Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*-symbolic: Reduce the usage of projectLLVM_bv #395

Open
langston-barrett opened this issue Jul 12, 2024 · 2 comments
Open

*-symbolic: Reduce the usage of projectLLVM_bv #395

langston-barrett opened this issue Jul 12, 2024 · 2 comments
Labels
symbolic-execution Issues relating to macaw-symbolic and symbolic execution tech-debt Technical debt that would be nice to clean up

Comments

@langston-barrett
Copy link
Contributor

The Crucible-LLVM function projectLLVM_bv takes a pointer, asserts that it is a bitvector, and returns the bitvector value. The problem is that when this assertion fails, it does so with a generic and unhelpful error message. Macaw should avoid this function, and instead provide more detailed messages that match the level of abstraction of the program under test (e.g., "attempted to divide by a pointer").

See GaloisInc/crucible#1220 for how this was done in Crucible-LLVM.
@langston-barrett langston-barrett added the symbolic-execution Issues relating to macaw-symbolic and symbolic execution label Jul 12, 2024
@RyanGlScott
Copy link
Contributor

Searching for individual uses of projectLLVM_bv doesn't come up with that many hits, but that's a bit deceiving, since the majority of projectLLVM_bv invocations of performed transitively by invoking the toValBV function, which is a very commonly used helper function in all of the macaw-symbolic backends. In fact, nearly every instruction that involves bitvectors is likely to use toValBV in some form or another when encoding the instruction's semantics into Crucible, which means that we have our work cut out for us in crafting individual error messages for each toValBV call site. (We could report a generic error message like Found pointer instead of bitvector when calling toValBV, but that seems just as bad as the current status quo.)

Personally, I don't understand what every single x86-64, AArch32, and PowerPC instruction does well enough in order to craft all of these error messages. As such, my inclination is to just report something like Found pointer instead of bitvector when calling <instruction name>. While this is still generic, it still goes a long way in disambiguating where the pointer-to-bitvector conversions are actually happening, and thus I think it would still be an improvement.

@RyanGlScott RyanGlScott added the tech-debt Technical debt that would be nice to clean up label Jul 25, 2024
@sauclovian-g
Copy link
Contributor

That seems like a vast improvement over the equivalent of "Oops". For most instructions it's all you'd really want anyway (except you might add "in the 2nd operand of ...")

I know enough x86_64 and arm32 (though not ppc) to be able to rapidly interpret the manual for any cases that look like they ought to get deeper treatment; ping me if it would be helpful. But there's probably no need.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
symbolic-execution Issues relating to macaw-symbolic and symbolic execution tech-debt Technical debt that would be nice to clean up
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@RyanGlScott @langston-barrett @sauclovian-g