eurecom-s3 / symqemu Goto Github PK
View Code? Open in Web Editor NEWSymQEMU: Compilation-based symbolic execution for binaries
Home Page: http://www.s3.eurecom.fr/tools/symbolic_execution/symqemu.html
License: Other
symqemu's People
Contributors
Stargazers
Watchers
Forkers
microsvuln longjohncoder c0de3 zeta1999 kharos102 posticarus fengjixuchui sweetvishnya kevinsungdelta thuanpv majinxin2003 frankenstein-bit humeafo research-zoo wxywang89 sgzeng cyrex562 brothernero firefoxxpyang sebastianpoeplau huanglei3 zenhumany fengchunfan gmh5225 crackercat srikwit jaygith lukas-dresel ercoppa enlighten5 gdjs2 antwy kitsu418 youngjun-chang damienmaier n0vapixel aurelf rmalmain f3ng5hsymqemu's Issues
Support for target riscv64-linux-user
I get the following error when compiling symqemu for --target-list=x86_64-linux-user:
CC riscv64-linux-user/tcg/tcg.o
In file included from /usr/include/sched.h:29,
from /usr/include/pthread.h:22,
from /usr/include/glib-2.0/glib/deprecated/gthread.h:124,
from /usr/include/glib-2.0/glib.h:111,
from /symqemu/include/glib-compat.h:32,
from /symqemu/include/qemu/osdep.h:140,
from /symqemu/tcg/tcg.c:28:
/symqemu/tcg/tcg.c: In function 'tcg_context_init':
/symqemu/tcg/tcg.c:1000:9: error: 'ArchCPU' {aka 'RISCVCPU'} has no member named 'env_exprs'
1000 | offsetof(ArchCPU, env_exprs) - offsetof(ArchCPU, env), "env");
| ^~~~~~~~
make[1]: *** [/symqemu/rules.mak:69: tcg/tcg.o] Error 1
make: *** [Makefile:472: riscv64-linux-user/all] Error 2
Flex and Bison are installed, and all Qemu dependencies are installed with apt build-dep qemu.
wrong basic block address used in backend
Hi,
In include/exec/gen-icount.h, I noticed that the value passed to gen_helper_sym_notify_block is the address of the TB pointer. I'm wondering if using the simulated TB address would make more sense. Could you help me to verify my fix at:
sgzeng@1bc3860
[INFO] syncConstraints: Incorrect constraints are inserted
Hi!
I noticed that when running SymQEMU, the following error shows up in the log.
[INFO] syncConstraints: Incorrect constraints are inserted
Any idea about what's the reason and how to solve it? (run SymQEMU on objdump and specint benchmarks and observe the same error.)
Thanks!
the file where you integrate Symbolic execution
Hi,
Could you please let me know in which file/files you integrate symbolic execution?
build failed
hi,
l wanted to build symcc but met some troubles. Here is my error message.
[1/8] Performing configure step for 'SymRuntime'
FAILED: SymRuntime-prefix/src/SymRuntime-stamp/SymRuntime-configure
cd /home/lin/Desktop/symqemu/symcc/build/SymRuntime-prefix/src/SymRuntime-build && /usr/bin/cmake -DCMAKE_C_COMPILER=/usr/bin/cc -DCMAKE_C_FLAGS= -DCMAKE_CXX_COMPILER=/usr/bin/c++ -DCMAKE_CXX_FLAGS= -DCMAKE_SHARED_LINKER_FLAGS= -DQSYM_BACKEND=ON -DCMAKE_BUILD_TYPE= -DZ3_TRUST_SYSTEM_VERSION= -DCMAKE_EXPORT_COMPILE_COMMANDS=OFF -DZ3_DIR= -DLLVM_DIR=/usr/lib/llvm-6.0/cmake -GNinja /home/lin/Desktop/symqemu/symcc/runtime && /usr/bin/cmake -E touch /home/lin/Desktop/symqemu/symcc/build/SymRuntime-prefix/src/SymRuntime-stamp/SymRuntime-configure
-- Could NOT find Z3 (missing: Z3_DIR)
CMake Error at qsym_backend/CMakeLists.txt:45 (message):
Couldn't locate Z3. If you want me to trust that a suitable version is
available nonetheless, configure CMake with -DZ3_TRUST_SYSTEM_VERSION=on
(see also docs/Configuration.txt).
-- Configuring incomplete, errors occurred!
See also "/home/lin/Desktop/symqemu/symcc/build/SymRuntime-prefix/src/SymRuntime-build/CMakeFiles/CMakeOutput.log".
[2/8] Building CXX object CMakeFiles/Symbolize.dir/compiler/Runtime.cpp.o
FAILED: CMakeFiles/Symbolize.dir/compiler/Runtime.cpp.o
/usr/bin/c++ -DSymbolize_EXPORTS -isystem /usr/lib/llvm-6.0/include -std=c++17 -Wredundant-decls -Wcast-align -Wmissing-include-dirs -Wswitch-default -Wextra -Wall -Winvalid-pch -Wredundant-decls -Wformat=2 -Wmissing-format-attribute -Wformat-nonliteral -Werror -fPIC -D_GNU_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS -MD -MT CMakeFiles/Symbolize.dir/compiler/Runtime.cpp.o -MF CMakeFiles/Symbolize.dir/compiler/Runtime.cpp.o.d -o CMakeFiles/Symbolize.dir/compiler/Runtime.cpp.o -c ../compiler/Runtime.cpp
In file included from ../compiler/Runtime.cpp:15:0:
../compiler/Runtime.h:24:24: error: ‘FunctionCallee’ in namespace ‘llvm’ does not name a type
using SymFnT = llvm::FunctionCallee;
^~~~~~~~~~~~~~
../compiler/Runtime.h:31:3: error: ‘SymFnT’ does not name a type
SymFnT buildInteger{};
^~~~~~
../compiler/Runtime.h:32:3: error: ‘SymFnT’ does not name a type
SymFnT buildInteger128{};
^~~~~~
../compiler/Runtime.h:33:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloat{};
^~~~~~
../compiler/Runtime.h:34:3: error: ‘SymFnT’ does not name a type
SymFnT buildNullPointer{};
^~~~~~
../compiler/Runtime.h:35:3: error: ‘SymFnT’ does not name a type
SymFnT buildTrue{};
^~~~~~
../compiler/Runtime.h:36:3: error: ‘SymFnT’ does not name a type
SymFnT buildFalse{};
^~~~~~
../compiler/Runtime.h:37:3: error: ‘SymFnT’ does not name a type
SymFnT buildBool{};
^~~~~~
../compiler/Runtime.h:38:3: error: ‘SymFnT’ does not name a type
SymFnT buildSExt{};
^~~~~~
../compiler/Runtime.h:39:3: error: ‘SymFnT’ does not name a type
SymFnT buildZExt{};
^~~~~~
../compiler/Runtime.h:40:3: error: ‘SymFnT’ does not name a type
SymFnT buildTrunc{};
^~~~~~
../compiler/Runtime.h:41:3: error: ‘SymFnT’ does not name a type
SymFnT buildBswap{};
^~~~~~
../compiler/Runtime.h:42:3: error: ‘SymFnT’ does not name a type
SymFnT buildIntToFloat{};
^~~~~~
../compiler/Runtime.h:43:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToFloat{};
^~~~~~
../compiler/Runtime.h:44:3: error: ‘SymFnT’ does not name a type
SymFnT buildBitsToFloat{};
^~~~~~
../compiler/Runtime.h:45:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToBits{};
^~~~~~
../compiler/Runtime.h:46:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToSignedInt{};
^~~~~~
../compiler/Runtime.h:47:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToUnsignedInt{};
^~~~~~
../compiler/Runtime.h:48:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatAbs{};
^~~~~~
../compiler/Runtime.h:49:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolAnd{};
^~~~~~
../compiler/Runtime.h:50:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolOr{};
^~~~~~
../compiler/Runtime.h:51:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolXor{};
^~~~~~
../compiler/Runtime.h:52:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolToBits{};
^~~~~~
../compiler/Runtime.h:53:3: error: ‘SymFnT’ does not name a type
SymFnT pushPathConstraint{};
^~~~~~
../compiler/Runtime.h:54:3: error: ‘SymFnT’ does not name a type
SymFnT getParameterExpression{};
^~~~~~
../compiler/Runtime.h:55:3: error: ‘SymFnT’ does not name a type
SymFnT setParameterExpression{};
^~~~~~
../compiler/Runtime.h:56:3: error: ‘SymFnT’ does not name a type
SymFnT setReturnExpression{};
^~~~~~
../compiler/Runtime.h:57:3: error: ‘SymFnT’ does not name a type
SymFnT getReturnExpression{};
^~~~~~
../compiler/Runtime.h:58:3: error: ‘SymFnT’ does not name a type
SymFnT memcpy{};
^~~~~~
../compiler/Runtime.h:59:3: error: ‘SymFnT’ does not name a type
SymFnT memset{};
^~~~~~
../compiler/Runtime.h:60:3: error: ‘SymFnT’ does not name a type
SymFnT memmove{};
^~~~~~
../compiler/Runtime.h:61:3: error: ‘SymFnT’ does not name a type
SymFnT readMemory{};
^~~~~~
../compiler/Runtime.h:62:3: error: ‘SymFnT’ does not name a type
SymFnT writeMemory{};
^~~~~~
../compiler/Runtime.h:63:3: error: ‘SymFnT’ does not name a type
SymFnT buildInsert{};
^~~~~~
../compiler/Runtime.h:64:3: error: ‘SymFnT’ does not name a type
SymFnT buildExtract{};
^~~~~~
../compiler/Runtime.h:65:3: error: ‘SymFnT’ does not name a type
SymFnT notifyCall{};
^~~~~~
../compiler/Runtime.h:66:3: error: ‘SymFnT’ does not name a type
SymFnT notifyRet{};
^~~~~~
../compiler/Runtime.h:67:3: error: ‘SymFnT’ does not name a type
SymFnT notifyBasicBlock{};
^~~~~~
../compiler/Runtime.h:71:14: error: ‘SymFnT’ was not declared in this scope
std::array<SymFnT, llvm::CmpInst::BAD_ICMP_PREDICATE>
^~~~~~
../compiler/Runtime.h:71:55: error: template argument 1 is invalid
std::array<SymFnT, llvm::CmpInst::BAD_ICMP_PREDICATE>
^
../compiler/Runtime.h:76:14: error: ‘SymFnT’ was not declared in this scope
std::array<SymFnT, llvm::Instruction::BinaryOpsEnd>
^~~~~~
../compiler/Runtime.h:76:53: error: template argument 1 is invalid
std::array<SymFnT, llvm::Instruction::BinaryOpsEnd>
^
../compiler/Runtime.cpp:26:1: error: ‘SymFnT’ does not name a type
SymFnT import(llvm::Module &M, llvm::StringRef name, llvm::Type *ret,
^~~~~~
../compiler/Runtime.cpp: In constructor ‘Runtime::Runtime(llvm::Module&)’:
../compiler/Runtime.cpp:44:3: error: ‘buildInteger’ was not declared in this scope
buildInteger = import(M, "_sym_build_integer", ptrT, IRB.getInt64Ty(), int8T);
^~~~~~~~~~~~
../compiler/Runtime.cpp:44:18: error: ‘import’ was not declared in this scope
buildInteger = import(M, "_sym_build_integer", ptrT, IRB.getInt64Ty(), int8T);
^~~~~~
../compiler/Runtime.cpp:44:18: note: suggested alternative: ‘qsort’
buildInteger = import(M, "_sym_build_integer", ptrT, IRB.getInt64Ty(), int8T);
^~~~~~
qsort
../compiler/Runtime.cpp:45:3: error: ‘buildInteger128’ was not declared in this scope
buildInteger128 = import(M, "_sym_build_integer128", ptrT, IRB.getInt64Ty(),
^~~~~~~~~~~~~~~
../compiler/Runtime.cpp:47:3: error: ‘buildFloat’ was not declared in this scope
buildFloat =
^~~~~~~~~~
../compiler/Runtime.cpp:49:3: error: ‘buildNullPointer’ was not declared in this scope
buildNullPointer = import(M, "_sym_build_null_pointer", ptrT);
^~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:49:3: note: suggested alternative: ‘__builtin_eh_pointer’
buildNullPointer = import(M, "_sym_build_null_pointer", ptrT);
^~~~~~~~~~~~~~~~
__builtin_eh_pointer
../compiler/Runtime.cpp:50:3: error: ‘buildTrue’ was not declared in this scope
buildTrue = import(M, "_sym_build_true", ptrT);
^~~~~~~~~
../compiler/Runtime.cpp:51:3: error: ‘buildFalse’ was not declared in this scope
buildFalse = import(M, "_sym_build_false", ptrT);
^~~~~~~~~~
../compiler/Runtime.cpp:51:3: note: suggested alternative: ‘duplocale’
buildFalse = import(M, "_sym_build_false", ptrT);
^~~~~~~~~~
duplocale
../compiler/Runtime.cpp:52:3: error: ‘buildBool’ was not declared in this scope
buildBool = import(M, "_sym_build_bool", ptrT, IRB.getInt1Ty());
^~~~~~~~~
../compiler/Runtime.cpp:53:3: error: ‘buildSExt’ was not declared in this scope
buildSExt = import(M, "_sym_build_sext", ptrT, ptrT, int8T);
^~~~~~~~~
../compiler/Runtime.cpp:54:3: error: ‘buildZExt’ was not declared in this scope
buildZExt = import(M, "_sym_build_zext", ptrT, ptrT, int8T);
^~~~~~~~~
../compiler/Runtime.cpp:55:3: error: ‘buildTrunc’ was not declared in this scope
buildTrunc = import(M, "_sym_build_trunc", ptrT, ptrT, int8T);
^~~~~~~~~~
../compiler/Runtime.cpp:56:3: error: ‘buildBswap’ was not declared in this scope
buildBswap = import(M, "_sym_build_bswap", ptrT, ptrT);
^~~~~~~~~~
../compiler/Runtime.cpp:57:3: error: ‘buildIntToFloat’ was not declared in this scope
buildIntToFloat = import(M, "_sym_build_int_to_float", ptrT, ptrT,
^~~~~~~~~~~~~~~
../compiler/Runtime.cpp:59:3: error: ‘buildFloatToFloat’ was not declared in this scope
buildFloatToFloat =
^~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:61:3: error: ‘buildBitsToFloat’ was not declared in this scope
buildBitsToFloat =
^~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:63:3: error: ‘buildFloatToBits’ was not declared in this scope
buildFloatToBits = import(M, "_sym_build_float_to_bits", ptrT, ptrT);
^~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:64:3: error: ‘buildFloatToSignedInt’ was not declared in this scope
buildFloatToSignedInt =
^~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:66:3: error: ‘buildFloatToUnsignedInt’ was not declared in this scope
buildFloatToUnsignedInt =
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:68:3: error: ‘buildFloatAbs’ was not declared in this scope
buildFloatAbs = import(M, "_sym_build_fp_abs", ptrT, ptrT);
^~~~~~~~~~~~~
../compiler/Runtime.cpp:69:3: error: ‘buildBoolAnd’ was not declared in this scope
buildBoolAnd = import(M, "_sym_build_bool_and", ptrT, ptrT, ptrT);
^~~~~~~~~~~~
../compiler/Runtime.cpp:70:3: error: ‘buildBoolOr’ was not declared in this scope
buildBoolOr = import(M, "_sym_build_bool_or", ptrT, ptrT, ptrT);
^~~~~~~~~~~
../compiler/Runtime.cpp:71:3: error: ‘buildBoolXor’ was not declared in this scope
buildBoolXor = import(M, "_sym_build_bool_xor", ptrT, ptrT, ptrT);
^~~~~~~~~~~~
../compiler/Runtime.cpp:72:3: error: ‘buildBoolToBits’ was not declared in this scope
buildBoolToBits = import(M, "_sym_build_bool_to_bits", ptrT, ptrT, int8T);
^~~~~~~~~~~~~~~
../compiler/Runtime.cpp:73:3: error: ‘pushPathConstraint’ was not declared in this scope
pushPathConstraint = import(M, "_sym_push_path_constraint", voidT, ptrT,
^~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:76:3: error: ‘setParameterExpression’ was not declared in this scope
setParameterExpression =
^~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:78:3: error: ‘getParameterExpression’ was not declared in this scope
getParameterExpression =
^~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:80:3: error: ‘setReturnExpression’ was not declared in this scope
setReturnExpression = import(M, "_sym_set_return_expression", voidT, ptrT);
^~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:81:3: error: ‘getReturnExpression’ was not declared in this scope
getReturnExpression = import(M, "_sym_get_return_expression", ptrT);
^~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:87:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(Add, add)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:88:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(Sub, sub)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:89:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(Mul, mul)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:90:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(UDiv, unsigned_div)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:91:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(SDiv, signed_div)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:92:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(URem, unsigned_rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:93:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(SRem, signed_rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:94:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(Shl, shift_left)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:95:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(LShr, logical_shift_right)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:96:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(AShr, arithmetic_shift_right)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:97:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(And, and)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:98:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(Or, or)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:99:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(Xor, xor)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:102:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(FAdd, fp_add)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:103:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(FSub, fp_sub)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:104:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(FMul, fp_mul)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:105:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(FDiv, fp_div)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:84:47: error: invalid types ‘int[llvm::Instruction::BinaryOps]’ for array subscript
binaryOperatorHandlers[Instruction::constant] = \
^
../compiler/Runtime.cpp:106:3: note: in expansion of macro ‘LOAD_BINARY_OPERATOR_HANDLER’
LOAD_BINARY_OPERATOR_HANDLER(FRem, fp_rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:114:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(ICMP_EQ, equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:115:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(ICMP_NE, not_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:116:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(ICMP_UGT, unsigned_greater_than)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:117:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(ICMP_UGE, unsigned_greater_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:118:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(ICMP_ULT, unsigned_less_than)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:119:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(ICMP_ULE, unsigned_less_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:120:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(ICMP_SGT, signed_greater_than)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:121:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(ICMP_SGE, signed_greater_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:122:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(ICMP_SLT, signed_less_than)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:123:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(ICMP_SLE, signed_less_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:126:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_OGT, float_ordered_greater_than)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:127:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_OGE, float_ordered_greater_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:128:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_OLT, float_ordered_less_than)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:129:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_OLE, float_ordered_less_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:130:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_OEQ, float_ordered_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:131:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_ONE, float_ordered_not_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:132:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_ORD, float_ordered)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:133:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_UNO, float_unordered)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:134:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_UGT, float_unordered_greater_than)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:135:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_UGE, float_unordered_greater_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:136:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_ULT, float_unordered_less_than)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:137:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_ULE, float_unordered_less_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:138:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_UEQ, float_unordered_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:111:39: error: invalid types ‘int[llvm::CmpInst::Predicate]’ for array subscript
comparisonHandlers[CmpInst::constant] = \
^
../compiler/Runtime.cpp:139:3: note: in expansion of macro ‘LOAD_COMPARISON_HANDLER’
LOAD_COMPARISON_HANDLER(FCMP_UNE, float_unordered_not_equal)
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Runtime.cpp:146:3: error: ‘readMemory’ was not declared in this scope
readMemory =
^~~~~~~~~~
../compiler/Runtime.cpp:148:3: error: ‘writeMemory’ was not declared in this scope
writeMemory = import(M, "_sym_write_memory", voidT, intPtrType, intPtrType,
^~~~~~~~~~~
../compiler/Runtime.cpp:150:3: error: ‘buildInsert’ was not declared in this scope
buildInsert =
^~~~~~~~~~~
../compiler/Runtime.cpp:150:3: note: suggested alternative: ‘__builtin_sqrt’
buildInsert =
^~~~~~~~~~~
__builtin_sqrt
../compiler/Runtime.cpp:152:3: error: ‘buildExtract’ was not declared in this scope
buildExtract = import(M, "_sym_build_extract", ptrT, ptrT, IRB.getInt64Ty(),
^~~~~~~~~~~~
../compiler/Runtime.cpp:155:3: error: ‘notifyCall’ was not declared in this scope
notifyCall = import(M, "_sym_notify_call", voidT, intPtrType);
^~~~~~~~~~
../compiler/Runtime.cpp:156:3: error: ‘notifyRet’ was not declared in this scope
notifyRet = import(M, "_sym_notify_ret", voidT, intPtrType);
^~~~~~~~~
../compiler/Runtime.cpp:157:3: error: ‘notifyBasicBlock’ was not declared in this scope
notifyBasicBlock = import(M, "_sym_notify_basic_block", voidT, intPtrType);
^~~~~~~~~~~~~~~~
[3/8] Building CXX object CMakeFiles/Symbolize.dir/compiler/Symbolizer.cpp.o
FAILED: CMakeFiles/Symbolize.dir/compiler/Symbolizer.cpp.o
/usr/bin/c++ -DSymbolize_EXPORTS -isystem /usr/lib/llvm-6.0/include -std=c++17 -Wredundant-decls -Wcast-align -Wmissing-include-dirs -Wswitch-default -Wextra -Wall -Winvalid-pch -Wredundant-decls -Wformat=2 -Wmissing-format-attribute -Wformat-nonliteral -Werror -fPIC -D_GNU_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS -MD -MT CMakeFiles/Symbolize.dir/compiler/Symbolizer.cpp.o -MF CMakeFiles/Symbolize.dir/compiler/Symbolizer.cpp.o.d -o CMakeFiles/Symbolize.dir/compiler/Symbolizer.cpp.o -c ../compiler/Symbolizer.cpp
In file included from ../compiler/Symbolizer.h:24:0,
from ../compiler/Symbolizer.cpp:15:
../compiler/Runtime.h:24:24: error: ‘FunctionCallee’ in namespace ‘llvm’ does not name a type
using SymFnT = llvm::FunctionCallee;
^~~~~~~~~~~~~~
../compiler/Runtime.h:31:3: error: ‘SymFnT’ does not name a type
SymFnT buildInteger{};
^~~~~~
../compiler/Runtime.h:32:3: error: ‘SymFnT’ does not name a type
SymFnT buildInteger128{};
^~~~~~
../compiler/Runtime.h:33:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloat{};
^~~~~~
../compiler/Runtime.h:34:3: error: ‘SymFnT’ does not name a type
SymFnT buildNullPointer{};
^~~~~~
../compiler/Runtime.h:35:3: error: ‘SymFnT’ does not name a type
SymFnT buildTrue{};
^~~~~~
../compiler/Runtime.h:36:3: error: ‘SymFnT’ does not name a type
SymFnT buildFalse{};
^~~~~~
../compiler/Runtime.h:37:3: error: ‘SymFnT’ does not name a type
SymFnT buildBool{};
^~~~~~
../compiler/Runtime.h:38:3: error: ‘SymFnT’ does not name a type
SymFnT buildSExt{};
^~~~~~
../compiler/Runtime.h:39:3: error: ‘SymFnT’ does not name a type
SymFnT buildZExt{};
^~~~~~
../compiler/Runtime.h:40:3: error: ‘SymFnT’ does not name a type
SymFnT buildTrunc{};
^~~~~~
../compiler/Runtime.h:41:3: error: ‘SymFnT’ does not name a type
SymFnT buildBswap{};
^~~~~~
../compiler/Runtime.h:42:3: error: ‘SymFnT’ does not name a type
SymFnT buildIntToFloat{};
^~~~~~
../compiler/Runtime.h:43:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToFloat{};
^~~~~~
../compiler/Runtime.h:44:3: error: ‘SymFnT’ does not name a type
SymFnT buildBitsToFloat{};
^~~~~~
../compiler/Runtime.h:45:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToBits{};
^~~~~~
../compiler/Runtime.h:46:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToSignedInt{};
^~~~~~
../compiler/Runtime.h:47:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToUnsignedInt{};
^~~~~~
../compiler/Runtime.h:48:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatAbs{};
^~~~~~
../compiler/Runtime.h:49:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolAnd{};
^~~~~~
../compiler/Runtime.h:50:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolOr{};
^~~~~~
../compiler/Runtime.h:51:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolXor{};
^~~~~~
../compiler/Runtime.h:52:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolToBits{};
^~~~~~
../compiler/Runtime.h:53:3: error: ‘SymFnT’ does not name a type
SymFnT pushPathConstraint{};
^~~~~~
../compiler/Runtime.h:54:3: error: ‘SymFnT’ does not name a type
SymFnT getParameterExpression{};
^~~~~~
../compiler/Runtime.h:55:3: error: ‘SymFnT’ does not name a type
SymFnT setParameterExpression{};
^~~~~~
../compiler/Runtime.h:56:3: error: ‘SymFnT’ does not name a type
SymFnT setReturnExpression{};
^~~~~~
../compiler/Runtime.h:57:3: error: ‘SymFnT’ does not name a type
SymFnT getReturnExpression{};
^~~~~~
../compiler/Runtime.h:58:3: error: ‘SymFnT’ does not name a type
SymFnT memcpy{};
^~~~~~
../compiler/Runtime.h:59:3: error: ‘SymFnT’ does not name a type
SymFnT memset{};
^~~~~~
../compiler/Runtime.h:60:3: error: ‘SymFnT’ does not name a type
SymFnT memmove{};
^~~~~~
../compiler/Runtime.h:61:3: error: ‘SymFnT’ does not name a type
SymFnT readMemory{};
^~~~~~
../compiler/Runtime.h:62:3: error: ‘SymFnT’ does not name a type
SymFnT writeMemory{};
^~~~~~
../compiler/Runtime.h:63:3: error: ‘SymFnT’ does not name a type
SymFnT buildInsert{};
^~~~~~
../compiler/Runtime.h:64:3: error: ‘SymFnT’ does not name a type
SymFnT buildExtract{};
^~~~~~
../compiler/Runtime.h:65:3: error: ‘SymFnT’ does not name a type
SymFnT notifyCall{};
^~~~~~
../compiler/Runtime.h:66:3: error: ‘SymFnT’ does not name a type
SymFnT notifyRet{};
^~~~~~
../compiler/Runtime.h:67:3: error: ‘SymFnT’ does not name a type
SymFnT notifyBasicBlock{};
^~~~~~
../compiler/Runtime.h:71:14: error: ‘SymFnT’ was not declared in this scope
std::array<SymFnT, llvm::CmpInst::BAD_ICMP_PREDICATE>
^~~~~~
../compiler/Runtime.h:71:55: error: template argument 1 is invalid
std::array<SymFnT, llvm::CmpInst::BAD_ICMP_PREDICATE>
^
../compiler/Runtime.h:76:14: error: ‘SymFnT’ was not declared in this scope
std::array<SymFnT, llvm::Instruction::BinaryOpsEnd>
^~~~~~
../compiler/Runtime.h:76:53: error: template argument 1 is invalid
std::array<SymFnT, llvm::Instruction::BinaryOpsEnd>
^
In file included from ../compiler/Symbolizer.cpp:15:0:
../compiler/Symbolizer.h:97:28: error: ‘llvm::CallBase’ has not been declared
void handleIntrinsicCall(llvm::CallBase &I);
^~~~
../compiler/Symbolizer.h:99:27: error: ‘llvm::CallBase’ has not been declared
void handleFunctionCall(llvm::CallBase &I, llvm::Instruction *returnPoint);
^~~~
../compiler/Symbolizer.h:217:49: error: ‘SymFnT’ has not been declared
forceBuildRuntimeCall(llvm::IRBuilder<> &IRB, SymFnT function,
^~~~~~
../compiler/Symbolizer.h:230:44: error: ‘SymFnT’ has not been declared
buildRuntimeCall(llvm::IRBuilder<> &IRB, SymFnT function,
^~~~~~
../compiler/Symbolizer.h:244:44: error: ‘SymFnT’ has not been declared
buildRuntimeCall(llvm::IRBuilder<> &IRB, SymFnT function,
^~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::symbolizeFunctionArguments(llvm::Function&)’:
../compiler/Symbolizer.cpp:37:58: error: ‘const struct Runtime’ has no member named ‘getParameterExpression’
symbolicExpressions[&arg] = IRB.CreateCall(runtime.getParameterExpression,
^~~~~~~~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::insertBasicBlockNotification(llvm::BasicBlock&)’:
../compiler/Symbolizer.cpp:44:26: error: ‘const struct Runtime’ has no member named ‘notifyBasicBlock’
IRB.CreateCall(runtime.notifyBasicBlock, getTargetPreferredInt(&B));
^~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: At global scope:
../compiler/Symbolizer.cpp:179:38: error: variable or field ‘handleIntrinsicCall’ declared void
void Symbolizer::handleIntrinsicCall(CallBase &I) {
^~~~~~~~
../compiler/Symbolizer.cpp:179:38: error: ‘CallBase’ was not declared in this scope
../compiler/Symbolizer.cpp:179:48: error: ‘I’ was not declared in this scope
void Symbolizer::handleIntrinsicCall(CallBase &I) {
^
../compiler/Symbolizer.cpp:304:37: error: variable or field ‘handleFunctionCall’ declared void
void Symbolizer::handleFunctionCall(CallBase &I, Instruction *returnPoint) {
^~~~~~~~
../compiler/Symbolizer.cpp:304:37: error: ‘CallBase’ was not declared in this scope
../compiler/Symbolizer.cpp:304:47: error: ‘I’ was not declared in this scope
void Symbolizer::handleFunctionCall(CallBase &I, Instruction *returnPoint) {
^
../compiler/Symbolizer.cpp:304:62: error: expected primary-expression before ‘*’ token
void Symbolizer::handleFunctionCall(CallBase &I, Instruction *returnPoint) {
^
../compiler/Symbolizer.cpp:304:63: error: ‘returnPoint’ was not declared in this scope
void Symbolizer::handleFunctionCall(CallBase &I, Instruction *returnPoint) {
^~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitBinaryOperator(llvm::BinaryOperator&)’:
../compiler/Symbolizer.cpp:344:3: error: ‘SymFnT’ was not declared in this scope
SymFnT handler = runtime.binaryOperatorHandlers.at(I.getOpcode());
^~~~~~
../compiler/Symbolizer.cpp:351:7: error: ‘handler’ was not declared in this scope
handler = runtime.buildBoolAnd;
^~~~~~~
../compiler/Symbolizer.cpp:351:7: note: suggested alternative: ‘rand_r’
handler = runtime.buildBoolAnd;
^~~~~~~
rand_r
../compiler/Symbolizer.cpp:351:25: error: ‘const struct Runtime’ has no member named ‘buildBoolAnd’
handler = runtime.buildBoolAnd;
^~~~~~~~~~~~
../compiler/Symbolizer.cpp:354:25: error: ‘const struct Runtime’ has no member named ‘buildBoolOr’
handler = runtime.buildBoolOr;
^~~~~~~~~~~
../compiler/Symbolizer.cpp:357:25: error: ‘const struct Runtime’ has no member named ‘buildBoolXor’
handler = runtime.buildBoolXor;
^~~~~~~~~~~~
In file included from /usr/include/c++/7/cassert:44:0,
from /usr/include/llvm-6.0/llvm/Transforms/Utils/BasicBlockUtils.h:24,
from ../compiler/Symbolizer.cpp:22:
../compiler/Symbolizer.cpp:366:10: error: ‘handler’ was not declared in this scope
assert(handler && "Unable to handle binary operator");
^
../compiler/Symbolizer.cpp:366:10: note: suggested alternative: ‘rand_r’
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitSelectInst(llvm::SelectInst&)’:
../compiler/Symbolizer.cpp:378:52: error: ‘const struct Runtime’ has no member named ‘pushPathConstraint’
auto runtimeCall = buildRuntimeCall(IRB, runtime.pushPathConstraint,
^~~~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitCmpInst(llvm::CmpInst&)’:
../compiler/Symbolizer.cpp:390:3: error: ‘SymFnT’ was not declared in this scope
SymFnT handler = runtime.comparisonHandlers.at(I.getPredicate());
^~~~~~
In file included from /usr/include/c++/7/cassert:44:0,
from /usr/include/llvm-6.0/llvm/Transforms/Utils/BasicBlockUtils.h:24,
from ../compiler/Symbolizer.cpp:22:
../compiler/Symbolizer.cpp:391:10: error: ‘handler’ was not declared in this scope
assert(handler && "Unable to handle icmp/fcmp variant");
^
../compiler/Symbolizer.cpp:391:10: note: suggested alternative: ‘rand_r’
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitReturnInst(llvm::ReturnInst&)’:
../compiler/Symbolizer.cpp:408:26: error: ‘const struct Runtime’ has no member named ‘setReturnExpression’
IRB.CreateCall(runtime.setReturnExpression,
^~~~~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitBranchInst(llvm::BranchInst&)’:
../compiler/Symbolizer.cpp:421:52: error: ‘const struct Runtime’ has no member named ‘pushPathConstraint’
auto runtimeCall = buildRuntimeCall(IRB, runtime.pushPathConstraint,
^~~~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitCallInst(llvm::CallInst&)’:
../compiler/Symbolizer.cpp:437:42: error: no matching function for call to ‘Symbolizer::handleFunctionCall(llvm::CallInst&, llvm::Instruction*)’
handleFunctionCall(I, I.getNextNode());
^
In file included from ../compiler/Symbolizer.cpp:15:0:
../compiler/Symbolizer.h:99:8: note: candidate: void Symbolizer::handleFunctionCall(int&, llvm::Instruction*)
void handleFunctionCall(llvm::CallBase &I, llvm::Instruction *returnPoint);
^~~~~~~~~~~~~~~~~~
../compiler/Symbolizer.h:99:8: note: no known conversion for argument 1 from ‘llvm::CallInst’ to ‘int&’
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitInvokeInst(llvm::InvokeInst&)’:
../compiler/Symbolizer.cpp:449:66: error: no matching function for call to ‘Symbolizer::handleFunctionCall(llvm::InvokeInst&, llvm::Instruction*)’
: I.getNormalDest()->getFirstNonPHI());
^
In file included from ../compiler/Symbolizer.cpp:15:0:
../compiler/Symbolizer.h:99:8: note: candidate: void Symbolizer::handleFunctionCall(int&, llvm::Instruction*)
void handleFunctionCall(llvm::CallBase &I, llvm::Instruction *returnPoint);
^~~~~~~~~~~~~~~~~~
../compiler/Symbolizer.h:99:8: note: no known conversion for argument 1 from ‘llvm::InvokeInst’ to ‘int&’
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitLoadInst(llvm::LoadInst&)’:
../compiler/Symbolizer.cpp:465:15: error: ‘const struct Runtime’ has no member named ‘readMemory’
runtime.readMemory,
^~~~~~~~~~
../compiler/Symbolizer.cpp:471:35: error: ‘const struct Runtime’ has no member named ‘buildBitsToFloat’
data = IRB.CreateCall(runtime.buildBitsToFloat,
^~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitStoreInst(llvm::StoreInst&)’:
../compiler/Symbolizer.cpp:486:35: error: ‘const struct Runtime’ has no member named ‘buildFloatToBits’
data = IRB.CreateCall(runtime.buildFloatToBits, data);
^~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp:490:15: error: ‘const struct Runtime’ has no member named ‘writeMemory’
runtime.writeMemory,
^~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitGetElementPtrInst(llvm::GetElementPtrInst&)’:
../compiler/Symbolizer.cpp:560:26: error: ‘const struct Runtime’ has no member named ‘buildZExt’
IRB, runtime.buildZExt,
^~~~~~~~~
../compiler/Symbolizer.cpp:565:65: error: invalid types ‘const int[llvm::Instruction::BinaryOps]’ for array subscript
IRB, runtime.binaryOperatorHandlers[Instruction::Mul],
^
../compiler/Symbolizer.cpp:570:65: error: invalid types ‘const int[llvm::Instruction::BinaryOps]’ for array subscript
IRB, runtime.binaryOperatorHandlers[Instruction::Mul],
^
../compiler/Symbolizer.cpp:579:61: error: invalid types ‘const int[llvm::Instruction::BinaryOps]’ for array subscript
IRB, runtime.binaryOperatorHandlers[Instruction::Add],
^
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitBitCastInst(llvm::BitCastInst&)’:
../compiler/Symbolizer.cpp:592:39: error: ‘const struct Runtime’ has no member named ‘buildBitsToFloat’
buildRuntimeCall(IRB, runtime.buildBitsToFloat,
^~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp:601:53: error: ‘const struct Runtime’ has no member named ‘buildFloatToBits’
auto conversion = buildRuntimeCall(IRB, runtime.buildFloatToBits,
^~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitTruncInst(llvm::TruncInst&)’:
../compiler/Symbolizer.cpp:616:20: error: ‘const struct Runtime’ has no member named ‘buildTrunc’
IRB, runtime.buildTrunc,
^~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitSIToFPInst(llvm::SIToFPInst&)’:
../compiler/Symbolizer.cpp:637:37: error: ‘const struct Runtime’ has no member named ‘buildIntToFloat’
buildRuntimeCall(IRB, runtime.buildIntToFloat,
^~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitUIToFPInst(llvm::UIToFPInst&)’:
../compiler/Symbolizer.cpp:647:37: error: ‘const struct Runtime’ has no member named ‘buildIntToFloat’
buildRuntimeCall(IRB, runtime.buildIntToFloat,
^~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitFPExtInst(llvm::FPExtInst&)’:
../compiler/Symbolizer.cpp:657:37: error: ‘const struct Runtime’ has no member named ‘buildFloatToFloat’
buildRuntimeCall(IRB, runtime.buildFloatToFloat,
^~~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitFPTruncInst(llvm::FPTruncInst&)’:
../compiler/Symbolizer.cpp:666:37: error: ‘const struct Runtime’ has no member named ‘buildFloatToFloat’
buildRuntimeCall(IRB, runtime.buildFloatToFloat,
^~~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitFPToSI(llvm::FPToSIInst&)’:
../compiler/Symbolizer.cpp:675:20: error: ‘const struct Runtime’ has no member named ‘buildFloatToSignedInt’
IRB, runtime.buildFloatToSignedInt,
^~~~~~~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitFPToUI(llvm::FPToUIInst&)’:
../compiler/Symbolizer.cpp:684:20: error: ‘const struct Runtime’ has no member named ‘buildFloatToUnsignedInt’
IRB, runtime.buildFloatToUnsignedInt,
^~~~~~~~~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitCastInst(llvm::CastInst&)’:
../compiler/Symbolizer.cpp:705:22: error: ‘const struct Runtime’ has no member named ‘buildBoolToBits’
IRB, runtime.buildBoolToBits,
^~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp:710:5: error: ‘SymFnT’ was not declared in this scope
SymFnT target;
^~~~~~
../compiler/Symbolizer.cpp:714:7: error: ‘target’ was not declared in this scope
target = runtime.buildSExt;
^~~~~~
../compiler/Symbolizer.cpp:714:7: note: suggested alternative: ‘tzset’
target = runtime.buildSExt;
^~~~~~
tzset
../compiler/Symbolizer.cpp:714:24: error: ‘const struct Runtime’ has no member named ‘buildSExt’
target = runtime.buildSExt;
^~~~~~~~~
../compiler/Symbolizer.cpp:717:24: error: ‘const struct Runtime’ has no member named ‘buildZExt’
target = runtime.buildZExt;
^~~~~~~~~
../compiler/Symbolizer.cpp:724:31: error: ‘target’ was not declared in this scope
buildRuntimeCall(IRB, target,
^~~~~~
../compiler/Symbolizer.cpp:724:31: note: suggested alternative: ‘tzset’
buildRuntimeCall(IRB, target,
^~~~~~
tzset
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitInsertValueInst(llvm::InsertValueInst&)’:
../compiler/Symbolizer.cpp:755:20: error: ‘const struct Runtime’ has no member named ‘buildInsert’
IRB, runtime.buildInsert,
^~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitExtractValueInst(llvm::ExtractValueInst&)’:
../compiler/Symbolizer.cpp:768:20: error: ‘const struct Runtime’ has no member named ‘buildExtract’
IRB, runtime.buildExtract,
^~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::visitSwitchInst(llvm::SwitchInst&)’:
../compiler/Symbolizer.cpp:800:52: error: invalid types ‘const int[llvm::CmpInst::Predicate]’ for array subscript
runtime.comparisonHandlers[CmpInst::ICMP_EQ],
^
../compiler/Symbolizer.cpp:802:28: error: ‘const struct Runtime’ has no member named ‘pushPathConstraint’
IRB.CreateCall(runtime.pushPathConstraint,
^~~~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp: In member function ‘llvm::CallInst* Symbolizer::createValueExpression(llvm::Value*, llvm::IRBuilder<>&)’:
../compiler/Symbolizer.cpp:825:35: error: ‘const struct Runtime’ has no member named ‘buildNullPointer’
return IRB.CreateCall(runtime.buildNullPointer, {});
^~~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp:833:37: error: ‘const struct Runtime’ has no member named ‘buildBool’
return IRB.CreateCall(runtime.buildBool, {V});
^~~~~~~~~
../compiler/Symbolizer.cpp:835:37: error: ‘const struct Runtime’ has no member named ‘buildInteger’
return IRB.CreateCall(runtime.buildInteger,
^~~~~~~~~~~~
../compiler/Symbolizer.cpp:844:19: error: ‘const struct Runtime’ has no member named ‘buildInteger128’
runtime.buildInteger128,
^~~~~~~~~~~~~~~
../compiler/Symbolizer.cpp:852:35: error: ‘const struct Runtime’ has no member named ‘buildFloat’
return IRB.CreateCall(runtime.buildFloat,
^~~~~~~~~~
../compiler/Symbolizer.cpp:859:17: error: ‘const struct Runtime’ has no member named ‘buildInteger’
runtime.buildInteger,
^~~~~~~~~~~~
../compiler/Symbolizer.cpp:879:17: error: ‘const struct Runtime’ has no member named ‘readMemory’
runtime.readMemory,
^~~~~~~~~~
../compiler/Symbolizer.cpp: At global scope:
../compiler/Symbolizer.cpp:890:53: error: ‘SymFnT’ has not been declared
Symbolizer::forceBuildRuntimeCall(IRBuilder<> &IRB, SymFnT function,
^~~~~~
../compiler/Symbolizer.cpp: In member function ‘Symbolizer::SymbolicComputation Symbolizer::forceBuildRuntimeCall(llvm::IRBuilder<>&, int, llvm::ArrayRef<std::pair<llvm::Value*, bool> >)’:
../compiler/Symbolizer.cpp:896:53: error: no matching function for call to ‘CreateCall(int&, std::vector<llvm::Value*, std::allocator<llvm::Value*> >&)’
auto *call = IRB.CreateCall(function, functionArgs);
^
In file included from ../compiler/Symbolizer.h:19:0,
from ../compiler/Symbolizer.cpp:15:
/usr/include/llvm-6.0/llvm/IR/IRBuilder.h:1663:13: note: candidate: llvm::CallInst* llvm::IRBuilder<T, Inserter>::CreateCall(llvm::Value*, llvm::ArrayRef<llvm::Value*>, const llvm::Twine&, llvm::MDNode*) [with T = llvm::ConstantFolder; Inserter = llvm::IRBuilderDefaultInserter] <near match>
CallInst *CreateCall(Value *Callee, ArrayRef<Value *> Args = None,
^~~~~~~~~~
/usr/include/llvm-6.0/llvm/IR/IRBuilder.h:1663:13: note: conversion of argument 1 would be ill-formed:
../compiler/Symbolizer.cpp:896:53: error: invalid conversion from ‘int’ to ‘llvm::Value*’ [-fpermissive]
auto *call = IRB.CreateCall(function, functionArgs);
^
In file included from ../compiler/Symbolizer.h:19:0,
from ../compiler/Symbolizer.cpp:15:
/usr/include/llvm-6.0/llvm/IR/IRBuilder.h:1688:13: note: candidate: llvm::CallInst* llvm::IRBuilder<T, Inserter>::CreateCall(llvm::Function*, llvm::ArrayRef<llvm::Value*>, const llvm::Twine&, llvm::MDNode*) [with T = llvm::ConstantFolder; Inserter = llvm::IRBuilderDefaultInserter] <near match>
CallInst *CreateCall(Function *Callee, ArrayRef<Value *> Args,
^~~~~~~~~~
/usr/include/llvm-6.0/llvm/IR/IRBuilder.h:1688:13: note: conversion of argument 1 would be ill-formed:
../compiler/Symbolizer.cpp:896:53: error: invalid conversion from ‘int’ to ‘llvm::Function*’ [-fpermissive]
auto *call = IRB.CreateCall(function, functionArgs);
^
../compiler/Symbolizer.cpp:902:38: error: no matching function for call to ‘std::vector<Symbolizer::Input, std::allocator<Symbolizer::Input> >::push_back(<brace-enclosed initializer list>)’
inputs.push_back({arg, i, call});
^
In file included from /usr/include/c++/7/vector:64:0,
from /usr/include/c++/7/functional:61,
from /usr/include/llvm-6.0/llvm/ADT/STLExtras.h:30,
from /usr/include/llvm-6.0/llvm/ADT/StringRef.h:13,
from /usr/include/llvm-6.0/llvm/ADT/Twine.h:14,
from /usr/include/llvm-6.0/llvm/IR/BasicBlock.h:18,
from ../compiler/Symbolizer.h:18,
from ../compiler/Symbolizer.cpp:15:
/usr/include/c++/7/bits/stl_vector.h:939:7: note: candidate: void std::vector<_Tp, _Alloc>::push_back(const value_type&) [with _Tp = Symbolizer::Input; _Alloc = std::allocator<Symbolizer::Input>; std::vector<_Tp, _Alloc>::value_type = Symbolizer::Input]
push_back(const value_type& __x)
^~~~~~~~~
/usr/include/c++/7/bits/stl_vector.h:939:7: note: no known conversion for argument 1 from ‘<brace-enclosed initializer list>’ to ‘const value_type& {aka const Symbolizer::Input&}’
/usr/include/c++/7/bits/stl_vector.h:953:7: note: candidate: void std::vector<_Tp, _Alloc>::push_back(std::vector<_Tp, _Alloc>::value_type&&) [with _Tp = Symbolizer::Input; _Alloc = std::allocator<Symbolizer::Input>; std::vector<_Tp, _Alloc>::value_type = Symbolizer::Input]
push_back(value_type&& __x)
^~~~~~~~~
/usr/include/c++/7/bits/stl_vector.h:953:7: note: no known conversion for argument 1 from ‘<brace-enclosed initializer list>’ to ‘std::vector<Symbolizer::Input, std::allocator<Symbolizer::Input> >::value_type&& {aka Symbolizer::Input&&}’
../compiler/Symbolizer.cpp: In member function ‘void Symbolizer::tryAlternative(llvm::IRBuilder<>&, llvm::Value*)’:
../compiler/Symbolizer.cpp:913:67: error: invalid types ‘const int[llvm::CmpInst::Predicate]’ for array subscript
IRB.CreateCall(runtime.comparisonHandlers[CmpInst::ICMP_EQ],
^
../compiler/Symbolizer.cpp:916:17: error: ‘const struct Runtime’ has no member named ‘pushPathConstraint’
runtime.pushPathConstraint,
^~~~~~~~~~~~~~~~~~
[4/8] Building CXX object CMakeFiles/Symbolize.dir/compiler/Pass.cpp.o
FAILED: CMakeFiles/Symbolize.dir/compiler/Pass.cpp.o
/usr/bin/c++ -DSymbolize_EXPORTS -isystem /usr/lib/llvm-6.0/include -std=c++17 -Wredundant-decls -Wcast-align -Wmissing-include-dirs -Wswitch-default -Wextra -Wall -Winvalid-pch -Wredundant-decls -Wformat=2 -Wmissing-format-attribute -Wformat-nonliteral -Werror -fPIC -D_GNU_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS -MD -MT CMakeFiles/Symbolize.dir/compiler/Pass.cpp.o -MF CMakeFiles/Symbolize.dir/compiler/Pass.cpp.o.d -o CMakeFiles/Symbolize.dir/compiler/Pass.cpp.o -c ../compiler/Pass.cpp
../compiler/Pass.cpp:29:0: error: "DEBUG" redefined [-Werror]
#define DEBUG(X) \
In file included from /usr/include/llvm-6.0/llvm/IR/PassManager.h:48:0,
from /usr/include/llvm-6.0/llvm/IR/Verifier.h:25,
from ../compiler/Pass.cpp:20:
/usr/include/llvm-6.0/llvm/Support/Debug.h:118:0: note: this is the location of the previous definition
#define DEBUG(X) DEBUG_WITH_TYPE(DEBUG_TYPE, X)
In file included from ../compiler/Pass.cpp:23:0:
../compiler/Runtime.h:24:24: error: ‘FunctionCallee’ in namespace ‘llvm’ does not name a type
using SymFnT = llvm::FunctionCallee;
^~~~~~~~~~~~~~
../compiler/Runtime.h:31:3: error: ‘SymFnT’ does not name a type
SymFnT buildInteger{};
^~~~~~
../compiler/Runtime.h:32:3: error: ‘SymFnT’ does not name a type
SymFnT buildInteger128{};
^~~~~~
../compiler/Runtime.h:33:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloat{};
^~~~~~
../compiler/Runtime.h:34:3: error: ‘SymFnT’ does not name a type
SymFnT buildNullPointer{};
^~~~~~
../compiler/Runtime.h:35:3: error: ‘SymFnT’ does not name a type
SymFnT buildTrue{};
^~~~~~
../compiler/Runtime.h:36:3: error: ‘SymFnT’ does not name a type
SymFnT buildFalse{};
^~~~~~
../compiler/Runtime.h:37:3: error: ‘SymFnT’ does not name a type
SymFnT buildBool{};
^~~~~~
../compiler/Runtime.h:38:3: error: ‘SymFnT’ does not name a type
SymFnT buildSExt{};
^~~~~~
../compiler/Runtime.h:39:3: error: ‘SymFnT’ does not name a type
SymFnT buildZExt{};
^~~~~~
../compiler/Runtime.h:40:3: error: ‘SymFnT’ does not name a type
SymFnT buildTrunc{};
^~~~~~
../compiler/Runtime.h:41:3: error: ‘SymFnT’ does not name a type
SymFnT buildBswap{};
^~~~~~
../compiler/Runtime.h:42:3: error: ‘SymFnT’ does not name a type
SymFnT buildIntToFloat{};
^~~~~~
../compiler/Runtime.h:43:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToFloat{};
^~~~~~
../compiler/Runtime.h:44:3: error: ‘SymFnT’ does not name a type
SymFnT buildBitsToFloat{};
^~~~~~
../compiler/Runtime.h:45:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToBits{};
^~~~~~
../compiler/Runtime.h:46:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToSignedInt{};
^~~~~~
../compiler/Runtime.h:47:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatToUnsignedInt{};
^~~~~~
../compiler/Runtime.h:48:3: error: ‘SymFnT’ does not name a type
SymFnT buildFloatAbs{};
^~~~~~
../compiler/Runtime.h:49:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolAnd{};
^~~~~~
../compiler/Runtime.h:50:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolOr{};
^~~~~~
../compiler/Runtime.h:51:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolXor{};
^~~~~~
../compiler/Runtime.h:52:3: error: ‘SymFnT’ does not name a type
SymFnT buildBoolToBits{};
^~~~~~
../compiler/Runtime.h:53:3: error: ‘SymFnT’ does not name a type
SymFnT pushPathConstraint{};
^~~~~~
../compiler/Runtime.h:54:3: error: ‘SymFnT’ does not name a type
SymFnT getParameterExpression{};
^~~~~~
../compiler/Runtime.h:55:3: error: ‘SymFnT’ does not name a type
SymFnT setParameterExpression{};
^~~~~~
../compiler/Runtime.h:56:3: error: ‘SymFnT’ does not name a type
SymFnT setReturnExpression{};
^~~~~~
../compiler/Runtime.h:57:3: error: ‘SymFnT’ does not name a type
SymFnT getReturnExpression{};
^~~~~~
../compiler/Runtime.h:58:3: error: ‘SymFnT’ does not name a type
SymFnT memcpy{};
^~~~~~
../compiler/Runtime.h:59:3: error: ‘SymFnT’ does not name a type
SymFnT memset{};
^~~~~~
../compiler/Runtime.h:60:3: error: ‘SymFnT’ does not name a type
SymFnT memmove{};
^~~~~~
../compiler/Runtime.h:61:3: error: ‘SymFnT’ does not name a type
SymFnT readMemory{};
^~~~~~
../compiler/Runtime.h:62:3: error: ‘SymFnT’ does not name a type
SymFnT writeMemory{};
^~~~~~
../compiler/Runtime.h:63:3: error: ‘SymFnT’ does not name a type
SymFnT buildInsert{};
^~~~~~
../compiler/Runtime.h:64:3: error: ‘SymFnT’ does not name a type
SymFnT buildExtract{};
^~~~~~
../compiler/Runtime.h:65:3: error: ‘SymFnT’ does not name a type
SymFnT notifyCall{};
^~~~~~
../compiler/Runtime.h:66:3: error: ‘SymFnT’ does not name a type
SymFnT notifyRet{};
^~~~~~
../compiler/Runtime.h:67:3: error: ‘SymFnT’ does not name a type
SymFnT notifyBasicBlock{};
^~~~~~
../compiler/Runtime.h:71:14: error: ‘SymFnT’ was not declared in this scope
std::array<SymFnT, llvm::CmpInst::BAD_ICMP_PREDICATE>
^~~~~~
../compiler/Runtime.h:71:55: error: template argument 1 is invalid
std::array<SymFnT, llvm::CmpInst::BAD_ICMP_PREDICATE>
^
../compiler/Runtime.h:76:14: error: ‘SymFnT’ was not declared in this scope
std::array<SymFnT, llvm::Instruction::BinaryOpsEnd>
^~~~~~
../compiler/Runtime.h:76:53: error: template argument 1 is invalid
std::array<SymFnT, llvm::Instruction::BinaryOpsEnd>
^
In file included from ../compiler/Pass.cpp:24:0:
../compiler/Symbolizer.h:97:28: error: ‘llvm::CallBase’ has not been declared
void handleIntrinsicCall(llvm::CallBase &I);
^~~~
../compiler/Symbolizer.h:99:27: error: ‘llvm::CallBase’ has not been declared
void handleFunctionCall(llvm::CallBase &I, llvm::Instruction *returnPoint);
^~~~
../compiler/Symbolizer.h:217:49: error: ‘SymFnT’ has not been declared
forceBuildRuntimeCall(llvm::IRBuilder<> &IRB, SymFnT function,
^~~~~~
../compiler/Symbolizer.h:230:44: error: ‘SymFnT’ has not been declared
buildRuntimeCall(llvm::IRBuilder<> &IRB, SymFnT function,
^~~~~~
../compiler/Symbolizer.h:244:44: error: ‘SymFnT’ has not been declared
buildRuntimeCall(llvm::IRBuilder<> &IRB, SymFnT function,
^~~~~~
../compiler/Pass.cpp: In member function ‘virtual bool SymbolizePass::runOnFunction(llvm::Function&)’:
../compiler/Pass.cpp:68:29: error: ‘class llvm::Function’ has no member named ‘getInstructionCount’; did you mean ‘getEntryCount’?
allInstructions.reserve(F.getInstructionCount());
^~~~~~~~~~~~~~~~~~~
getEntryCount
cc1plus: all warnings being treated as errors
ninja: build stopped: subcommand failed.
and here is my enviroment
gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)
llvm-config --version: 9.0.0
clang version 9.0.0
Thanks !
PC/eip is not updated within a basic block
QEMU does not update the pc within a basic block at runtime. Specifically,
-
Instructions in one basic block will have the same pc as the first instruction.
-
Blocks that are patched together by a jump instruction will have the same pc, i.e., pc will be not updated by the jump.
QEMU might do this for a better performance. but the pc is used by the backend for branch filtering and basic block pruning, an accurate pc can lead to better pruning results.
I have a fix in this commit. Please let me know if it makes sense.
Thank you!
make error
../configure --disable-werror --enable-system --symcc-source=/home/ubuntu/symcc --symcc-build=/home/ubuntu/symcc/build
make
error:
ubuntu@ubuntu-B365-N:~/symqemu/build$ make
GEN docs/version.texi
GEN qemu-doc.html
GEN qemu-doc.txt
GEN docs/interop/qemu-qmp-ref.html
GEN docs/interop/qemu-qmp-ref.txt
GEN docs/interop/qemu-ga-ref.html
GEN docs/interop/qemu-ga-ref.txt
CC block.o
LINK qemu-nbd
LINK qemu-img
LINK qemu-io
GEN aarch64-softmmu/config-devices.h
GEN aarch64-softmmu/config-target.h
GEN trace/generated-helpers.c
/home/ubuntu/symqemu/scripts/tracetool/init.py:456: SyntaxWarning: "is" with a literal. Did you mean "=="?
if len(format) is 0:
/home/ubuntu/symqemu/scripts/tracetool/init.py:461: SyntaxWarning: "is" with a literal. Did you mean "=="?
if len(backends) is 0:
LINK aarch64-softmmu/symqemu-system-aarch64
GEN alpha-softmmu/config-devices.h
GEN alpha-softmmu/config-target.h
CC alpha-softmmu/tcg/tcg.o
In file included from /usr/include/sched.h:29,
from /usr/include/pthread.h:22,
from /usr/include/glib-2.0/glib/deprecated/gthread.h:124,
from /usr/include/glib-2.0/glib.h:112,
from /home/ubuntu/symqemu/include/glib-compat.h:32,
from /home/ubuntu/symqemu/include/qemu/osdep.h:140,
from /home/ubuntu/symqemu/tcg/tcg.c:28:
/home/ubuntu/symqemu/tcg/tcg.c: In function ‘tcg_context_init’:
/home/ubuntu/symqemu/tcg/tcg.c:1000:9: error: ‘ArchCPU’ {aka ‘AlphaCPU’} has no member named ‘env_exprs’
1000 | offsetof(ArchCPU, env_exprs) - offsetof(ArchCPU, env), "env");
| ^~~~~~~~
make[1]: *** [/home/ubuntu/symqemu/rules.mak:69: tcg/tcg.o] Error 1
make: *** [Makefile:472: alpha-softmmu/all] Error 2
Segmentation fault when commenting a tcgv_i64_expr_num
As far as I know, if I comment the lines 4-5,
1. static inline void tcg_gen_mov_i64(TCGv_i64 ret, TCGv_i64 arg)
2. {
3. if (ret != arg) {
4. tcg_gen_op2_i64(INDEX_op_mov_i64, tcgv_i64_expr_num(ret),
5. tcgv_i64_expr_num(arg));
6. tcg_gen_op2_i64(INDEX_op_mov_i64, ret, arg);
7. }
8. }the Qemu shouldn't crash, but I would get the wrong result from symqemu instead. but I got the segmentation fault message :
echo test | x86_64-linux-user/symqemu-x86_64 ./a.out
This is SymCC running with the QSYM backend
/........./symqemu/tcg/tcg.c:3312: tcg fatal error
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
[1] 91043 done echo test |
91044 segmentation fault (core dumped) x86_64-linux-user/symqemu-x86_64 ./a.outWould appreciate if you could provide me with some guidance on how I can enable/disable some parts of the TCG generation in Symqemu.
Support system mode
Dear maintainers, the tool is awesome.
I've been analyzing ARM firmware recently. If I want to enable symbolic execution in ARM full-system mode, what modifications and support do we need for symqemu?
Muluh symbolic value is concretized
Symqemu defines a symbolic helper for muluh_i64:
void *HELPER(sym_muluh_i64)(uint64_t arg1, void *arg1_expr,
uint64_t arg2, void *arg2_expr)
{
BINARY_HELPER_ENSURE_EXPRESSIONS;
assert(_sym_bits_helper(arg1_expr) == 64 &&
_sym_bits_helper(arg2_expr) == 64);
void *full_result = _sym_build_mul(_sym_build_zext(arg1_expr, 64),
_sym_build_zext(arg2_expr, 64));
return _sym_extract_helper(full_result, 127, 64);
}
Which seems ok. When, e.g., mulu2_i64 is met, this is the instrumentation:
TCGv_i64 t0 = tcg_temp_new_i64();
tcg_gen_mul_i64(t0, arg1, arg2);
gen_helper_sym_muluh_i64(tcgv_i64_expr(rh),
arg1, tcgv_i64_expr(arg1),
arg2, tcgv_i64_expr(arg2));
gen_helper_muluh_i64(rh, arg1, arg2);
tcg_gen_mov_i64(rl, t0);
tcg_temp_free_i64(t0);
Which should be ok. However, gen_helper_muluh_i64 indirectly executes tcg_gen_callN which performs:
if (ret != NULL && ret->symbolic_expression == 0) {
/* This is an unhandled helper; we concretize, i.e., the expression for
* the result is NULL */
tcg_gen_op2i_i64(INDEX_op_movi_i64, temp_tcgv_i64(temp_expr(ret)), 0);
}
that will concretize the symbolic value generated by the symbolic helper. Am I wrong?
If I am not wrong, we could just add a check for this special case, e.g.:
if (ret != NULL
&& ret->symbolic_expression == 0
// helper_sym_muluh_i64 will take care of the return
// symbolic value of helper_muluh_i64
&& func != helper_muluh_i64) {
Let me know what do you think. I can make a PR.
Support of TCG variables of type i128
I'm merging to QEMU 8.2.1, and now i128 seems to be a real-world problem, which makes the statement in Damien's thesis page 111 invalid now.
Now it's used even for very simple test cases like printf and simple, because instructions like MOVDQ use i128 directly.
I'm not sure how much work is required to make the change to support wider tcg_temp, I started working on it.
If I can make it work, I'll include it with the PR for the merge mentioned above.
Can't build arm-linux-user in the lastest symqemu
Sorry to bother you again.
below the picture is the error of my situation:
I would't meet this error while building x86_64-linux-user .
What can i do to resolve this question? Thanks a lot!
Cannot compile with gcc-10/9
Hi!
I am trying to compile with gcc-10 and get the following error:
/home/vishnya/fwork/symcc/build/SymRuntime-prefix/src/SymRuntime-build/libSymRuntime.so: undefined reference to `std::experimental::filesystem::v1::status(std::experimental::filesystem::v1::__cxx11::path const&)'
/home/vishnya/fwork/symcc/build/SymRuntime-prefix/src/SymRuntime-build/libSymRuntime.so: undefined reference to `std::experimental::filesystem::v1::__cxx11::path::_M_split_cmpts()'
collect2: error: ld returned 1 exit status
What toolchain do you use?
[Feature] MIPS full-system mode
Dear author,
You have developed a great tool, now I want to use this to do the whole system simulation of MIPS architecture, does this tool support this function?
Using LD_LIBRARY_PATH
Hi!
I am running symqemu on binary requiring LD_LIBRARY_PATH. Will LD_LIBRARY_PATH=lib SYMCC_INPUT_FILE=file x86_64-linux-user/symqemu-x86_64 ./a.out file work?
I am trying with and without LD_LIBRARY_PATH. It works both ways without any error messages. I cannot tell if it is working correctly.
Also, is there a way to turn off optimistic solving?
Concretize the result of CLZ and CTZ
SymQEMU does not provide helpers for {clz, ctz}_i{32, 64}. Meanwhile we integrate such helpers, we should at least concretize the symbolic expression of the output value. For instance, from:
tcg_gen_op3_i64(INDEX_op_clz_i64, ret, arg1, arg2);
to:
tcg_gen_op2i_i64(INDEX_op_movi_i64, tcgv_i64_expr_num(ret), 0);
tcg_gen_op3_i64(INDEX_op_clz_i64, ret, arg1, arg2);
Let me know if this fix can be a valid PR or how to improve it.
Setcond handling
For instance, let us consider the handling of setcond_i32:
tcg_gen_op4i_i32(INDEX_op_setcond_i32, ret, arg1, arg2, cond);
TCGv_i32 cond_temp = tcg_const_i32(cond);
gen_helper_sym_setcond_i32(
tcgv_i32_expr(ret), cpu_env,
arg1, tcgv_i32_expr(arg1),
arg2, tcgv_i32_expr(arg2),
cond_temp, ret);
tcg_temp_free_i32(cond_temp);
This code first executes the concrete computation and then performs the symbolic reasoning. However, when ret is the same TCG temp of arg1 or arg2 there is a problem: the concrete value of arg1 or arg2 taken by the symbolic helper has been already updated by the concrete computation.
To fix this problem, we can make a copy of arg1 or arg2 in case of aliasing with ret to preserve the original value. Let me know if this a reasonable PR or how to improve it.
atoi() is not solved
Example:
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <ctype.h>
#define bail(msg, pos) \
while (1) { \
\
fprintf(stderr, "%s at %u\n", (char *)msg, (uint32_t)pos); \
return 0; \
\
}
int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
uint8_t buff[100];
if (len < 8) bail("too short", 0);
if (len > sizeof(buff)) bail("too long", sizeof(buff));
memcpy(buff, buf, len);
buff[sizeof(buff) - 1] = 0;
// string to int
if (atoi((char *)buff) != 66766) bail("wrong string", 0);
abort();
return 0;
}
int main(int argc, char **argv) {
unsigned char buf[64];
ssize_t len;
int fd = 0;
if (argc > 1) fd = open(argv[1], O_RDONLY);
if ((len = read(fd, buf, sizeof(buf))) <= 0) exit(0);
LLVMFuzzerTestOneInput(buf, len);
exit(0);
}
# gcc -o test -g test.c
# echo AAAAAAAAAAAAAAAAAAAAA|symqemu-x86_64 ./test
[STAT] SMT: { "solving_time": 0, "total_time": 65148 }
[STAT] SMT: { "solving_time": 4651 }
[INFO] New testcase: /tmp/output/000000
[...]
[INFO] New testcase: /tmp/output/000028-optimistic
[STAT] SMT: { "solving_time": 120114, "total_time": 560178 }
[STAT] SMT: { "solving_time": 121562 }
[STAT] SMT: { "solving_time": 121562, "total_time": 562343 }
[STAT] SMT: { "solving_time": 255014 }
but none of the 29 generated inputs contain the correct value:
# for i in /tmp/output/*; do hexdump -C $i;done|grep 00000000
00000000 be 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |.AAAAAAAAAAAAAAA|
00000000 00 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |.AAAAAAAAAAAAAAA|
00000000 2d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |-AAAAAAAAAAAAAAA|
00000000 2b 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |+AAAAAAAAAAAAAAA|
00000000 30 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |0AAAAAAAAAAAAAAA|
00000000 00 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |.AAAAAAAAAAAAAAA|
00000000 30 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |0AAAAAAAAAAAAAAA|
00000000 be 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |.AAAAAAAAAAAAAAA|
00000000 be 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |.AAAAAAAAAAAAAAA|
00000000 41 41 41 41 41 41 41 41 80 4e 80 00 40 00 00 00 |AAAAAAAA.N..@...|
00000000 41 41 41 41 41 41 41 41 76 4e 80 00 40 00 00 00 |AAAAAAAAvN..@...|
00000000 41 41 41 41 41 41 41 41 2e 20 00 00 40 00 00 00 |AAAAAAAA. ..@...|
00000000 41 41 41 41 41 41 41 41 01 c8 a4 9d 18 00 00 00 |AAAAAAAA........|
00000000 41 41 41 41 41 41 41 41 7f 2e 80 00 40 00 00 00 |AAAAAAAA....@...|
00000000 41 41 41 41 41 41 41 41 7f 2e 80 00 40 00 00 00 |AAAAAAAA....@...|
00000000 41 41 41 41 41 41 41 41 7f 2e 80 00 40 00 00 00 |AAAAAAAA....@...|
00000000 41 41 41 41 41 41 41 41 7f 2e 80 00 40 00 00 00 |AAAAAAAA....@...|
00000000 41 41 41 41 41 41 41 41 7f 2e 80 00 40 00 00 00 |AAAAAAAA....@...|
00000000 41 41 41 41 41 41 41 41 74 4e 80 00 40 00 00 00 |AAAAAAAAtN..@...|
00000000 41 41 41 41 41 41 41 41 74 4e 80 00 40 00 00 00 |AAAAAAAAtN..@...|
00000000 41 41 41 41 41 41 41 41 f9 1f 00 00 40 00 00 00 |AAAAAAAA....@...|
00000000 41 41 41 41 41 41 41 41 7f 2e 80 00 40 00 00 00 |AAAAAAAA....@...|
00000000 41 41 41 41 41 41 41 41 7f 2e 80 00 40 00 00 00 |AAAAAAAA....@...|
00000000 41 41 41 41 41 41 41 41 7f 2e 80 00 40 00 00 00 |AAAAAAAA....@...|
00000000 41 41 41 41 41 41 41 41 6f 4e 80 00 40 00 00 00 |AAAAAAAAoN..@...|
00000000 00 00 00 00 41 41 41 41 ee ff ff ff 41 41 41 41 |....AAAA....AAAA|
00000000 00 00 00 00 41 41 41 41 ee ff ff ff 41 41 41 41 |....AAAA....AAAA|
00000000 41 00 00 00 41 41 41 41 80 2e 80 00 40 00 00 00 |A...AAAA....@...|
00000000 00 00 00 00 41 41 41 41 ee ff ff ff 41 41 41 41 |....AAAA....AAAA|
why is this the case?
symqemu can not run normally on program which call mmap to read file
i wanto use symqemu to find new paths on freetype-demos ftbench program,but it can't run symbolic execution properly.I have set the environment variables correctly.I use /bin/cat to test,it runs normally.
However,when i use ftbench program,it doesn't run normally.
Finally,i try to debug the program,i find it can not call sym_make_symbolic function,because the ftbench program use mmap to read file.
please provide a Dockerfile
... that has symcc included to simply run this :)
nil pointer of _sym_expr
I'm currently reading the source code of symqemu to understand how it works by printing some information about the instrumented symbolic expressions.
// In accel/tcg/tcg-runtime-sym.c
// Here I try to print arg1_expr and arg2_expr
static void *sym_setcond_internal(CPUArchState *env,
uint64_t arg1, void *arg1_expr,
uint64_t arg2, void *arg2_expr,
int32_t cond, uint64_t result,
uint8_t result_bits)
{
printf("[debug] In Runtime: pc:0x%lx,expr1:%p,expr2:%p\n",get_pc(env),arg1_expr,arg2_expr);
BINARY_HELPER_ENSURE_EXPRESSIONS;
printf("[debug] calling sym_setcond_internal...success!\n");
printf("[debug] After ensure_expr: expr1:%p,expr2:%p\n",arg1_expr,arg2_expr);
printf("arg1 expr:%s\n",_sym_expr_to_string(arg1_expr));
printf("arg2 expr:%s\n",_sym_expr_to_string(arg2_expr));
...However, when I run the modified symqemu on arbitrary binary, I noticed there are lots of nil pointers:
I wonder why would that happen? What does it mean when a sym_expr is nil? Does it mean that symqemu fails to build symbolic expressions for some variables in tcg ir?
Error on build
recipe for target 'tcg/tcg.o' failed
I got an error when compiling symqume, and I searched google but no luck. Thanks!
make[1]: Leaving directory '/home/ubuntu/sym/symqume/symqemu/slirp'
LEX convert-dtsv0-lexer.lex.c
make[1]: flex: Command not found
BISON dtc-parser.tab.c
make[1]: bison: Command not found
LEX dtc-lexer.lex.c
make[1]: flex: Command not found
CC alpha-softmmu/tcg/tcg.o
In file included from /usr/include/sched.h:29:0,
from /usr/include/pthread.h:23,
from /usr/include/glib-2.0/glib/deprecated/gthread.h:128,
from /usr/include/glib-2.0/glib.h:108,
from /home/ubuntu/sym/symqume/symqemu/include/glib-compat.h:32,
from /home/ubuntu/sym/symqume/symqemu/include/qemu/osdep.h:140,
from /home/ubuntu/sym/symqume/symqemu/tcg/tcg.c:28:
/home/ubuntu/sym/symqume/symqemu/tcg/tcg.c: In function ‘tcg_context_init’:
/home/ubuntu/sym/symqume/symqemu/tcg/tcg.c:1000:9: error: ‘ArchCPU {aka struct AlphaCPU}’ has no member named ‘env_exprs’
offsetof(ArchCPU, env_exprs) - offsetof(ArchCPU, env), "env");
^
/home/ubuntu/sym/symqume/symqemu/rules.mak:69: recipe for target 'tcg/tcg.o' failed
Missing arithmetic operations in constraints
Hi, we tried to execute a simple program with symqemu:
#include <unistd.h>
#include <stdint.h>
static int8_t g_36 = 0;
static uint16_t g_431 = 3;
static int16_t func_20();
static int32_t func_1()
{
int32_t l_458 = 4;
l_458 = func_20(2, g_36 ^ (- 56 * g_431) % (uint32_t)-1L) != (g_431 >> 2 < 2 < 0 && 5);
}
static int16_t func_20(int32_t p_21, uint32_t p_22)
{
return p_22;
}
int main () {
read(STDIN_FILENO, &g_36, sizeof(g_36));
read(STDIN_FILENO, &g_431, sizeof(g_431));
func_1();
}However, we found that given the input where g_36 = 0 and g_431 = 0, the generated constraint were different from what we expected:
// command: command: cat test0.input | ./symqemu/build_simple/x86_64-linux-user/symqemu-x86_64 testcase.out
(set-logic QF_AUFBV)
(declare-fun g_431$0 () (_ BitVec 8))
(declare-fun g_431$1 () (_ BitVec 8))
(declare-fun g_36$0 () (_ BitVec 8))
// assert (g_431 >> 2 < 2)
(assert (let ((a!1 (concat ((_ extract 31 0)
(bvashr (concat #x0000 g_431$1 g_431$0 #x00000000)
#x0000000000000022))
#x00000000)))
(not (bvsle #x0000000000000002 (bvashr a!1 #x0000000000000020)))))
// assert (g_431 >> 2 < 2 >= 0)
(assert (let ((a!1 (concat ((_ extract 31 0)
(bvashr (concat #x0000 g_431$1 g_431$0 #x00000000)
#x0000000000000022))
#x00000000)))
(let ((a!2 (concat #b0000000000000000000000000000000
(ite (bvsle #x0000000000000002
(bvashr a!1 #x0000000000000020))
#b0
#b1)
#x00000000)))
(bvsle #x0000000000000000 (bvashr a!2 #x0000000000000020)))))
// cannot understand the following constraints regarding g_36
// no multiplication and modules operations are found
(assert (let ((a!1 (bvashr (concat #xff
((_ extract 7 7) g_36$0)
(bvnot ((_ extract 6 6) g_36$0))
((_ extract 5 5) g_36$0)
(bvnot ((_ extract 4 3) g_36$0))
((_ extract 2 0) g_36$0)
#x000000000000)
#x0000000000000030)))
(let ((a!2 ((_ extract 31 0)
(bvashr (concat ((_ extract 15 0) a!1) #x000000000000)
#x0000000000000030))))
(not (= a!2 #x00000000)))))
(check-sat)
(exit)For example, we cannot find the corresponding multiplication operation and modulus operation in the constraint. Can you kindly explain why? Is this as expected or a bug?
Further, I logged the result of each cmp instruction. When given the input g_36 = 1 and g_431 = 0, the executable takes exactly the same branches at each cmp instruction, however, the generated constraints are not the same as above.
// command: cat test3.input | ./symqemu/build_simple/x86_64-linux-user/symqemu-x86_64 testcase.out
(set-logic QF_AUFBV)
(declare-fun g_431$0 () (_ BitVec 8))
(declare-fun g_431$1 () (_ BitVec 8))
(declare-fun g_36$0 () (_ BitVec 8))
// assert (g_431 >> 2 < 2)
(assert (let ((a!1 (concat ((_ extract 31 0)
(bvashr (concat #x0000 g_431$1 g_431$0 #x00000000)
#x0000000000000022))
#x00000000)))
(not (bvsle #x0000000000000002 (bvashr a!1 #x0000000000000020)))))
// assert (g_431 >> 2 < 2 >= 0)
(assert (let ((a!1 (concat ((_ extract 31 0)
(bvashr (concat #x0000 g_431$1 g_431$0 #x00000000)
#x0000000000000022))
#x00000000)))
(let ((a!2 (concat #b0000000000000000000000000000000
(ite (bvsle #x0000000000000002
(bvashr a!1 #x0000000000000020))
#b0
#b1)
#x00000000)))
(bvsle #x0000000000000000 (bvashr a!2 #x0000000000000020)))))
// not the same as above, even always take the same branch
(assert (let ((a!1 (concat ((_ extract 15 0)
(bvashr (concat #x00 g_36$0 #x000000000000)
#x0000000000000030))
#x000000000000)))
(not (= ((_ extract 31 0) (bvashr a!1 #x0000000000000030)) #x00000000))))
(check-sat)
(exit)I'm wondering if symqemu mis-handles the multiplication operation and modulus operation.
The source code is compiled with clang-10 with option -O0. The compiled executable file and inputs to generated the above constraints are attached. output-186.zip
Thanks.
The idv/idiv instruction is not handled correctly
We found a possible bug while using symqemu to execute following program:
#include <unistd.h>
#include "csmith.h"
/* --- GLOBAL VARIABLES --- */
static uint16_t g_5[4] = {2,2,6,2};
static int16_t g_81 = 5;
static int32_t g_318 = 6;
/* --- FORWARD DECLARATIONS --- */
static uint32_t func_1();
static uint8_t func_2(int16_t p_3, uint16_t p_4);
static uint32_t func_1()
{ /* block id 0 */
int32_t *l_317 = &g_318;
*l_317 = func_2(g_5, g_5[3]) != 0;
}
static uint8_t func_2(int16_t p_3, uint16_t p_4)
{ /* block id 1 */
if (g_5[3])
{ /* block id 3 */
int32_t l_152[7][2] ;
l_152[6][0] = 0 > (5 % (0 , p_4) != g_81);
}
}
/*
*/
void main ()
{
read(STDIN_FILENO, &g_5, sizeof(g_5));
read(STDIN_FILENO, &g_81, sizeof(g_81));
read(STDIN_FILENO, &g_318, sizeof(g_318));
int print_hash_value = 0;
func_1();
exit(0);
}If we compile this code with clang-10, the % operation at line 21 will be trasnlated into idiv assembly instruction.
.text:0000000000401210 55 push rbp
.text:0000000000401211 48 89 E5 mov rbp, rsp
.text:0000000000401214 66 89 7D FC mov [rbp+var_4], di
.text:0000000000401218 66 89 75 FA mov [rbp+var_6], si
.text:000000000040121C 66 83 3C 25 3E 40 40 00+ cmp word_40403E, 0
.text:0000000000401225 0F 84 3D 00 00 00 jz loc_401268
.text:000000000040122B 31 C0 xor eax, eax
.text:000000000040122D 0F B7 4D FA movzx ecx, [rbp+var_6]
.text:0000000000401231 BA 05 00 00 00 mov edx, 5
.text:0000000000401236 89 45 BC mov [rbp+var_44], eax
.text:0000000000401239 89 D0 mov eax, edx
.text:000000000040123B 99 cdq
.text:000000000040123C F7 F9 idiv ecx
.text:000000000040123E 0F BF 0C 25 40 40 40 00 movsx ecx, g_81
.text:0000000000401246 39 CA cmp edx, ecx
.text:0000000000401248 40 0F 95 C6 setnz sil
.text:000000000040124C 40 80 E6 01 and sil, 1
.text:0000000000401250 40 0F B6 CE movzx ecx, sil
.text:0000000000401254 8B 55 BC mov edx, [rbp+var_44]
.text:0000000000401257 39 CA cmp edx, ecx
.text:0000000000401259 40 0F 9F C6 setnle sil
.text:000000000040125D 40 80 E6 01 and sil, 1
.text:0000000000401261 40 0F B6 CE movzx ecx, sil
.text:0000000000401265 89 4D F0 mov [rbp+var_10], ecx
However, we noticed that the idiv instruction will be translated into a function call to idivl_EAX by QEMU (see the translation), and this kind of translation is not handled by symqemu, i.e., the divisor and dividend are treated as concrete values, the tcg_gen_div_i32 function defined at tcg-op.c is not used.
For example, the above idiv ecx instruction will be converted to following tcg ops by symqemu:
...
---- 000000000040123b 0000000000000031
movi_i64 tmp12,$0x4 pref=0x40
call sym_sext,$0x5,$1,tmp0_expr,rax_expr,tmp12 dead: 1 2 pref=none
movi_i64 tmp12_expr,$0x0 pref=0x2
movi_i64 tmp12,$0x1f pref=0x4
call sym_arithmetic_shift_right_i64,$0x5,$1,tmp0_expr,rdx,tmp0_expr,tmp12,tmp12_expr dead: 1 2 3 4 pref=none
movi_i64 tmp12,$0x4 pref=0x40
call sym_zext,$0x5,$1,rdx_expr,tmp0_expr,tmp12 sync: 0 dead: 0 1 2 pref=none
movi_i64 rdx,$0x0 sync: 0 dead: 0 pref=0xffff
---- 000000000040123c 0000000000000031
call idivl_EAX,$0x0,$0,env,rcx dead: 0 1
---- 000000000040123e 0000000000000031
movi_i64 tmp2_expr,$0x0 pref=0xf038
movi_i64 tmp2,$0x404040 pref=0xf038
qemu_ld_i64 tmp0,tmp2,lesw,0 pref=0xf038
movi_i64 tmp12,$0x0 pref=0x100
movi_i64 tmp13,$0x2 pref=0x2
call sym_load_guest_i64,$0x1,$1,tmp0_expr,env,tmp2,tmp2_expr,tmp13,tmp12 dead: 2 3 4 5 pref=none
movi_i64 tmp12,$0x4 pref=0x40
call sym_zext,$0x5,$1,rcx_expr,tmp0_expr,tmp12 dead: 1 2 pref=none
ext32u_i64 rcx,tmp0 dead: 1 pref=0xf03c
...
The rdx will be updated by idivl_EAX, but the rdx_expr is not updated, so the symbolic chain is broken, and some variables become constant in constraints generated by symqemu.
The same issue exists for the div instruction.
Wrong site_id in notify BB
The current code in gen_tb_start:
TCGv_i64 block = tcg_const_i64((uint64_t)tb);
uses as site_id the address of struct TB. This address does not reflect the address of the original BB. The resulting side effect is that the bitmap built by the SymCC runtime may be wrong: the address of the TB may change across runs.
One possible fix could this one. Let me know how to improve it.
sym_load_guest_internal does not distinguish signed and unsigned values
We found that the movsx assembly instruction is not correctly translated by syqemu. More specifically, the movsx istruction copies the contents of the source operand to the destination operand with sign extension, however, the translated tcg ops conduct a zero extension, as shown below:
// g_26 is an int8_t variable
// the value of g_26 is 0xae
0x40126D: movsx r9d, g_26
// will be translated into -->
---- 000000000040126d 0000000000000018
movi_i64 tmp2_expr,$0x0
movi_i64 tmp2,$0x404044
qemu_ld_i64 tmp0,tmp2,sb,0
movi_i64 tmp12_expr,$0x0
movi_i64 tmp12,$0x0
movi_i64 tmp13_expr,$0x0
movi_i64 tmp13,$0x1
call sym_load_guest_i64,$0x1,$1,tmp0_expr,env,tmp2,tmp2_expr,tmp13,tmp12
movi_i64 tmp12_expr,$0x0
movi_i64 tmp12,$0x4
call sym_zext,$0x5,$1,r9_expr,tmp0_expr,tmp12
ext32u_i64 r9,tmp0
The sym_zext and ext32u_i64 at the end is inconsitent with the semantic of movsx instruction and could lead to inaccurate symbolic constraints.
After cheking the source code of symqemu, we found that the sym_load_guest_internal function does not distinguish between the signed value and the unsigned value and it will zero extend the loaded value whenever the load_length is not equal to result_length. This behavior is unusual and potentially buggy.
Compilation fails
I follow the README but compilation fails:
$ cd /
$ git clone --depth=1 https://github.com/eurecom-s3/symcc
$ cd symcc
$ git submodule update --init && mkdir build && cd build
$ cmake -G Ninja -DQSYM_BACKEND=ON -DZ3_TRUST_SYSTEM_VERSION=on ..
$ ninja
$ cargo install --path util/symcc_fuzzing_helper
[this all succeeds]
$ git clone --depth=1 https://github.com/eurecom-s3/symqemu
$ cd symqemu
$ ./configure --audio-drv-list= --disable-bluez --disable-sdl --disable-gtk --disable-vte --disable-opengl --disable-virglrenderer --target-list=x86_64-linux-user --disable-werror --enable-capstone=git --symcc-source=/symcc/ --symcc-build=/symcc/build
[...]
$ make
[...]
CC x86_64-linux-user/trace/control-target.o
CC x86_64-linux-user/gdbstub-xml.o
CC x86_64-linux-user/trace/generated-helpers.o
LINK x86_64-linux-user/symqemu-x86_64
/usr/bin/ld: accel/tcg/tcg-runtime-sym.o: in function `sym_setcond_internal':
/symcc/symqemu/accel/tcg/tcg-runtime-sym.c:618: undefined reference to `_sym_build_bool_to_bits'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:209: symqemu-x86_64] Error 1
make: *** [Makefile:472: x86_64-linux-user/all] Error 2
Symbolization of QEMU helpers with SymCC
SymQEMU ignores the effects of most QEMU helpers. Some of them, especially on i386/x86_64, are quite common when analyzing real-world programs. Manually writing symbolic helpers is quite hard in several most cases. Hence, another approach could be:
-
Build a dynamic library (e.g.,
libsymhelpers.so) containing the code of the QEMU helpers instrumented with SymCC. -
Modify the build configuration of QEMU to (optionally) link this library`
-
If the library is found at
configuretime, then a macroCONFIG_SYM_HELPERSis set, which enables a few changes in, e.g.,target/i386/translate.c. For instance:-
Helpers that only read/write XMM registers: we can just make a call to our symbolized version since each XMM register is modeled by QEMU as a buffer in memory and thus SymCC can naturally cope with the accesses to these buffers. The arguments of the helper will be pointers to the buffers, hence, before we call our symbolized helper, we still have to call another helper that concretizes the arguments: it should call
_sym_set_parameter_expression(N, NULL). -
Helpers that also read/write general-purpose registers: the idea is pretty much the same with the exception that (a) before calling our symbolized helper we have to call a helper that calls
_sym_set_parameter_expression(N, expr)to propagate the expressions of the symbolic TCG temps to the symbolic arguments, (b) after the call, we have to call a helper that retrieves the symbolic return expression with_sym_get_return_expression()and propagates it to the output TCG temp that should contain the resulting symbolic expression.
-
If the helper has an output value we have to skip the concretization performed by tcg_gen_callN.
What do you think?
We already have a PoC of this strategy in one fork of SymQEMU that we can show. However, before making a PR, I believe it makes to see if this is an approach that we actually want to consider since there are a few downsides (besides the changes in translate.c, we also have to tinker with the build workflow since our library requires a few headers generated during the QEMU build process).
wrong symbolic branch address used in backend
Hi,
I noticed that when invoking get_pc(env) at sym_setcond_internal. The result of get_pc(env) is the old pc from the previous tb. I tried to update. Could you help me to verify my fix at sgzeng@405f432 Thanks!
can't build xxx-softmmu
i can't build x86_64-softmmu,here is some question report:
how can i resolve this question? or can u show me the way to build x86_64/arm-softmmu? Thanks anyway!
Symqemu raise SIGSEGV
I use the following command to test a simple c++ program
echo "2" | x86_64-linux-user/qemu-x86_64 /tmp/test.outHowever, the qemu process crashes after generating several testcases:
...
[INFO] New testcase: /tmp/output/000010-optimistic
[STAT] SMT: { "solving_time": 23999, "total_time": 95028 }
[STAT] SMT: { "solving_time": 24114 }
[STAT] SMT: { "solving_time": 24114, "total_time": 95333 }
[STAT] SMT: { "solving_time": 24200 }
[INFO] New testcase: /tmp/output/000011-optimistic
[STAT] SMT: { "solving_time": 24200, "total_time": 96206 }
[STAT] SMT: { "solving_time": 24324 }
[STAT] SMT: { "solving_time": 24324, "total_time": 96524 }
[STAT] SMT: { "solving_time": 24410 }
[INFO] New testcase: /tmp/output/000012-optimistic
[STAT] SMT: { "solving_time": 24410, "total_time": 97448 }
[STAT] SMT: { "solving_time": 24536 }
[STAT] SMT: { "solving_time": 24536, "total_time": 97777 }
[STAT] SMT: { "solving_time": 25712 }
[INFO] New testcase: /tmp/output/000013-optimistic
[STAT] SMT: { "solving_time": 25712, "total_time": 99812 }
[STAT] SMT: { "solving_time": 25843 }
[STAT] SMT: { "solving_time": 25843, "total_time": 100138 }
[STAT] SMT: { "solving_time": 26948 }
[INFO] New testcase: /tmp/output/000014-optimistic
[STAT] SMT: { "solving_time": 26948, "total_time": 102200 }
[STAT] SMT: { "solving_time": 27032 }
[STAT] SMT: { "solving_time": 27032, "total_time": 102477 }
[STAT] SMT: { "solving_time": 27100 }
qemu-x86_64: QEMU internal SIGSEGV {code=MAPERR, addr=0x14}
fish: Process 24522, 'x86_64-linux-user/qemu-x86_64' from job 1, 'echo "2" | x86_64-linux-user/qe…' terminated by signal SIGSEGV (Address boundary error)
The test code I used is:
#include <stdio.h>
#include <stdint.h>
#include <unistd.h>
int main(int argc, char* argv[]) {
int x;
if (scanf("%d", &x) != 1) {
printf("read fail\n");
return 1;
}
if(x > 100) {
printf("aaa\n");
} else if(x < 100) {
printf("bbb\n");
} else {
printf("ccc\n");
}
return 0;
}and the code to compile this code is:
clang++ test.cc -o test.outThe clang version is 14.0.0 and the symqemu I used is this commit: 45b4700
Any idea for this crash?
[Question] system-mode multiple CPUs support
Dear maintainers:
Does symqemu x86 system mode support multiple processes and multiple CPUs? If not, do you have plans to implement this feature?
GPL-v3-or-later license on new files is incompatible with GPL-v2-only license of some existing QEMU files
Hi; it looks like you've licensed the new files you've added as GPL-v3-or-later (eg accel/tcg/tcg-runtime-sym.c). Unfortunately the GPLv3 is not compatible with the GPLv2, and some existing parts of QEMU are licensed as GPLv2-only (not v2-or-later) (eg util/qemu-sockets.c).
I'm guessing this was unintentional -- the easiest fix would be for you to relicense the code you've added as GPL-v2-or-later.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.