def test_pointer_pointer(self):
ctx = newctx()
p1 = dt.fresh_ptr(ctx, util.fresh_name(
'p'), it.PointerType(it.PointerType(it.IntType(64))))
p2 = dt.fresh_ptr(ctx, util.fresh_name(
'p'), it.PointerType(it.IntType(64)))
p1.write(ctx, p2)
p2.write(ctx, util.i64(10))
self.assertEquals(p2.read(ctx).as_long(),
p1.read(ctx).read(ctx).as_long())
def test_pointer_pointer_pointer(self):
ctx = newctx()
a = dt.fresh_ptr(ctx, util.fresh_name(
'a'), it.PointerType(it.PointerType(it.IntType(64))))
b = dt.fresh_ptr(ctx, util.fresh_name(
'b'), it.PointerType(it.IntType(64)))
c = dt.fresh_ptr(ctx, util.fresh_name(
'c'), it.PointerType(it.IntType(64)))
cond = z3.Bool('cond')
p = util.If(cond, b, c)
a.write(ctx, p)
print a.read(ctx).read(ctx)
def test_read_read_same(self):
# "Helgi's problem"
ctx = newctx()
p = dt.fresh_ptr(ctx, util.fresh_name(
'p'), it.PointerType(it.IntType(64)))
self.assertEquals(p.getelementptr(ctx, util.i64(0)).read(
ctx), p.getelementptr(ctx, util.i64(0)).read(ctx))
def test_pointer_to_int(self):
ctx = newctx()
p = dt.fresh_ptr(ctx, util.fresh_name(
'p'), it.PointerType(it.IntType(64)))
print ctx['references'][p._ref._name]
p.write(ctx, util.i64(4))
self.assertEquals(4, p.read(ctx).as_long())
def test_pointer_ite(self):
ctx = newctx()
p1 = dt.fresh_ptr(ctx, util.fresh_name(
'p'), it.PointerType(it.IntType(64)))
p2 = dt.fresh_ptr(ctx, util.fresh_name(
'p'), it.PointerType(it.IntType(64)))
cond = z3.Bool('cond')
p3 = util.If(cond, p1, p2)
p3.write(ctx, util.i64(4))
s = z3.Solver()
s.add(z3.Not(z3.Implies(cond, p1.read(ctx) == util.i64(4))))
self.assertEquals(s.check(), z3.unsat)
s = z3.Solver()
s.add(z3.Not(z3.Implies(z3.Not(cond), p2.read(ctx) == util.i64(4))))
self.assertEquals(s.check(), z3.unsat)
def test_array_bounds(self):
ctx = newctx()
points = it.ArrayType(10, it.IntType(64))
p = dt.fresh_ptr(ctx, util.fresh_name('p'), points)
p = p.getelementptr(ctx, 50)
with self.assertRaises(IndexError):
p.write(ctx, util.i64(10))
def test_struct_of_ints(self):
ctx = newctx()
point = it.StructType('Point', [it.IntType(64), it.IntType(64)])
q = dt.fresh_ptr(ctx, util.fresh_name('q'), it.PointerType(point))
print ctx['references'][q._ref._name]
x = util.FreshBitVec('x', 64)
q.getelementptr(ctx, util.i64(0), util.i64(0)).write(ctx, x)
s = z3.Solver()
s.add(z3.Not(x == q.getelementptr(ctx, util.i64(0), util.i64(0)).read(ctx)))
self.assertEquals(s.check(), z3.unsat)
def test_array_of_stucts(self):
ctx = newctx()
points = it.ArrayType(10, it.StructType(
'Point', [it.IntType(64), it.IntType(64)]))
p = dt.fresh_ptr(ctx, util.fresh_name('p'), points)
y = util.FreshBitVec('y', 64)
x = util.FreshBitVec('x', 64)
# x and y are within bounds
ctx['solver'].add(z3.ULT(x, 10))
ctx['solver'].add(z3.ULT(y, 10))
p.getelementptr(ctx, x, util.i64(0)).write(ctx, x)
s = z3.Solver()
s.add(z3.Not(z3.Implies(x == y, p.getelementptr(
ctx, y, util.i64(0)).read(ctx) == y)))
self.assertEquals(s.check(), z3.unsat)
def _fresh_ref(typ, tup, depth, name=None):
if typ.is_pointer() and depth != 0:
d[tup] = None
if typ.is_int() or (typ.is_pointer() and depth != 0):
args = [z3.BitVecSort(64)] * depth + [z3.BitVecSort(typ.size())]
if name is None:
name = ref._name
else:
name = ref._name + "->" + name
d[tup] = z3.Function(util.fresh_name(name), *args)
elif typ.is_struct():
for i in range(len(typ.fields())):
_fresh_ref(typ.field(i), tup + (i, ), depth, typ.field_name(i))
elif typ.is_array() or typ.is_pointer():
_fresh_ref(typ.deref(), tup, depth + 1)
else:
assert False, "unhandled case"
def alloca(self, ctx, return_type, size, size_type, **kwargs):
assert return_type.is_pointer()
return dt.fresh_ptr(ctx, util.fresh_name('alloca'), return_type)
