[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-dev] Adding variables in Csmith generated code

Thanks Xuejun! May I ask why you do not include global pointers in checksum computation?


Shafiul Azam Chowdhury
PhD Student and Graduate Research Assistant
The University of Texas at Arlington


On Thu, Aug 4, 2016 at 4:58 PM, Xuejun Yang <nitsnow@gmail.com> wrote:
The checksum function doesn't help because we don't include global pointers in the computation any way.

There is a place for storing the points-to information after execution of every statement. But it requires some digging. Follow these steps:

1) after generating func_1, retrieve the Fact Manager for func_1, each random function has its own Fact Manager.
2) Look up the facts that flow out of the body of func_1, which is a Block statement. The facts are stored in tables, I think map_facts_out_final is the one.
3) Traverse the fact vector retrieved from 2) , and find the points-to facts pertinent to global variables.  
4) call "is_null" on the points-to fact of a global pointer to see if it *could* be NULL
5) call "is_dead" to check whether the pointer could be potentially dangling

Hope this helps.


On Wed, Aug 3, 2016 at 9:14 AM, John Regehr <regehr@cs.utah.edu> wrote:

Let's see if Xuejun chimes in, he's the one who wrote all of the UB-avoidance code in Csmith.


On 08/03/2016 10:12 AM, Shafiul Azam wrote:
Thank you a lot Dr. Regehr! As I was thinking of accomplishing my task slightly differently, is there any way to learn which global variables are still safe to read (for example, safely dereferencing a pointer) after main function has executed? I noted that some of the global variables may be unsafe to use (read) after main function execution (a pointer becoming null, e.g.).

If there's a way to instruct Csmith to print these variable names (inside comments) at the end of pretty-printing the code, I could parse it. Should I look into the checksum-calculation code as I think this function knows which variables can be read safely after execution of the main function?

Thanks again!

Shafiul Azam Chowdhury
PhD Student and Graduate Research Assistant
The University of Texas at Arlington


On Wed, Aug 3, 2016 at 10:45 AM, John Regehr <regehr@cs.utah.edu> wrote:
Hi Shafiul, you should start by reading Variable.cpp.


On 08/03/2016 09:39 AM, Shafiul Azam wrote:
Hi All,

I have been using Csmith in my project where Csmith generated code becomes part of a fixed template (some boilerplate code necessary for the tool I'm using). I have these n number of global variables which I would like to become part of Csmith; i.e. I want Csmith to use these variables in its random generation process, as if Csmith declared these global variables and now should use them just like other global variables it created.

I'm sorry for my limited knowledge of Csmith. I assume Csmith has a registry of all the global variables it has created. Then, simply adding my variable names to this registry might do the job. If this is right, can someone please point me to the code where the registry is located (and how to add variables in this registry, given one exists)? I would also like to know if this might break Csmith anyway (exhibiting undefined/unspecified behaviors etc.)

Thank you!