[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[csmith-dev] simeple view of Csmith

Hi Arthur, your guesses are correct. I am sorry that Csmith are not so much comprehensible. Partly because of lack of comments, which I am somewhat guilty, partly because many functions in Csmith are entered many times, and behave differently when the context is different. So the best way to understand Csmith is by finding a seed that generate a simple test case, one or two functions at most, then stepping through Csmith in a debugger to see how that test case is generated. This is a much better way than reading the source code IMHO.


Csmith operates on an abstract syntax tree. There are three chains of actions worth noting (all of them traverse the AST top down, i.e. function -> block -> statement -> _expression_):


1)       make_random: to create a particular node in the AST

2)       visit_facts: to visit a previously generated node when creating a new node that control flows to the old one. return false if the new node makes the old node unsafe.

3)       Output: to print a particular node in the AST


The first two are entered within a context which is encapsulated in a CGContext object and a fact list. visit_facts is the backbone of generation analysis, and is likely to be invoked many times within different contexts.

Hope this short description is helpful.




AFAIK, it should be just a matter of printing "((signed)e1 <
(signed)e2)" everywhere you'd normally print "(e1 < e2)". That place
should be easier to find than it is, though. :P  I think the printing
code for this case is located in FunctionInvocationBinary::Output() or
one of its callees.  Alternatively, it might be possible to modify
random _expression_ generator so that unsigned expressions are not
considered valid operands to comparison operators.  I think that code
is located somewhere inside FunctionInvocation::make_random_binary(),
but lots of luck with that.

(I've been meaning to hack on Csmith a lot more than I actually have.
I forked it on Github a long time ago, but after that first short
burst, every time I start looking at it I get bogged down in
complexity almost immediately.)