def learn(sig: Signature, axioms: List[Formula], formula: Formula,
timeout: float, args: Any) -> LearningResult:
result = LearningResult(False, Or([]), Timer(timeout), Timer(timeout),
UnlimitedTimer())
S = SeparatorReductionV1 if args.separator == 'v1' else\
SeparatorReductionV2 if args.separator == 'v2' else\
GeneralizedSeparator if args.separator == 'generalized' else\
HybridSeparator if args.separator == 'hybrid' else\
SeparatorNaive
separator: Separator = S(sig,
quiet=args.quiet,
logic=args.logic,
epr_wrt_formulas=axioms +
[formula, Not(formula)])
env = Environment(sig)
s = z3.Solver()
for sort in sig.sorts:
sorts_to_z3[sort] = z3.DeclareSort(sort)
for const, sort in sig.constants.items():
z3.Const(const, sorts_to_z3[sort])
for rel, sorts in sig.relations.items():
z3_rel_func[rel] = z3.Function(rel, *[sorts_to_z3[x] for x in sorts],
z3.BoolSort())
for fun, (sorts, ret) in sig.functions.items():
z3_rel_func[fun] = z3.Function(fun, *[sorts_to_z3[x] for x in sorts],
sorts_to_z3[ret])
for ax in axioms:
s.add(toZ3(ax, env))
p_constraints: List[int] = []
n_constraints: List[int] = []
try:
while True:
with result.counterexample_timer:
if not args.quiet:
print("Checking formula")
if not args.no_cvc4:
r = find_model_or_equivalence_cvc4(
result.current, formula, env, s,
result.counterexample_timer)
else:
r = find_model_or_equivalence(result.current, formula, env,
s,
result.counterexample_timer)
result.counterexample_timer.check_time()
if r is None:
if not args.quiet:
print("formula matches!")
print(result.current)
# f = open("/tmp/out.fol", "w")
# f.write(str(sig))
# for m in result.models:
# f.write(str(m))
# f.close()
result.success = True
return result
with result.separation_timer:
ident = separator.add_model(r)
result.models.append(r)
if r.label.startswith("+"):
p_constraints.append(ident)
else:
n_constraints.append(ident)
if not args.quiet:
print("New model is:")
print(r)
print("Have new model, now have", len(result.models),
"models total")
if True:
c = separator.separate(pos=p_constraints,
neg=n_constraints,
imp=[],
max_clauses=args.max_clauses,
max_depth=args.max_depth,
timer=result.separation_timer,
matrix_timer=result.matrix_timer)
if c is None:
result.reason = "couldn't separate models under given restrictions"
break
if not args.quiet:
print("Learned new possible formula: ", c)
result.current = c
except TimeoutException:
result.reason = "timeout"
except RuntimeError as e:
print("Error:", e)
#raise e
result.reason = str(e)
return result
PCI_START = 0xa0000000 PCI_END = 0x100000000 NPAGE = 8192 NDMAPAGE = 512 NPROC = 64 #add service bound:MAX_SVC MAX_SVC = 189 # NTSLICE NOFILE = 16 NFILE = 128 NPCIDEV = 64 NINTREMAP = 8 NPCIPAGE = (PCI_END - PCI_START) / PAGE_SIZE bool_t = z3.BoolSort() size_t = z3.BitVecSort(64) uint64_t = z3.BitVecSort(64) uint32_t = z3.BitVecSort(32) uint16_t = z3.BitVecSort(16) uint8_t = z3.BitVecSort(8) ssize_t = z3.BitVecSort(64) int64_t = z3.BitVecSort(64) int32_t = z3.BitVecSort(32) int16_t = z3.BitVecSort(16) int8_t = z3.BitVecSort(8) int = int32_t pn_t = z3.BitVecSort(64)
def _firewallSendRules(self):
p_0 = z3.Const('%s_firewall_send_p_0'%(self.fw), self.ctx.packet)
p_1 = z3.Const('%s_firewall_send_p_1'%(self.fw), self.ctx.packet)
n_0 = z3.Const('%s_firewall_send_n_0'%(self.fw), self.ctx.node)
n_1 = z3.Const('%s_firewall_send_n_1'%(self.fw), self.ctx.node)
t_0 = z3.Int('%s_firewall_send_t_0'%(self.fw))
t_1 = z3.Int('%s_firewall_send_t_1'%(self.fw))
t_2 = z3.Int('%s_firewall_send_t_2'%(self.fw))
self.acl_func = z3.Function('%s_acl_func'%(self.fw), self.ctx.address, self.ctx.address, z3.BoolSort())
self.constraints.append(z3.ForAll([n_0, p_0, t_0], z3.Implies(self.ctx.send(self.fw, n_0, p_0, t_0), \
z3.And(z3.Not(self.failed(t_0)), \
z3.Exists([n_1, t_1], \
z3.And(self.ctx.recv(n_1, self.fw, p_0, t_1), \
t_1 < t_0, z3.Not(self.failed(t_1))))))))
self.constraints.append(z3.ForAll([n_0, p_0, t_0], z3.Implies(\
z3.And(self.ctx.send(self.fw, n_0, p_0, t_0), \
z3.Not(self.acl_func(self.ctx.packet.src(p_0), self.ctx.packet.dest(p_0)))), \
z3.Exists([n_1, p_1, t_1], \
z3.And(self.ctx.send(self.fw, n_1, p_1, t_1), \
t_1 + 1 <= t_0, \
self.acl_func(self.ctx.packet.src(p_1), self.ctx.packet.dest(p_1)), \
self.ctx.packet.src(p_0) == self.ctx.packet.dest(p_1), \
self.ctx.packet.dest(p_0) == self.ctx.packet.src(p_1), \
self.ctx.src_port(p_0) == self.ctx.dest_port(p_1), \
self.ctx.dest_port(p_0) == self.ctx.src_port(p_1), \
z3.ForAll([t_2], z3.Implies(self.failed(t_2), \
z3.Or(t_2 < t_1, \
t_0 < t_2))))))))
def __init__(self, environment, z3_ctx):
DagWalker.__init__(self, environment)
self.mgr = environment.formula_manager
self._get_type = environment.stc.get_type
self._back_memoization = {}
self.ctx = z3_ctx
# Back Conversion
self._back_fun = {
z3.Z3_OP_AND:
lambda args, expr: self.mgr.And(args),
z3.Z3_OP_OR:
lambda args, expr: self.mgr.Or(args),
z3.Z3_OP_MUL:
lambda args, expr: self.mgr.Times(args),
z3.Z3_OP_ADD:
lambda args, expr: self.mgr.Plus(args),
z3.Z3_OP_DIV:
lambda args, expr: self.mgr.Div(args[0], args[1]),
z3.Z3_OP_IFF:
lambda args, expr: self.mgr.Iff(args[0], args[1]),
z3.Z3_OP_XOR:
lambda args, expr: self.mgr.Xor(args[0], args[1]),
z3.Z3_OP_FALSE:
lambda args, expr: self.mgr.FALSE(),
z3.Z3_OP_TRUE:
lambda args, expr: self.mgr.TRUE(),
z3.Z3_OP_GT:
lambda args, expr: self.mgr.GT(args[0], args[1]),
z3.Z3_OP_GE:
lambda args, expr: self.mgr.GE(args[0], args[1]),
z3.Z3_OP_LT:
lambda args, expr: self.mgr.LT(args[0], args[1]),
z3.Z3_OP_LE:
lambda args, expr: self.mgr.LE(args[0], args[1]),
z3.Z3_OP_DISTINCT:
lambda args, expr: self.mgr.AllDifferent(args),
z3.Z3_OP_SUB:
lambda args, expr: self.mgr.Minus(args[0], args[1]),
z3.Z3_OP_NOT:
lambda args, expr: self.mgr.Not(args[0]),
z3.Z3_OP_IMPLIES:
lambda args, expr: self.mgr.Implies(args[0], args[1]),
z3.Z3_OP_ITE:
lambda args, expr: self.mgr.Ite(args[0], args[1], args[2]),
z3.Z3_OP_TO_REAL:
lambda args, expr: self.mgr.ToReal(args[0]),
z3.Z3_OP_BAND:
lambda args, expr: self.mgr.BVAnd(args[0], args[1]),
z3.Z3_OP_BOR:
lambda args, expr: self.mgr.BVOr(args[0], args[1]),
z3.Z3_OP_BXOR:
lambda args, expr: self.mgr.BVXor(args[0], args[1]),
z3.Z3_OP_BNOT:
lambda args, expr: self.mgr.BVNot(args[0]),
z3.Z3_OP_BNEG:
lambda args, expr: self.mgr.BVNeg(args[0]),
z3.Z3_OP_CONCAT:
lambda args, expr: self.mgr.BVConcat(args[0], args[1]),
z3.Z3_OP_ULT:
lambda args, expr: self.mgr.BVULT(args[0], args[1]),
z3.Z3_OP_ULEQ:
lambda args, expr: self.mgr.BVULE(args[0], args[1]),
z3.Z3_OP_SLT:
lambda args, expr: self.mgr.BVSLT(args[0], args[1]),
z3.Z3_OP_SLEQ:
lambda args, expr: self.mgr.BVSLE(args[0], args[1]),
z3.Z3_OP_UGT:
lambda args, expr: self.mgr.BVUGT(args[0], args[1]),
z3.Z3_OP_UGEQ:
lambda args, expr: self.mgr.BVUGE(args[0], args[1]),
z3.Z3_OP_SGT:
lambda args, expr: self.mgr.BVSGT(args[0], args[1]),
z3.Z3_OP_SGEQ:
lambda args, expr: self.mgr.BVSGE(args[0], args[1]),
z3.Z3_OP_BADD:
lambda args, expr: self.mgr.BVAdd(args[0], args[1]),
z3.Z3_OP_BMUL:
lambda args, expr: self.mgr.BVMul(args[0], args[1]),
z3.Z3_OP_BUDIV:
lambda args, expr: self.mgr.BVUDiv(args[0], args[1]),
z3.Z3_OP_BSDIV:
lambda args, expr: self.mgr.BVSDiv(args[0], args[1]),
z3.Z3_OP_BUREM:
lambda args, expr: self.mgr.BVURem(args[0], args[1]),
z3.Z3_OP_BSREM:
lambda args, expr: self.mgr.BVSRem(args[0], args[1]),
z3.Z3_OP_BSHL:
lambda args, expr: self.mgr.BVLShl(args[0], args[1]),
z3.Z3_OP_BLSHR:
lambda args, expr: self.mgr.BVLShr(args[0], args[1]),
z3.Z3_OP_BASHR:
lambda args, expr: self.mgr.BVAShr(args[0], args[1]),
z3.Z3_OP_BSUB:
lambda args, expr: self.mgr.BVSub(args[0], args[1]),
z3.Z3_OP_EXT_ROTATE_LEFT:
lambda args, expr: self.mgr.BVRol(args[0], args[1].
bv_unsigned_value()),
z3.Z3_OP_EXT_ROTATE_RIGHT:
lambda args, expr: self.mgr.BVRor(args[0], args[1].
bv_unsigned_value()),
z3.Z3_OP_BV2INT:
lambda args, expr: self.mgr.BVToNatural(args[0]),
z3.Z3_OP_POWER:
lambda args, expr: self.mgr.Pow(args[0], args[1]),
z3.Z3_OP_SELECT:
lambda args, expr: self.mgr.Select(args[0], args[1]),
z3.Z3_OP_STORE:
lambda args, expr: self.mgr.Store(args[0], args[1], args[2]),
# Actually use both args, expr
z3.Z3_OP_SIGN_EXT:
lambda args, expr: self.mgr.BVSExt(args[0], z3.get_payload(
expr, 0)),
z3.Z3_OP_ZERO_EXT:
lambda args, expr: self.mgr.BVZExt(args[0], z3.get_payload(
expr, 0)),
z3.Z3_OP_ROTATE_LEFT:
lambda args, expr: self.mgr.BVRol(args[0], z3.get_payload(expr, 0)
),
z3.Z3_OP_ROTATE_RIGHT:
lambda args, expr: self.mgr.BVRor(args[0], z3.get_payload(expr, 0)
),
z3.Z3_OP_EXTRACT:
lambda args, expr: self.mgr.BVExtract(args[
0], z3.get_payload(expr, 1), z3.get_payload(expr, 0)),
# Complex Back Translation
z3.Z3_OP_EQ:
self._back_z3_eq,
z3.Z3_OP_UMINUS:
self._back_z3_uminus,
z3.Z3_OP_CONST_ARRAY:
self._back_z3_const_array,
}
# Unique reference to Sorts
self.z3RealSort = z3.RealSort(self.ctx)
self.z3BoolSort = z3.BoolSort(self.ctx)
self.z3IntSort = z3.IntSort(self.ctx)
self._z3ArraySorts = {}
self._z3BitVecSorts = {}
self._z3Sorts = {}
# Unique reference to Function Declaration
self._z3_func_decl_cache = {}
return
def functionsort(fs):
# print "fs.rng = {!r}".format(fs.rng)
if fs.is_relational():
return [s.to_z3() for s in fs.dom] + [z3.BoolSort()]
return [s.to_z3() for s in fs.dom] + [fs.rng.to_z3()]
# print "fs.rng = {!r}".format(fs.rng)
if fs.is_relational():
return [s.to_z3() for s in fs.dom] + [z3.BoolSort()]
return [s.to_z3() for s in fs.dom] + [fs.rng.to_z3()]
def enumeratedsort(es):
res,consts = z3.EnumSort(es.name,es.extension)
for c in consts:
z3_constants[str(c)] = c
# print "enum {} : {}".format(res,type(res))
return res
ivy_logic.UninterpretedSort.to_z3 = uninterpretedsort
ivy_logic.FunctionSort.to_z3 = functionsort
ivy_logic.EnumeratedSort.to_z3 = enumeratedsort
ivy_logic.BooleanSort.to_z3 = lambda self: z3.BoolSort()
ivy_logic.Symbol.to_z3 = lambda s: z3.Const(s.name, s.sort.to_z3()) if s.sort.dom == [] else z3.Function(s.name,s.sort.to_z3())
def lookup_native(thing,table,kind):
z3name = ivy_logic.sig.interp.get(thing.name)
if z3name == None:
if thing.name in iu.polymorphic_symbols:
sort = thing.sort.domain[0].name
if sort in ivy_logic.sig.interp and not isinstance(ivy_logic.sig.interp[sort],ivy_logic.EnumeratedSort):
z3val = table(thing.name)
if z3val == None:
raise iu.IvyError(None,'{} is not a supported Z3 {}'.format(name,kind))
return z3val
return None
if isinstance(z3name,ivy_logic.EnumeratedSort):
def create_symbolic(name, sort, columns):
assert len(columns) == len(set(columns))
sig = [sort] * len(columns) + [z3.BoolSort()]
relation = z3.Function(name, *sig)
return Table(columns, sort, lambda *tup: relation(*tup))