kdt.PTE_W)

        self._prove(
            z3.Implies(z3.And(kcond == ucond),
                       spec.state_equiv(nkstate, nustate)))

Example #6

File: main.py Project: ghsecuritylab/hv6

 def test_preempt(self):
     with self.assertRaises(util.NoReturn):
         self.ctx.call('@preempt')
     pid = util.FreshBitVec('pid', dt.pid_t)
     newstate = spec.switch_proc(self.state, pid)[1]
     self._prove(z3.Exists([pid], spec.state_equiv(self.ctx, newstate)))