test branch.c for concolic miniwasm

Author: ahuoguo

benchmarks/wasm/branch-strip.wat

@@ -0,0 +1,41 @@
+(module
+  (type (;0;) (func (param i32 i32) (result i32)))
+  (func (;0;) (type 0) (param i32 i32) (result i32)
+    local.get 0
+    i32.const 0
+    i32.le_s
+    local.get 1
+    i32.const 0
+    i32.le_s
+    i32.or
+    if (result i32) ;; label = @1
+      i32.const -1
+    else
+      local.get 0
+      local.get 0
+      i32.mul
+      local.get 1
+      local.get 1
+      i32.mul
+      i32.add
+      i32.const 25
+      i32.eq
+      if (result i32) ;; label = @2
+        i32.const 1
+      else
+        i32.const 0
+      end
+    end
+  )
+  (export "f" (func 0))
+  (func $real_main
+    ;; TODO: is there a better way to put symbolic values on the stack?
+    i32.const 0
+    i32.symbolic
+    i32.const 1
+    i32.symbolic
+    call 0
+  )
+
+  (export "real_main" (func 1))
+)

benchmarks/wasm/branch.wat

@@ -0,0 +1,29 @@
+(module
+  (func $f (param $x i32) (param $y i32) (result i32)
+    ;; if (x <= 0 || y <= 0)
+    (if (result i32)
+      (i32.or
+        (i32.le_s (local.get $x) (i32.const 0))
+        (i32.le_s (local.get $y) (i32.const 0))
+      )
+      (then (i32.const -1)) ;; return -1
+      (else
+        ;; if (x * x + y * y == 25)
+        (if (result i32)
+          (i32.eq
+            (i32.add
+              (i32.mul (local.get $x) (local.get $x))
+              (i32.mul (local.get $y) (local.get $y))
+            )
+            (i32.const 25)
+          )
+          (then (i32.const 1)) ;; return 1
+          (else (i32.const 0)) ;; return 0
+        )
+      )
+    )
+  )
+
+  ;; Optionally export the function
+  (export "f" (func $f))
+)

src/main/scala/wasm/ConcolicMiniWasm.scala

@@ -70,6 +70,12 @@ object Primitives {
         case (I64V(v1), I64V(v2)) => I64V(v1 & v2)
         case _                    => throw new Exception("Invalid types")
       }
+    case Or(_) =>
+      (lhs, rhs) match {
+        case (I32V(v1), I32V(v2)) => I32V(v1 | v2)
+        case (I64V(v1), I64V(v2)) => I64V(v1 | v2)
+        case _                    => throw new Exception("Invalid types")
+      }
     case _ => {
       println(s"unimplemented binop: $op")
       ???
@@ -180,13 +186,18 @@ object Primitives {
     case Concrete(v) => Concrete(evalTestOp(op, v))
     case _ =>
       op match {
-        case Eqz(_) => SymIte(CondEqz(sv), Concrete(I32V(1)), Concrete(I32V(0)))
+        case Eqz(ty) => RelCond(Eq(ty), sv, Concrete(zero(ty)))
       }
   }
 
   def evalSymRelOp(op: RelOp, lhs: SymVal, rhs: SymVal): SymVal = (lhs, rhs) match {
     case (Concrete(lhs), Concrete(rhs)) => Concrete(evalRelOp(op, lhs, rhs))
-    case _                              => SymIte(RelCond(op, lhs, rhs), Concrete(I32V(1)), Concrete(I32V(0)))
+    case _ =>
+      RelCond(
+        op,
+        lhs,
+        rhs
+      ) // TODO: it was SymIte(RelCond(op, lhs, rhs), Concrete(I32V(1)), Concrete(I32V(0))) before, but why??
   }
 
   def memOutOfBound(frame: Frame, memoryIndex: Int, offset: Int, size: Int) = {
@@ -365,10 +376,10 @@ case class Evaluator(module: ModuleInstance) {
       case If(ty, thn, els) =>
         val scnd :: newSymStack = symStack
         val I32V(cond) :: newStack = concStack
-        val inner = if (cond == 0) thn else els
+        val inner = if (cond != 0) thn else els
         val newPathConds = scnd match {
           case Concrete(_) => pathConds
-          case _           => if (cond == 0) CondEqz(scnd) :: pathConds else Not(CondEqz(scnd)) :: pathConds
+          case _           => if (cond != 0) CondEqz(scnd) :: pathConds else Not(CondEqz(scnd)) :: pathConds
         }
         val k: Cont = (retStack, retSymStack, newPathConds) =>
           eval(rest, retStack ++ newStack, retSymStack ++ newSymStack, frame, ret, trail)(newPathConds)
@@ -380,7 +391,7 @@ case class Evaluator(module: ModuleInstance) {
         val I32V(cond) :: newStack = concStack
         val newPathConds = scnd match {
           case Concrete(_) => pathConds
-          case _           => if (cond == 0) CondEqz(scnd) :: pathConds else Not(CondEqz(scnd)) :: pathConds
+          case _           => if (cond != 0) CondEqz(scnd) :: pathConds else Not(CondEqz(scnd)) :: pathConds
         }
         if (cond == 0) eval(rest, newStack, newSymStack, frame, ret, trail)(newPathConds)
         else trail(label)(newStack, newSymStack, newPathConds)
@@ -497,22 +508,19 @@ case class Evaluator(module: ModuleInstance) {
     })
 
     print(s"instrs: $instrs")
-
     // val instrs = List(Call(funcId))
 
-    // TODO: what are we tryign to do with globals here
-    // does global values allow general expressions?
-    // val globals = module.definitions.collect({ case g@Global(_, _) => g })
+    val globals = module.defs.collect({ case g @ Global(_, _) => g })
 
-    // for (global <- globals) {
-    //   global.f match {
-    //     case GlobalValue(ty, e) => {
-    //       val (cv, sv) = evalExpr(e)
-    //       moduleInst.globals.append((RTGlobal(ty, cv), sv))
-    //     }
-    //     case _ => ???
-    //   }
-    // }
+    for (global <- globals) {
+      global.f match {
+        case GlobalValue(ty, e) => {
+          val (cv, sv) = evalExpr(e)
+          module.globals.append((RTGlobal(ty, cv), sv))
+        }
+        case _ => ???
+      }
+    }
 
     val locals = extractLocals(module, main)
 
@@ -542,7 +550,7 @@ case class Evaluator(module: ModuleInstance) {
             System.err.println(s"Entering function $main")
             module.funcs(fid) match {
               case FuncDef(_, FuncBodyDef(_, _, locals, _)) => locals
-              case _ => throw new Exception("Entry function has no concrete body")
+              case _                                        => throw new Exception("Entry function has no concrete body")
             }
           case _ => List()
         })
@@ -552,7 +560,7 @@ case class Evaluator(module: ModuleInstance) {
             System.err.println(s"Entering unnamed function $id")
             module.funcs(id) match {
               case FuncDef(_, FuncBodyDef(_, _, locals, body)) => locals
-              case _ => throw new Exception("Entry function has no concrete body")
+              case _                                           => throw new Exception("Entry function has no concrete body")
             }
           case _ => List()
         })

src/main/scala/wasm/Symbolic.scala

@@ -9,6 +9,7 @@ case class SymUnary(op: UnaryOp, v: SymVal) extends SymVal
 case class SymIte(cond: Cond, thn: SymVal, els: SymVal) extends SymVal
 case class Concrete(v: Value) extends SymVal
 
+// The following should be encoded to boolean in SMT
 abstract class Cond extends SymVal
 case class CondEqz(v: SymVal) extends Cond
 case class Not(cond: Cond) extends Cond
@@ -20,6 +21,6 @@ case class MemExtract(mem: SymVal, offset: Int, size: Int) extends SymVal
 abstract class SymVal {
   def toZ3AST(implicit ctx: Z3Context): Z3AST = this match {
     case SymV(name) => ctx.mkConst(ctx.mkStringSymbol(name), ctx.mkIntSort())
-    case _ => ???
+    case _          => ???
   }
 }

src/test/scala/genwasym/TestConcolic.scala

@@ -5,20 +5,45 @@ import gensym.wasm.source._
 import gensym.wasm.parser._
 import gensym.wasm.memory._
 import gensym.wasm.symbolic._
+import gensym.wasm.concolicminiwasm._
 
 import org.scalatest.FunSuite
 class TestConcolic extends FunSuite {
 
-  // TODO: actually test this
-  def fileTestConcolicEval() = {
-    import gensym.wasm.concolicminiwasm._
-    val module = Parser.parseFile("./benchmarks/wasm/pow.wat")
+  def fileTestConcolicEval(filename: String, mainFnName: Option[String]) = {
+    val module = Parser.parseFile(filename)
     val moduleInst = ModuleInstance(module)
-    Evaluator(moduleInst).execWholeProgram(Some("real_main"))
+    Evaluator(moduleInst).execWholeProgram(mainFnName)
   }
 
-  test("fileTestConcolicEval") {
-    fileTestConcolicEval()
+  // TODO: is there a way to test this in a more automatic way?
+  //       we currently eyeball the path conditions
+  test("pow") {
+    fileTestConcolicEval("./benchmarks/wasm/pow.wat", Some("real_main"))
+  }
+
+  test("branch") {
+    fileTestConcolicEval("./benchmarks/wasm/branch-strip.wat", Some("real_main"))
+  }
+
+}
+
+class TestDriver extends FunSuite {
+  import gensym.wasm.concolicdriver._
+  import scala.collection.mutable.{HashMap, HashSet}
+  import z3.scala._
+
+  def fileTestDriver(file: String, mainFun: String, startEnv: HashMap[Int, Value]) = {
+    import collection.mutable.ArrayBuffer
+    val module = Parser.parseFile(file)
+    ConcolicDriver.exec(module, mainFun, startEnv)(new Z3Context())
+  }
+
+  // def main(args: Array[String]) = {}
+
+  // TODO: fix this
+  test("driver") {
+    fileTestDriver("./benchmarks/wasm/branch-strip.wat", "real_main", new HashMap[Int, Value]())
   }
 
 }