User:Realazthat/Projects wishlist/LLVM/SMT
Documents conversions from LLVM IR to SMT
ICMP
LLVM spec: i_icmp.
- TODO: vector comparison
Example: <lang llvm>
%0 = add i32 10, 11 %1 = icmp ule i32 8, %0
</lang>
Translation: <lang scheme>
- %0 = add i32 10, 11
- extrafuns ((sym0 bv[32]))
- assumption (= sym0 (bvadd bv10[32] bv11[32]))
- %1 = icmp ule i32 8, %0
- extrafuns ((sym1 bv[1]))
- assumption (iff (= sym1 bv1[1]) (bvule bv8[32] sym0))
</lang>
Add
LLVM spec: See i_add.
- TODO: vector addition
Example: #ICMP
Alloca
LLVM spec: See i_alloca.
Todo:
- Alignment
- Necessary?
- Ignore for now
Example: <lang llvm>
%a = alloca i29, align 4 ; <i29*> %b = alloca i35, align 4 ; <i35*>
</lang>
Translation: <lang scheme>
- extrafuns ((memoryState0 bv[10240]))
- extrafuns ((stackPtr0 bv[16]))
- ------^^^Initial state ^^^------
- %a = alloca i29, align 4 ;; <i29*>
- extrafuns ((a bv[16])) ; Pointer
- assumption (= a stackPtr0)) ; Constraint, related to last stack pointer state
- extrafuns ((stackPtr1 bv[16]))
- assumption (= stackPtr1 (bvadd stackPtr0 29))
- %b = alloca i35, align 4 ;; <i35*>
- extrafuns ((b bv[16])) ; Pointer
- assumption (= b stackPtr1) ; Constraint, related to last stack pointer state
- extrafuns ((stackPtr2 bv[16])) ; New stack pointer state
- assumption (= stackPtr2 (bvadd stackPtr1 35)) ; Constrain new stack pointer
</lang>
Assumptions:
- Memory space is 10240
- Pointer size is 16
Load
LLVM spec: See i_load.
Example: <lang llvm>
%1 = load i29* %a, align 4 ;; <i29> %2 = load i35* %b, align 4 ;; <i35>
</lang>
Translation:
<lang scheme>
- extrafuns ((memoryState0 bv[10240]))
- extrafuns ((stackPtr0 bv[16]))
- extrafuns ((a bv[16]))
- extrafuns ((b bv[16]))
- ------^^^Initial state ^^^------
- %1 = load i29* %a, align 4 ;; <i29>
- extrafuns ((sym1 bv[29])) ;
- Load sym1 from memory
- assumption(
(extract[29:0] ; Extract the information from the huge resulting bit vector (bvlshr ; Move the info back to rightmost position (bvand ; Extract the masked bits (bvshl ; Move the mask to the correct position (zero_extend[10211] ; Extend the mask bitvector over the memory (repeat[29] bv1[1]) ; Mask for sym1's corresponding bits ) (zero_extend[10224] a) ; Move the mask by the value of the pointer a ) memoryState0 ; Extract the mask bits from the last memory state ) (zero_extend[10224] a) ; Move the info back to the right by the value of the pointer a ) )
)
- %2 = load i35* %b, align 4 ;; <i35>
- extrafuns ((sym2 bv[35])) ;
- Load sym2 from memory
- assumption(
(extract[35:0] ; Extract the information from the huge resulting bit vector (bvlshr ; Move the info back to rightmost position (bvand ; Extract the masked bits (bvshl ; Move the mask to the correct position (zero_extend[10205] ; Extend the mask bitvector over the memory (repeat[35] bv1[1]) ; Mask for sym1's corresponding bits ) (zero_extend[10224] b) ; Move the mask by the value of the pointer b ) memoryState0 ; Extract the mask bits from the last memory state ) (zero_extend[10224] b) ; Move the info back to the right by the value of the pointer b ) )
)
</lang>
Store
LLVM spec: See i_store.
Algorithm:
/* 101011011 buffer 001101000 store 001111000 mask 101101011 new buffer -------------------- 101011011 buffer and 110000111 not(mask) = 100000011 or 001101000 store = 101101011 new buffer */
Example: <lang llvm>
%a = alloca i29, align 4 ; <i29*> ; Deliberately not optimized out to keep things interesting %0 = add i29 0, 15 ; <i29> store i29 %0, i29* %a
</lang>
Translation: <lang scheme>
- extrafuns ((memoryState0 bv[10240]))
- extrafuns ((stackPtr0 bv[16]))
- ------^^^Initial state ^^^------
- %a = alloca i29, align 4 ;; <i29*>
- extrafuns ((a bv[16])) ; Pointer
- assumption (= a stackPtr0)) ; Constraint, related to last stack pointer state
- extrafuns ((stackPtr1 bv[16]))
- assumption (= stackPtr1 (bvadd stackPtr0 29))
- %0 = add i29 0, 15
- extrafuns ((sym0 bv[29]))
- assumption (= sym0 (bvadd bv0[29] bv15[29]))
- store i29 %0, i29* %a
- extrafuns ((memoryState1 bv[10240]))
- assumption (= memoryState1 ; The new memory state
(bvor ; Combine the data in a with the old memory state (bvshl ; Move the data in a to the corresponding position in memory (zero_extend[10211] sym0) ; The bits to be written (zero_extend[10224] a) ; Move the bits over to the position pointed to by a ) (bvand ; All data in the memorystate will still be there, ; except the part that needs to be overwritten (bvnot ; Inverse the mask to create a zero'd mask to erase ; the bits that need to be overwritten (bvshl ; Move the 1 bits to the correct position (zero_extend[10211] (repeat[29] bv1[1])) ; Create a mask of 1 bits (zero_extend[10224] a) ; Move the mask to the position pointed to by a ) ) memoryState0 ; The old memory state ) )
)
</lang>