crucible-0.8.0.0: Crucible is a library for language-agnostic symbolic simulation
Copyright(c) Galois Inc 2014-2018
LicenseBSD3
MaintainerJoe Hendrix <jhendrix@galois.com>
Stabilityprovisional
Safe HaskellNone
LanguageHaskell2010

Lang.Crucible.Simulator.ExecutionTree

Description

Execution trees record the state of the simulator as it explores execution paths through a program. This module defines the collection of datatypes that record the state of a running simulator and basic lenses and accessors for these types. See Lang.Crucible.Simulator.Operations for the definitions of operations that manipulate these datastructures to drive them through the simulator state machine.

Synopsis

GlobalPair

data GlobalPair sym v Source #

A value of some type v together with a global state.

Type parameters:

Constructors

GlobalPair 

Fields

gpValue :: forall sym u v f. Functor f => (u -> f v) -> GlobalPair sym u -> f (GlobalPair sym v) Source #

Access the value stored in the global pair.

gpGlobals :: forall sym u f. Functor f => (SymGlobalState sym -> f (SymGlobalState sym)) -> GlobalPair sym u -> f (GlobalPair sym u) Source #

Access the globals stored in the global pair.

TopFrame

type TopFrame sym ext f (args :: Maybe (Ctx CrucibleType)) = GlobalPair sym (SimFrame sym ext f args) Source #

The currently-executing frame plus the global state associated with it.

Type parameters:

crucibleTopFrame :: forall sym ext (blocks :: Ctx (Ctx CrucibleType)) (r :: CrucibleType) (args :: Ctx CrucibleType) (args' :: Ctx CrucibleType) f. Functor f => (CallFrame sym ext blocks r args -> f (CallFrame sym ext blocks r args')) -> TopFrame sym ext (CrucibleLang blocks r) ('Just args) -> f (TopFrame sym ext (CrucibleLang blocks r) ('Just args')) Source #

Access the Crucible call frame inside a TopFrame.

overrideTopFrame :: forall sym ext (r :: CrucibleType) (args :: Ctx CrucibleType) (r' :: CrucibleType) (args' :: Ctx CrucibleType) f. Functor f => (OverrideFrame sym r args -> f (OverrideFrame sym r' args')) -> TopFrame sym ext (OverrideLang r) ('Just args) -> f (TopFrame sym ext (OverrideLang r') ('Just args')) Source #

CrucibleBranchTarget

data CrucibleBranchTarget f (args :: Maybe (Ctx CrucibleType)) where Source #

A CrucibleBranchTarget identifies a program location that is a potential join point. Each label is a merge point, and there is an additional implicit join point at function returns.

Constructors

BlockTarget :: forall (blocks :: Ctx (Ctx CrucibleType)) (args1 :: Ctx CrucibleType) (r :: CrucibleType). !(BlockID blocks args1) -> CrucibleBranchTarget (CrucibleLang blocks r) ('Just args1) 
ReturnTarget :: forall f. CrucibleBranchTarget f ('Nothing :: Maybe (Ctx CrucibleType)) 

Instances

Instances details
TestEquality (CrucibleBranchTarget f :: Maybe (Ctx CrucibleType) -> Type) Source # 
Instance details

Defined in Lang.Crucible.Simulator.CallFrame

Methods

testEquality :: forall (a :: Maybe (Ctx CrucibleType)) (b :: Maybe (Ctx CrucibleType)). CrucibleBranchTarget f a -> CrucibleBranchTarget f b -> Maybe (a :~: b) #

ppBranchTarget :: forall f (args :: Maybe (Ctx CrucibleType)). CrucibleBranchTarget f args -> String Source #

AbortedResult

data AbortedResult sym ext where Source #

An execution path that was prematurely aborted. Note, an abort does not necessarily indicate an error condition. An execution path might abort because it became infeasible (inconsistent path conditions), because the program called an exit primitive, or because of a true error condition (e.g., a failed assertion).

Type parameters:

Constructors

AbortedExec :: forall sym ext l (args :: Maybe (Ctx CrucibleType)). !AbortExecReason -> !(GlobalPair sym (SimFrame sym ext l args)) -> AbortedResult sym ext

A single aborted execution with the execution state at time of the abort and the reason.

AbortedExit :: forall sym ext l (args :: Maybe (Ctx CrucibleType)). !ExitCode -> !(GlobalPair sym (SimFrame sym ext l args)) -> AbortedResult sym ext

An aborted execution that was ended by a call to exit.

AbortedBranch :: forall sym ext. !ProgramLoc -> !(Pred sym) -> !(AbortedResult sym ext) -> !(AbortedResult sym ext) -> AbortedResult sym ext

Two separate threads of execution aborted after a symbolic branch, possibly for different reasons.

data SomeFrame (f :: fk -> argk -> Type) Source #

This represents an execution frame where its frame type and arguments have been hidden.

The type parameter f is usually SimFrame.

Constructors

SomeFrame !(f l a) 

filterCrucibleFrames :: SomeFrame (SimFrame sym ext) -> Maybe ProgramLoc Source #

Return the program locations of all the Crucible frames.

arFrames :: forall sym ext f. Applicative f => (SomeFrame (SimFrame sym ext) -> f (SomeFrame (SimFrame sym ext))) -> AbortedResult sym ext -> f (AbortedResult sym ext) Source #

Iterate over frames in the result.

ppExceptionContext :: [SomeFrame (SimFrame sym ext)] -> Doc ann Source #

Print an exception context

Partial result

data PartialResult sym ext v Source #

A PartialResult represents the result of a computation that might be only partially defined. If the result is a TotalResult, the the result is fully defined; however if it is a PartialResult, then some of the computation paths that led to this result aborted for some reason, and the resulting value is only defined if the associated condition is true.

Type parameters:

Constructors

TotalRes !(GlobalPair sym v)

A TotalRes indicates that the the global pair is always defined.

PartialRes !ProgramLoc !(Pred sym) !(GlobalPair sym v) !(AbortedResult sym ext)

PartialRes indicates that the global pair may be undefined under some circumstances. The predicate specifies under what conditions the GlobalPair is defined. The AbortedResult describes the circumstances under which the result would be partial.

type PartialResultFrame sym ext f (args :: Maybe (Ctx CrucibleType)) = PartialResult sym ext (SimFrame sym ext f args) Source #

partialValue :: forall sym ext u v f. Functor f => (GlobalPair sym u -> f (GlobalPair sym v)) -> PartialResult sym ext u -> f (PartialResult sym ext v) Source #

Access the value stored in the partial result.

Execution states

data ExecResult p sym ext rtp Source #

Executions that have completed either due to (partial or total) successful completion or by some abort condition.

Type parameters:

Constructors

FinishedResult !(SimContext p sym ext) !(PartialResult sym ext rtp)

At least one execution path resulted in some return result.

AbortedResult !(SimContext p sym ext) !(AbortedResult sym ext)

All execution paths resulted in an abort condition, and there is no result to return.

TimeoutResult !(ExecState p sym ext rtp)

An execution stopped somewhere in the middle of a run because a timeout condition occurred.

data ExecState p sym ext rtp Source #

An ExecState represents an intermediate state of executing a Crucible program. The Crucible simulator executes by transitioning between these different states until it results in a ResultState, indicating the program has completed.

Type parameters:

Constructors

ResultState !(ExecResult p sym ext rtp)

The ResultState is used to indicate that the program has completed.

AbortState !AbortExecReason !(SimState p sym ext rtp f a)

An abort state indicates that the included SimState encountered an abort event while executing its next step. The state needs to be unwound to its nearest enclosing branch point and resumed.

UnwindCallState !(ValueFromValue p sym ext rtp r) !(AbortedResult sym ext) !(SimState p sym ext rtp f a)

An unwind call state occurs when we are about to leave the context of a function call because of an abort. The included ValueFromValue is the context of the call site we are about to unwind into, and the AbortedResult indicates the reason we are aborting.

CallState !(ReturnHandler ret p sym ext rtp f a) !(ResolvedCall p sym ext ret) !(SimState p sym ext rtp f a)

A call state is entered when we are about to make a function call to the included call frame, which has already resolved the implementation and arguments to the function.

TailCallState !(ValueFromValue p sym ext rtp ret) !(ResolvedCall p sym ext ret) !(SimState p sym ext rtp f a)

A tail-call state is entered when we are about to make a function call to the included call frame, and this is the last action we need to take in the current caller. Note, we can only enter a tail-call state if there are no pending merge points in the caller. This means that sometimes calls that appear to be in tail-call position may nonetheless have to be treated as ordinary calls.

ReturnState !FunctionName !(ValueFromValue p sym ext rtp ret) !(RegEntry sym ret) !(SimState p sym ext rtp f a)

A return state is entered after the final return value of a function is computed, and just before we resolve injecting the return value back into the caller's context.

RunningState !(RunningStateInfo blocks args) !(SimState p sym ext rtp (CrucibleLang blocks r) ('Just args))

A running state indicates the included SimState is ready to enter and execute a Crucible basic block, or to resume a basic block from a call site.

SymbolicBranchState !(Pred sym) !(PausedFrame p sym ext rtp f) !(PausedFrame p sym ext rtp f) !(CrucibleBranchTarget f postdom_args) !(SimState p sym ext rtp f ('Just args))

A symbolic branch state indicates that the execution needs to branch on a non-trivial symbolic condition. The included Pred is the condition to branch on. The first PausedFrame is the path that corresponds to the Pred being true, and the second is the false branch.

ControlTransferState !(ControlResumption p sym ext rtp f) !(SimState p sym ext rtp f ('Just a))

A control transfer state is entered just prior to invoking a control resumption. Control resumptions are responsible for transitioning from the end of one basic block to another, although there are also some intermediate states related to resolving switch statements.

OverrideState !(Override p sym ext args ret) !(SimState p sym ext rtp (OverrideLang ret) ('Just args))

An override state indicates the included SimState is prepared to execute a code override.

BranchMergeState !(CrucibleBranchTarget f args) !(SimState p sym ext rtp f args)

A branch merge state occurs when the included SimState is in the process of transferring control to the included CrucibleBranchTarget. We enter a BranchMergeState every time we need to _check_ if there is a pending branch, even if no branch is pending. During this process, paths may have to be merged. If several branches must merge at the same control point, this state may be entered several times in succession before returning to a RunningState.

rtp ~ RegEntry sym ret => InitialState !(SimContext p sym ext) !(SymGlobalState sym) !(AbortHandler p sym ext (RegEntry sym ret)) !(TypeRepr ret) !(ExecCont p sym ext (RegEntry sym ret) (OverrideLang ret) ('Just (EmptyCtx :: Ctx CrucibleType)))

An initial state indicates the state of a simulator just before execution begins. It specifies all the initial data necessary to begin simulating. The given ExecCont will be executed in a fresh SimState representing the default starting call frame.

type ExecCont p sym ext rtp f (args :: Maybe (Ctx CrucibleType)) = ReaderT (SimState p sym ext rtp f args) IO (ExecState p sym ext rtp) Source #

An action which will construct an ExecState given a current SimState. Such continuations correspond to a single transition of the simulator transition system.

Type parameters:

data RunningStateInfo (blocks :: Ctx (Ctx CrucibleType)) (args :: Ctx CrucibleType) Source #

Some additional information attached to a RunningState that indicates how we got to this running state.

Type parameters:

  • blocks: types of variables in scope from previous blocks
  • args: arguments to this block

Constructors

RunBlockStart !(BlockID blocks args)

This indicates that we are now in a RunningState because we transferred execution to the start of a basic block.

RunBlockEnd !(Some (BlockID blocks))

This indicates that we are in a RunningState because we reached the terminal statement of a basic block.

RunReturnFrom !FunctionName

This indicates that we are in a RunningState because we returned from calling the named function.

RunPostBranchMerge !(BlockID blocks args)

This indicates that we are now in a RunningState because we finished branch merging prior to the start of a block.

data ResolvedCall p sym ext (ret :: CrucibleType) where Source #

The result of resolving a function call.

Type parameters:

Constructors

OverrideCall :: forall p sym ext (args :: Ctx CrucibleType) (ret :: CrucibleType). !(Override p sym ext args ret) -> !(OverrideFrame sym ret args) -> ResolvedCall p sym ext ret

A resolved function call to an override.

CrucibleCall :: forall (blocks :: Ctx (Ctx CrucibleType)) (args :: Ctx CrucibleType) sym ext (ret :: CrucibleType) p. !(BlockID blocks args) -> !(CallFrame sym ext blocks ret args) -> ResolvedCall p sym ext ret

A resolved function call to a Crucible function.

resolvedCallHandle :: forall p sym ext (ret :: CrucibleType). ResolvedCall p sym ext ret -> SomeHandle Source #

execResultContext :: ExecResult p sym ext r -> SimContext p sym ext Source #

setExecResultContext :: SimContext p sym ext -> ExecResult p sym ext r -> ExecResult p sym ext r Source #

execStateContext :: ExecState p sym ext r -> SimContext p sym ext Source #

setExecStateContext :: SimContext p sym ext -> ExecState p sym ext r -> ExecState p sym ext r Source #

execStateSimState :: ExecState p sym ext r -> Maybe (SomeSimState p sym ext r) Source #

execResultGlobals Source #

Arguments

:: Monad f 
=> (SimContext p sym ext -> ProgramLoc -> Pred sym -> SymGlobalState sym -> SymGlobalState sym -> f (SymGlobalState sym))

How to handle AbortedBranch.

Common options include concretizing the Pred or returning a partial result (e.g., Nothing).

-> ExecResult p sym ext rtp 
-> f (SymGlobalState sym) 

Extract the SymGlobalState from an ExecResult.

execStateGlobals Source #

Arguments

:: Monad f 
=> (SimContext p sym ext -> ProgramLoc -> Pred sym -> SymGlobalState sym -> SymGlobalState sym -> f (SymGlobalState sym))

How to handle AbortedBranch.

Common options include concretizing the Pred or returning a partial result (e.g., Nothing).

-> ExecState p sym ext rtp 
-> f (SymGlobalState sym) 

Extract the SymGlobalState from an ExecState.

Simulator context trees

Main context data structures

data ValueFromValue p sym ext ret (top_return :: CrucibleType) Source #

This type contains information about the current state of the exploration of the branching structure of a program. The ValueFromValue states correspond to stack call frames in a more traditional simulator environment.

Constructors

VFVCall !(ValueFromFrame p sym ext ret caller) !(SimFrame sym ext caller args) !(ReturnHandler top_return p sym ext ret caller args)

VFVCall denotes a call site in the outer context, and represents the point to which a function higher on the stack will eventually return. The three arguments are:

  • The context in which the call happened.
  • The frame of the caller
  • How to modify the current sim frame and resume execution when we obtain the return value
VFVPartial !(ValueFromValue p sym ext ret top_return) !ProgramLoc !(Pred sym) !(AbortedResult sym ext)

A partial value. The predicate indicates what needs to hold to avoid the partiality. The AbortedResult describes what could go wrong if the predicate does not hold.

ret ~ RegEntry sym top_return => VFVEnd

The top return value, indicating the program termination point.

Instances

Instances details
Pretty (ValueFromValue p ext sym root rp) Source # 
Instance details

Defined in Lang.Crucible.Simulator.ExecutionTree

Methods

pretty :: ValueFromValue p ext sym root rp -> Doc ann #

prettyList :: [ValueFromValue p ext sym root rp] -> Doc ann #

data ValueFromFrame p sym ext ret f Source #

This type contains information about the current state of the exploration of the branching structure of a program. The ValueFromFrame states correspond to the structure of symbolic branching that occurs within a single function call.

Type parameters:

Constructors

VFFBranch !(ValueFromFrame p sym ext ret f) !FrameIdentifier !ProgramLoc !(Pred sym) !(VFFOtherPath p sym ext ret f args) !(CrucibleBranchTarget f args)

We are working on a branch; this could be the first or the second of both branches (see the VFFOtherPath field).

VFFPartial !(ValueFromFrame p sym ext ret f) !ProgramLoc !(Pred sym) !(AbortedResult sym ext) !PendingPartialMerges

We are on a branch where the other branch was aborted before getting to the merge point.

VFFEnd !(ValueFromValue p sym ext ret (FrameRetType f))

When we are finished with this branch we should return from the function.

Instances

Instances details
Pretty (ValueFromFrame p ext sym ret f) Source # 
Instance details

Defined in Lang.Crucible.Simulator.ExecutionTree

Methods

pretty :: ValueFromFrame p ext sym ret f -> Doc ann #

prettyList :: [ValueFromFrame p ext sym ret f] -> Doc ann #

data PendingPartialMerges Source #

Data about whether the surrounding context is expecting a merge to occur or not. If the context sill expects a merge, we need to take some actions to indicate that the merge will not occur; otherwise there is no special work to be done.

Constructors

NoNeedToAbort

Don't indicate an abort condition in the context

NeedsToBeAborted

Indicate an abort condition in the context when we get there again.

Paused Frames

data ResolvedJump sym (blocks :: Ctx (Ctx CrucibleType)) Source #

A ResolvedJump is a block label together with a collection of actual arguments that are expected by that block. These data are sufficient to actually transfer control to the named label.

Type parameters:

  • sym: instance of IsSymInterface
  • blocks: types of variables in scope from previous blocks

Constructors

ResolvedJump !(BlockID blocks args) !(RegMap sym args) 

data ControlResumption p sym ext rtp f where Source #

When a path of execution is paused by the symbolic simulator (while it first explores other paths), a ControlResumption indicates what actions must later be taken in order to resume execution of that path.

Type parameters:

Constructors

ContinueResumption :: forall sym (blocks :: Ctx (Ctx CrucibleType)) p ext rtp (r :: CrucibleType). !(ResolvedJump sym blocks) -> ControlResumption p sym ext rtp (CrucibleLang blocks r)

When resuming a paused frame with a ContinueResumption, no special work needs to be done, simply begin executing statements of the basic block.

CheckMergeResumption :: forall sym (blocks :: Ctx (Ctx CrucibleType)) p ext rtp (r :: CrucibleType). !(ResolvedJump sym blocks) -> ControlResumption p sym ext rtp (CrucibleLang blocks r)

When resuming with a CheckMergeResumption, we must check for the presence of pending merge points before resuming.

SwitchResumption :: forall sym (blocks :: Ctx (Ctx CrucibleType)) p ext rtp (r :: CrucibleType). ![(Pred sym, ResolvedJump sym blocks)] -> ControlResumption p sym ext rtp (CrucibleLang blocks r)

When resuming a paused frame with a SwitchResumption, we must continue branching to possible alternatives in a variant elimination statement. In other words, we are still in the process of transferring control away from the current basic block (which is now at a final VariantElim terminal statement).

OverrideResumption :: forall p sym ext rtp (r :: CrucibleType) (args :: Ctx CrucibleType). ExecCont p sym ext rtp (OverrideLang r) ('Just args) -> !(RegMap sym args) -> ControlResumption p sym ext rtp (OverrideLang r)

When resuming a paused frame with an OverrideResumption, we simply return control to the included thunk, which represents the remaining computation for the override.

data PausedFrame p sym ext rtp f Source #

A PausedFrame represents a path of execution that has been postponed while other paths are explored. It consists of a (potentially partial) SimFrame together with some information about how to resume execution of that frame.

Type parameters:

Constructors

PausedFrame 

Fields

Sibling paths

data VFFOtherPath p sym ext ret f (args :: Maybe (Ctx CrucibleType)) Source #

This describes the state of the sibling path at a symbolic branch point. A symbolic branch point starts with the sibling in the VFFActivePath state, which indicates that the sibling path still needs to be executed. After the first path to be explored has reached the merge point, the places of the two paths are exchanged, and the completed path is stored in the VFFCompletePath state until the second path also reaches its merge point. The two paths will then be merged, and execution will continue beyond the merge point.

Type parameters:

Constructors

VFFActivePath !(PausedFrame p sym ext ret f)

This corresponds the a path that still needs to be analyzed.

VFFCompletePath !(Assumptions sym) !(PartialResultFrame sym ext f args)

This is a completed execution path.

Instances

Instances details
Pretty (VFFOtherPath ctx sym ext r f a) Source # 
Instance details

Defined in Lang.Crucible.Simulator.ExecutionTree

Methods

pretty :: VFFOtherPath ctx sym ext r f a -> Doc ann #

prettyList :: [VFFOtherPath ctx sym ext r f a] -> Doc ann #

type family FrameRetType f :: CrucibleType where ... Source #

Equations

FrameRetType (CrucibleLang b r) = r 
FrameRetType (OverrideLang r) = r 

ReturnHandler

data ReturnHandler (ret :: CrucibleType) p sym ext root f (args :: Maybe (Ctx CrucibleType)) where Source #

A ReturnHandler indicates what actions to take to resume executing in a caller's context once a function call has completed and the return value is available.

Type parameters:

Constructors

ReturnToOverride :: forall sym (ret :: CrucibleType) p ext root (r :: CrucibleType) (args1 :: Ctx CrucibleType). (RegEntry sym ret -> SimState p sym ext root (OverrideLang r) ('Just args1) -> IO (ExecState p sym ext root)) -> ReturnHandler ret p sym ext root (OverrideLang r) ('Just args1)

The ReturnToOverride constructor indicates that the calling context is primitive code written directly in Haskell.

ReturnToCrucible :: forall (ret :: CrucibleType) ext (blocks :: Ctx (Ctx CrucibleType)) (r :: CrucibleType) (ctx :: Ctx CrucibleType) p sym root. TypeRepr ret -> StmtSeq ext blocks r (ctx ::> ret) -> ReturnHandler ret p sym ext root (CrucibleLang blocks r) ('Just ctx)

The ReturnToCrucible constructor indicates that the calling context is an ordinary function call position from within a Crucible basic block. The included StmtSeq is the remaining statements in the basic block to be executed following the return.

TailReturnToCrucible :: forall (ret :: CrucibleType) (r :: CrucibleType) p sym ext root (blocks :: Ctx (Ctx CrucibleType)) (args :: Maybe (Ctx CrucibleType)). ret ~ r => ReturnHandler ret p sym ext root (CrucibleLang blocks r) args

The TailReturnToCrucible constructor indicates that the calling context is a tail call position from the end of a Crucible basic block. Upon receiving the return value, that value should be immediately returned in the caller's context as well.

ActiveTree

data ActiveTree p sym ext root f (args :: Maybe (Ctx CrucibleType)) Source #

An active execution tree contains at least one active execution. The data structure is organized so that the current execution can be accessed rapidly.

Type parameters:

Constructors

ActiveTree 

Fields

singletonTree :: forall sym ext f (args :: Maybe (Ctx CrucibleType)) p. TopFrame sym ext f args -> ActiveTree p sym ext (RegEntry sym (FrameRetType f)) f args Source #

Create a tree with a single top frame.

activeFrames :: forall ctx sym ext root a (args :: Maybe (Ctx CrucibleType)). ActiveTree ctx sym ext root a args -> [SomeFrame (SimFrame sym ext)] Source #

Return the call stack of all active frames, in reverse activation order (i.e., with callees appearing before callers).

actContext :: forall p sym ext root f1 (args :: Maybe (Ctx CrucibleType)) f2. Functor f2 => (ValueFromFrame p sym ext root f1 -> f2 (ValueFromFrame p sym ext root f1)) -> ActiveTree p sym ext root f1 args -> f2 (ActiveTree p sym ext root f1 args) Source #

Access the calling context of the currently-active frame

actFrame :: forall p sym ext root f1 (args :: Maybe (Ctx CrucibleType)) (args' :: Maybe (Ctx CrucibleType)) f2. Functor f2 => (TopFrame sym ext f1 args -> f2 (TopFrame sym ext f1 args')) -> ActiveTree p sym ext root f1 args -> f2 (ActiveTree p sym ext root f1 args') Source #

Access the currently-active frame

Simulator context

Function bindings

data Override p sym ext (args :: Ctx CrucibleType) (ret :: CrucibleType) Source #

A definition of a function's semantics, given as a Haskell action.

Type parameters:

Constructors

Override 

Fields

data FnState p sym ext (args :: Ctx CrucibleType) (ret :: CrucibleType) Source #

State used to indicate what to do when function is called. A function may either be defined by writing a Haskell Override or by giving a Crucible control-flow graph representation.

Type parameters:

Constructors

UseOverride !(Override p sym ext args ret) 
UseCFG !(CFG ext blocks args ret) !(CFGPostdom blocks) 

newtype FunctionBindings p sym ext Source #

A map from function handles to their semantics.

Type parameters:

Constructors

FnBindings 

Fields

Extensions

data ExtensionImpl p sym ext Source #

In order to start executing a simulator, one must provide an implementation of the extension syntax. This includes an evaluator for the added expression forms, and an evaluator for the added statement forms.

Type parameters:

Constructors

ExtensionImpl 

Fields

type EvalStmtFunc p sym ext = forall rtp (blocks :: Ctx (Ctx CrucibleType)) (r :: CrucibleType) (ctx :: Ctx CrucibleType) (tp' :: CrucibleType). StmtExtension ext (RegEntry sym) tp' -> CrucibleState p sym ext rtp blocks r ctx -> IO (RegValue sym tp', CrucibleState p sym ext rtp blocks r ctx) Source #

The type of functions that interpret extension statements. These have access to the main simulator state, and can make fairly arbitrary changes to it.

Type parameters:

emptyExtensionImpl :: ExtensionImpl p sym () Source #

Trivial implementation for the "empty" extension, which adds no additional syntactic forms.

SimContext record

type IsSymInterfaceProof sym a = (IsSymInterface sym => a) -> a Source #

data SimContext p sym ext Source #

Top-level state record for the simulator. The state contained in this record remains persistent across all symbolic simulator actions. In particular, it is not rolled back when the simulator returns previous program points to explore additional paths, etc.

Type parameters:

Constructors

SimContext 

Fields

newtype Metric p sym ext Source #

Some kind of Integer to be collected during execution.

Type parameters:

Constructors

Metric 

Fields

initSimContext Source #

Arguments

:: IsSymBackend sym bak 
=> bak

Symbolic backend

-> IntrinsicTypes sym

Implementations of intrinsic types

-> HandleAllocator

Handle allocator for creating new function handles

-> Handle

Handle to write output to

-> FunctionBindings personality sym ext

Initial bindings for function handles

-> ExtensionImpl personality sym ext

Semantics for extension syntax

-> personality

Initial value for custom user state

-> SimContext personality sym ext 

Create a new SimContext with the given bindings.

withBackend :: SimContext personality sym ext -> (forall bak. IsSymBackend sym bak => bak -> a) -> a Source #

ctxSymInterface :: forall p sym ext f. (Contravariant f, Functor f) => (sym -> f sym) -> SimContext p sym ext -> f (SimContext p sym ext) Source #

Access the symbolic backend inside a SimContext.

functionBindings :: forall p sym ext f. Functor f => (FunctionBindings p sym ext -> f (FunctionBindings p sym ext)) -> SimContext p sym ext -> f (SimContext p sym ext) Source #

A map from function handles to their semantics.

cruciblePersonality :: forall p sym ext f. Functor f => (p -> f p) -> SimContext p sym ext -> f (SimContext p sym ext) Source #

Custom state inside the SimContext.

Crucible itself is entirely polymorphic over p. Downstream applications can instantiate it to any sort of state that they would like to associate with a SimContext.

For example, applications based on macaw-symbolic can instantiate this to a structure holding enough information to perform incremental code discovery. See ambient-verifier's AmbientSimulatorState.

Code that needs to store some state in the personality but doesn't wish to fix a particular type can use the "classy lenses" approach, e.g.,

class HasFooState p where
  fooState :: Lens' p FooState

For examples of this approach, see

profilingMetrics :: forall p sym ext f. Functor f => (Map Text (Metric p sym ext) -> f (Map Text (Metric p sym ext))) -> SimContext p sym ext -> f (SimContext p sym ext) Source #

SimState

data SimState p sym ext rtp f (args :: Maybe (Ctx CrucibleType)) Source #

A SimState contains the execution context, an error handler, and the current execution tree. It captures the entire state of the symbolic simulator.

Type parameters:

Constructors

SimState 

Fields

Instances

Instances details
MonadState (SimState p sym ext rtp (OverrideLang ret) ('Just args)) (OverrideSim p sym ext rtp args ret) Source # 
Instance details

Defined in Lang.Crucible.Simulator.OverrideSim

Methods

get :: OverrideSim p sym ext rtp args ret (SimState p sym ext rtp (OverrideLang ret) ('Just args)) #

put :: SimState p sym ext rtp (OverrideLang ret) ('Just args) -> OverrideSim p sym ext rtp args ret () #

state :: (SimState p sym ext rtp (OverrideLang ret) ('Just args) -> (a, SimState p sym ext rtp (OverrideLang ret) ('Just args))) -> OverrideSim p sym ext rtp args ret a #

data SomeSimState p sym ext rtp Source #

Constructors

SomeSimState !(SimState p sym ext rtp f args) 

initSimState Source #

Arguments

:: forall p sym ext (ret :: CrucibleType). SimContext p sym ext

initial SimContext state

-> SymGlobalState sym

state of Crucible global variables

-> AbortHandler p sym ext (RegEntry sym ret)

initial abort handler

-> TypeRepr ret 
-> IO (SimState p sym ext (RegEntry sym ret) (OverrideLang ret) ('Just (EmptyCtx :: Ctx CrucibleType))) 

Create an initial SimState

stateLocation :: forall p sym ext r f1 (a :: Maybe (Ctx CrucibleType)) f2. (Contravariant f2, Functor f2) => (Maybe ProgramLoc -> f2 (Maybe ProgramLoc)) -> SimState p sym ext r f1 a -> f2 (SimState p sym ext r f1 a) Source #

newtype AbortHandler p sym ext rtp Source #

An abort handler indicates to the simulator what actions to take when an abort occurs. Usually, one should simply use the defaultAbortHandler from Lang.Crucible.Simulator, which unwinds the tree context to the nearest branch point and correctly resumes simulation. However, for some use cases, it may be desirable to take additional or alternate actions on abort events; in which case, the library user may replace the default abort handler with their own.

Type parameters:

Constructors

AH 

Fields

type CrucibleState p sym ext rtp (blocks :: Ctx (Ctx CrucibleType)) (ret :: CrucibleType) (args :: Ctx CrucibleType) = SimState p sym ext rtp (CrucibleLang blocks ret) ('Just args) Source #

A simulator state that is currently executing Crucible instructions.

Lenses and accessors

stateTree :: forall p sym ext rtp f1 (a :: Maybe (Ctx CrucibleType)) g (b :: Maybe (Ctx CrucibleType)) f2. Functor f2 => (ActiveTree p sym ext rtp f1 a -> f2 (ActiveTree p sym ext rtp g b)) -> SimState p sym ext rtp f1 a -> f2 (SimState p sym ext rtp g b) Source #

Access the active tree associated with a state.

abortHandler :: forall p sym ext r f1 (a :: Maybe (Ctx CrucibleType)) f2. Functor f2 => (AbortHandler p sym ext r -> f2 (AbortHandler p sym ext r)) -> SimState p sym ext r f1 a -> f2 (SimState p sym ext r f1 a) Source #

Access the current abort handler of a state.

stateContext :: forall p sym ext r f1 (a :: Maybe (Ctx CrucibleType)) f2. Functor f2 => (SimContext p sym ext -> f2 (SimContext p sym ext)) -> SimState p sym ext r f1 a -> f2 (SimState p sym ext r f1 a) Source #

Access the SimContext inside a SimState

stateCrucibleFrame :: forall p sym ext rtp (blocks :: Ctx (Ctx CrucibleType)) (r :: CrucibleType) (a :: Ctx CrucibleType) (a' :: Ctx CrucibleType) f. Functor f => (CallFrame sym ext blocks r a -> f (CallFrame sym ext blocks r a')) -> SimState p sym ext rtp (CrucibleLang blocks r) ('Just a) -> f (SimState p sym ext rtp (CrucibleLang blocks r) ('Just a')) Source #

Access the Crucible call frame inside a SimState

stateSymInterface :: forall p sym ext r f1 (a :: Maybe (Ctx CrucibleType)) f2. (Contravariant f2, Functor f2) => (sym -> f2 sym) -> SimState p sym ext r f1 a -> f2 (SimState p sym ext r f1 a) Source #

Get the symbolic interface out of a SimState

stateSolverProof :: forall p sym ext r f (args :: Maybe (Ctx CrucibleType)). SimState p sym ext r f args -> forall a. IsSymInterfaceProof sym a Source #

Provide the IsSymInterface typeclass dictionary from a SimState

stateIntrinsicTypes :: forall p sym ext r f1 (args :: Maybe (Ctx CrucibleType)) f2. (Contravariant f2, Functor f2) => (IntrinsicTypes sym -> f2 (IntrinsicTypes sym)) -> SimState p sym ext r f1 args -> f2 (SimState p sym ext r f1 args) Source #

Get the intrinsic type map out of a SimState

stateOverrideFrame :: forall p sym ext q (r :: CrucibleType) (a :: Ctx CrucibleType) (a' :: Ctx CrucibleType) f. Functor f => (OverrideFrame sym r a -> f (OverrideFrame sym r a')) -> SimState p sym ext q (OverrideLang r) ('Just a) -> f (SimState p sym ext q (OverrideLang r) ('Just a')) Source #

Access the override frame inside a SimState

stateGlobals :: forall p sym ext q f1 (args :: Maybe (Ctx CrucibleType)) f2. Functor f2 => (SymGlobalState sym -> f2 (SymGlobalState sym)) -> SimState p sym ext q f1 args -> f2 (SimState p sym ext q f1 args) Source #

Access the globals inside a SimState

stateConfiguration :: forall p sym ext r f1 (args :: Maybe (Ctx CrucibleType)) f2. (Contravariant f2, Functor f2) => (Config -> f2 Config) -> SimState p sym ext r f1 args -> f2 (SimState p sym ext r f1 args) Source #

Get the configuration object out of a SimState