staged concolic miniwasm

.github/workflows/scala.yml

@@ -79,3 +79,4 @@ jobs:
         sbt 'testOnly gensym.wasm.TestConcolic'
         sbt 'testOnly gensym.wasm.TestDriver'
         sbt 'testOnly gensym.wasm.TestStagedEval'
+        sbt 'testOnly gensym.wasm.TestStagedConcolicEval'

benchmarks/wasm/Makefile

@@ -0,0 +1,7 @@
+.PHONY: clean
+
+clean:
+	find . -type f -name '*.cpp' -delete
+	find . -type f -name '*.cpp.exe' -delete
+	find . -type d -name '*.dSYM' -exec rm -rf {} +
+	find . -type f -name '*.dot' -delete

benchmarks/wasm/branch-strip-buggy.wat

@@ -29,6 +29,7 @@
       else
         i32.const 0
         call 2
+        i32.const 1 ;; to satisfy the type checker, this line will never be reached
       end
     end
   )

benchmarks/wasm/btree/2o1u-unlabeled.wat

@@ -2626,9 +2626,12 @@
     i32.and
     drop)
   (func (;7;) (type 4)
-    i32.const 3
     i32.const 2
+    i32.symbolic
     i32.const 1
+    i32.symbolic
+    i32.const 0
+    i32.symbolic
     call 6)
   (memory (;0;) 2)
   (export "main" (func 7))

benchmarks/wasm/global-sym.wat

@@ -0,0 +1,21 @@
+(module
+  (type (;0;) (func (result i32)))
+  (type (;1;) (func))
+  (type (;2;) (func (param i32) (result i32)))
+
+  (func (;0;) (type 2) (param i32) (result i32)
+    local.get 0
+    global.set 0
+    global.get 0
+  )
+  (func (;1;) (type 1)
+    i32.const 0
+    i32.symbolic
+    ;; TODO Somehow this value is always 0?
+    call 0
+    )
+  (start 1)
+  (memory (;0;) 2)
+  (export "main" (func 1))
+  (global (;0;) (mut i32) (i32.const 42))
+)

benchmarks/wasm/load-offset.wat

@@ -0,0 +1,19 @@
+(module
+  (type (;0;) (func (result i32)))
+  (type (;1;) (func))
+  (func (;0;) (type 0) (result i32)
+    i32.const 0
+    i32.const 256
+    i32.store 
+    i32.const 0
+    i32.load offset=1
+  )
+  (func (;1;) (type 1)
+    call 0
+    ;; should be 1
+    ;; drop
+  )
+  (start 1)
+  (memory (;0;) 2)
+  (export "main" (func 1))
+)

benchmarks/wasm/load-overflow1.wat

@@ -0,0 +1,19 @@
+(module
+  (type (;0;) (func (result i32)))
+  (type (;1;) (func))
+  (func (;0;) (type 0) (result i32)
+    i32.const 0
+    i32.const 256
+    i32.store 
+    i32.const 1
+    i32.load
+  )
+  (func (;1;) (type 1)
+    call 0
+    ;; should be 1
+    ;; drop
+  )
+  (start 1)
+  (memory (;0;) 2)
+  (export "main" (func 1))
+)

benchmarks/wasm/load-overflow2.wat

@@ -0,0 +1,19 @@
+(module
+  (type (;0;) (func (result i32)))
+  (type (;1;) (func))
+  (func (;0;) (type 0) (result i32)
+    i32.const 0
+    i32.const 65536
+    i32.store 
+    i32.const 2
+    i32.load
+  )
+  (func (;1;) (type 1)
+    call 0
+    ;; should be 1
+    ;; drop
+  )
+  (start 1)
+  (memory (;0;) 2)
+  (export "main" (func 1))
+)

benchmarks/wasm/load.wat

@@ -10,7 +10,7 @@
   )
   (func (;1;) (type 1)
     call 0
-    ;; should be 65536
+    ;; should be 1
     ;; drop
     )
   (start 1)

benchmarks/wasm/mem-sym-extract.wat

@@ -0,0 +1,32 @@
+(module
+  (type (;0;) (func (result i32)))
+  (type (;1;) (func))
+  (type (;2;) (func (param i32) (result i32)))
+  (type (;3;) (func (param i32)))
+  (import "console" "assert" (func (type 3)))
+  (func (;1;) (type 2) (param i32) (result i32)
+    i32.const 0
+    local.get 0
+    i32.store
+    i32.const 0
+    i32.load
+    i32.const 1
+    i32.eq
+    if (result i32)  ;; if x == 256
+      i32.const 1 ;; return 1
+    else
+      i32.const 0 
+      call 0 ;; assert false
+      i32.const 1 ;; to satisfy the type checker, this line will never be reached
+    end
+  )
+  (func (;2;) (type 1)
+    i32.const 0
+    i32.symbolic ;; call it x
+    call 1
+  )
+  (start 2)
+  (memory (;0;) 2)
+  (export "main" (func 1))
+  (global (;0;) (mut i32) (i32.const 42))
+)

benchmarks/wasm/mem-sym.wat

@@ -0,0 +1,43 @@
+(module
+  (type (;0;) (func (result i32)))
+  (type (;1;) (func))
+  (type (;2;) (func (param i32) (result i32)))
+  (type (;3;) (func (param i32)))
+  (import "console" "assert" (func (type 3)))
+  (func (;1;) (type 2) (param i32) (result i32)
+    i32.const 0
+    local.get 0
+    i32.store
+    i32.const 0
+    i32.load
+    i32.const 25
+    i32.eq
+    if (result i32)  ;; if x == 25
+      i32.const 0 
+      call 0 ;; assert false
+      i32.const 1 ;; to satisfy the type checker, this line will never be reached
+    else
+      i32.const 1
+      i32.load
+      i32.const 1
+      i32.eq
+      if (result i32) ;; if x >> 8 == 1
+        i32.const 0
+        call 0 ;; assert false
+        i32.const 1 ;; to satisfy the type checker, this line will never be reached
+      else
+        i32.const 1
+      end
+      i32.const 1
+    end
+  )
+  (func (;2;) (type 1)
+    i32.const 0
+    i32.symbolic ;; call it x
+    call 1
+  )
+  (start 2)
+  (memory (;0;) 2)
+  (export "main" (func 1))
+  (global (;0;) (mut i32) (i32.const 42))
+)

benchmarks/wasm/staged/brtable_concolic.wat

@@ -0,0 +1,22 @@
+(module $brtable
+  (global (;0;) (mut i32) (i32.const 1048576))
+  (type (;0;) (func (param i32)))
+  (func (;0;) (type 1) (result i32)
+    i32.const 2
+    (block
+      (block
+        (block
+          i32.const 0
+          i32.symbolic
+          br_table 0 1 2 0 ;; br_table will consume an element from the stack
+        )
+        i32.const 1
+        call 1
+        br 1
+      )
+      i32.const 0
+      call 1
+    )
+  )
+  (import "console" "assert" (func (type 0)))
+  (start 0))

benchmarks/wasm/staged/long-trivial-execution.wat

@@ -0,0 +1,54 @@
+(module
+  (type (;0;) (func))
+  (type (;1;) (func (param i32)))
+  (import "console" "assert" (func (type 1)))
+  (func (;1;) (type 0)
+    (local i32 i32)
+    i32.const 1
+    local.set 0
+    i32.const 0
+    local.set 1
+    block
+      loop
+        local.get 0
+        i32.const 10000
+        i32.ge_s
+        br_if 1
+        local.get 1
+        i32.const 0
+        i32.add
+        local.set 1
+        local.get 0
+        i32.const 1
+        i32.add
+        local.set 0
+        br 0
+      end
+    end
+    i32.const 10000
+    local.set 0
+    i32.const 0
+    local.set 1
+    block
+      loop
+      local.get 0
+      i32.eqz
+      br_if 1        ;; break if counter == 0
+      local.get 1
+      i32.const 0
+      i32.sub        ;; acc - 0 (no change)
+      local.set 1
+      local.get 0
+      i32.const 1
+      i32.sub
+      local.set 0    ;; counter--
+      br 0           ;; repeat loop
+      end
+    end
+    local.get 1
+    if
+      i32.const 0
+      call 0
+    end
+  )
+  (start 1))

benchmarks/wasm/staged/return_poly.wat

@@ -0,0 +1,19 @@
+(module
+  (type (;0;) (func))
+  (type (;1;) (func (result i32))) 
+  ;; TODO: It seems that our parser or preprocessor has some problems; the result type of the last line doesn't take effect
+  (func (result i32)
+    block
+      i32.const 21
+      i32.const 35
+      i32.const 42
+      return
+    end
+    i32.const 100
+  )
+  (func (type 0)
+    call 0
+    ;; unreachable
+  )
+  (export "$real_main" (func 1))
+)

benchmarks/wasm/staged/simple_global.wat

@@ -0,0 +1,22 @@
+(module $simple_global
+  (type (;0;) (func (param i32 i32) (result i32)))
+  (type (;1;) (func (result i32)))
+  (type (;2;) (func (param i32)))
+  (func $real_main (type 1) (result i32)
+    (local i32)
+    i32.const 0
+    i32.symbolic
+    local.tee 0
+    local.get 0
+    global.set 0
+    if
+    else
+      i32.const 0
+      call 1
+    end)
+  (import "console" "assert" (func (type 2)))
+  (memory (;0;) 16)
+  (global $__stack_pointer (mut i32) (i32.const 1048576))
+  (global (;1;) i32 (i32.const 1048576))
+  (global (;2;) i32 (i32.const 1048576))
+  (export "real_main" (func 0)))

headers/wasm.hpp

@@ -1,6 +1,11 @@
 #ifndef WASM_HEADERS
 #define WASM_HEADERS
 
+#include "wasm/concolic_driver.hpp"
 #include "wasm/concrete_rt.hpp"
+#include "wasm/controls.hpp"
+#include "wasm/profile.hpp"
+#include "wasm/symbolic_rt.hpp"
+#include "wasm/utils.hpp"
 
 #endif