[pulse] define havoc and use in symbolic execution

Summary: Assigns non-deterministic value to some variable.

Reviewed By: mbouaziz

Differential Revision: D10483977

fbshipit-source-id: dc5050886
master
Jules Villard 6 years ago committed by Facebook Github Bot
parent a295d26f69
commit 3aa712c67a

@ -39,7 +39,11 @@ module TransferFunctions (CFG : ProcCfg.S) = struct
| Direct callee_pname -> | Direct callee_pname ->
PulseModels.dispatch callee_pname PulseModels.dispatch callee_pname
in in
match model with None -> Ok astate | Some model -> model call_loc ~ret ~actuals astate match model with
| None ->
PulseDomain.havoc (fst ret) astate |> Result.return
| Some model ->
model call_loc ~ret ~actuals astate
let exec_instr (astate : PulseDomain.t) {ProcData.extras= summary} _cfg_node (instr : HilInstr.t) let exec_instr (astate : PulseDomain.t) {ProcData.extras= summary} _cfg_node (instr : HilInstr.t)

@ -285,6 +285,8 @@ let write location access_expr addr astate =
overwrite_address astate access_expr addr location >>| fun (astate, _) -> astate overwrite_address astate access_expr addr location >>| fun (astate, _) -> astate
let havoc var astate = {astate with stack= AliasingDomain.remove var astate.stack}
let invalidate location access_expr astate = let invalidate location access_expr astate =
materialize_address astate access_expr location materialize_address astate access_expr location
>>= fun (astate, addr) -> >>= fun (astate, addr) ->

@ -64,6 +64,8 @@ val read : Location.t -> AccessExpression.t -> t -> (t * AbstractAddress.t) acce
val read_all : Location.t -> AccessExpression.t list -> t -> t access_result val read_all : Location.t -> AccessExpression.t list -> t -> t access_result
val havoc : Var.t -> t -> t
val write : Location.t -> AccessExpression.t -> AbstractAddress.t -> t -> t access_result val write : Location.t -> AccessExpression.t -> AbstractAddress.t -> t -> t access_result
val invalidate : Location.t -> AccessExpression.t -> t -> t access_result val invalidate : Location.t -> AccessExpression.t -> t -> t access_result

@ -45,7 +45,7 @@ module StdVector = struct
PulseDomain.read location (deref_internal_array vector) astate PulseDomain.read location (deref_internal_array vector) astate
>>= fun (astate, loc) -> PulseDomain.write location (AccessExpression.Base ret) loc astate >>= fun (astate, loc) -> PulseDomain.write location (AccessExpression.Base ret) loc astate
| _ -> | _ ->
Ok astate Ok (PulseDomain.havoc (fst ret) astate)
let push_back : model = let push_back : model =

Loading…
Cancel
Save