Closed fortunac closed 3 years ago
codyroux
commented
3 years ago Absolutely stellar code!
My comments are a bit of an afterthought: it feels like we're duplicating a bit of the visit_blk functionality, it would be nice to unify that code somehow.
We can leave that as a TODO if a solution is not forthcoming.
ccasin
commented
3 years ago I am playing around with this and it is cool!
One thing that might be nice to start doing: documentation in our examples/test cases. A README.md file in each subdirectory under wp/resources/sample_binaries/loop_invariant that just says in English what the test is supposed to check and what the property means would be helpful.
fortunac
commented
3 years ago I am playing around with this and it is cool!
One thing that might be nice to start doing: documentation in our examples/test cases. A README.md file in each subdirectory under
wp/resources/sample_binaries/loop_invariantthat just says in English what the test is supposed to check and what the property means would be helpful.
Can definitely do this!
Adds a flag for checking a loop invariant
(((address 0x12:64u) (invariant <smtlib for invariant>)) (...))Some changes to existing code:
visit_graph. This was needed to pass in the option to skip nodes in the a loop.unreachable_from_startwas refactored out, so it is possible to just pass in that.mk_smtlib2_single. This was used to name the invariant "Loop Invariant (tid)" instead of a z3-expression representing the invariant. If no name is specified, uses the default behavior of naming the constraint after the z3 expression.loop_handleris changed to hold information about both loop unrolling and loop invariant checking.