Skip to content

Read symbolic value at symbolic address #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
+82 −3
Open

Read symbolic value at symbolic address #152

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
9c374d1
Write symbolic value at symbolic index
Stevengre Jun 23, 2025
abb1cb8
Set Version: 0.1.113
rv-auditor Jun 23, 2025
3763e0b
Update src/kriscv/kdist/riscv-semantics/lemmas/sparse-bytes-simplific…
Stevengre Jun 24, 2025
501ffb9
fix
Stevengre Jun 24, 2025
4903d42
format
Stevengre Jun 24, 2025
273705b
Enhance simplification rules in RISC-V semantics for writeBytes and #…
Stevengre Jun 24, 2025
36f61a0
delete uneccesary side condition
Stevengre Jun 24, 2025
2d3d815
Enhance writeBytes and #WB operations in RISC-V semantics by introduc…
Stevengre Jun 25, 2025
d95f68c
bring ==Int to the require clause for more general cases
Stevengre Jun 25, 2025
eb6eb25
Read symbolic value at symbolic address
Stevengre Jun 24, 2025
8c9abdd
Set Version: 0.1.114
rv-auditor Jun 24, 2025
e3cdbd3
Merge branch 'master' into jh/sym-read-mem
Stevengre Jul 9, 2025
3503ce4
Set Version: 0.1.114
rv-auditor Jul 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package/version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.1.113
0.1.114
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "hatchling.build"

[project]
name = "kriscv"
version = "0.1.113"
version = "0.1.114"
description = "K tooling for the RISC-V architecture"
readme = "README.md"
requires-python = "~=3.10"
Expand Down
17 changes: 17 additions & 0 deletions src/kriscv/kdist/riscv-semantics/lemmas/sparse-bytes-simplifications.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,23 @@ For symbolic execution, we need to tackle the patterns of `#bytes(B +Bytes _) _`
requires I >Int 0 andBool I <Int lengthBytes(B) [simplification(45), preserves-definedness]
rule dropFront(I, #bytes(B +Bytes BS) EF) => dropFront(I -Int lengthBytes(B), #bytes(BS) EF)
requires I >=Int lengthBytes(B) [simplification(45), preserves-definedness]

// pickFront and dropFront for #WB
rule pickFront(PICK, #WB(_, _, _, _, B:SparseBytes)) => pickFront(PICK, B)
// omit this condition to make it easy to simplify: requires 0 =/=Int I
Comment on lines +33 to +34
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would require PICK <=Int I or NUM ==Int 0 I think.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Applied the suggestion!

[simplification(45)]
rule pickFront(PICK, #WB(_, I, V, NUM, B:SparseBytes)) => Int2Bytes(minInt(PICK, NUM), V, LE) +Bytes pickFront(maxInt(0, PICK -Int NUM), B >>SparseBytes minInt(PICK, NUM))
requires 0 ==Int I [simplification(40)]
rule dropFront(DROP, #WB(FLAG, I, V, NUM, B:SparseBytes)) => #WB(FLAG, I -Int DROP, V, NUM, dropFront(DROP, B))
[simplification(45)]
Comment on lines +38 to +39
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider DROP > I. In that case, WriteBytes(I -Int DROP, ...) is .SparseBytes.



syntax SparseBytes ::= SparseBytes ">>SparseBytes" Int [function, total]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please document the intended semantics of this symbol.

// It's not correct, but just make this function total
rule B >>SparseBytes _ => B [concrete]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks dangerous, Why is this rule necessary?

rule #WB(FLAG, I, V, NUM, B:SparseBytes) >>SparseBytes SHIFT => #WB(FLAG, I, (V &Int (2 ^Int (NUM *Int 8)) -Int 1) >>Int (SHIFT *Int 8), NUM, B >>SparseBytes SHIFT)
requires SHIFT >=Int 0 [simplification(45), preserves-definedness]
rule B:SparseBytes >>SparseBytes _ => B [simplification]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also looks unsound.

```

## writeBytes
Expand Down
62 changes: 62 additions & 0 deletions src/tests/integration/test-data/specs/read-symbolic-index-value.k
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
module READ-SYMBOLIC-INDEX-VALUE
imports RISCV

claim [id]:
<instrs> #CHECK_HALT => #HALT </instrs>
<regs>
// read from #bytes
1 |-> (readBytes(4, 4,
#WB(true, I1, V0, 2,
#WB(true, I1, V1, 4,
#WB(true, I0, V2, 4,
#WB(true, I2, V3, 4,
#bytes (b"\x00\x00\x00\x00" +Bytes Int2Bytes(4, V4, LE) +Bytes b"\x00\x00\x00\x00\x00\x00\x00\x00") .SparseBytes)))))
=> V4)
// read I2 with same number of bytes
2 |-> (readBytes(I2, 4,
#WB(true, I1, V0, 2,
#WB(true, I1, V1, 4,
#WB(true, I0, V2, 4,
#WB(true, I2, V3, 4,
#bytes (Int2Bytes(4, V4, LE) +Bytes b"\x00\x00\x00\x00\x00\x00\x00\x00") .SparseBytes)))))
=> V3)
// read I2 with smaller number of bytes
3 |-> (readBytes(I2, 2,
#WB(true, I1, V0, 2,
#WB(true, I1, V1, 4,
#WB(true, I0, V2, 4,
#WB(true, I2, V3, 4,
#bytes (Int2Bytes(4, V4, LE) +Bytes b"\x00\x00\x00\x00\x00\x00\x00\x00") .SparseBytes)))))
=> V3 &Int 65535)
// DISALLOWED: read with more number of bytes (8 bytes, but only 4 stored)
// read I1 with 2 bytes
4 |-> (readBytes(I1, 2,
#WB(true, I1, V0, 2,
#WB(true, I1, V1, 4,
#WB(true, I0, V2, 4,
#WB(true, I2, V3, 4,
#bytes (Int2Bytes(4, V4, LE) +Bytes b"\x00\x00\x00\x00\x00\x00\x00\x00") .SparseBytes)))))
=> V0 &Int 65535)
// read I1 with 4 bytes
5 |-> (readBytes(I1, 4,
#WB(true, I1, V0, 2,
#WB(true, I1, V1, 4,
#WB(true, I0, V2, 4,
#WB(true, I2, V3, 4,
#bytes (Int2Bytes(4, V4, LE) +Bytes b"\x00\x00\x00\x00\x00\x00\x00\x00") .SparseBytes)))))
=> Bytes2Int(Int2Bytes(2, V0, LE) +Bytes Int2Bytes(2, V1 >>Int 16, LE), LE, Unsigned))
</regs>
<pc> 0 </pc>
<haltCond> ADDRESS ( 0 ) </haltCond>
// index not equal to 0
requires 4 =/=Int I0 andBool 4 =/=Int I1 andBool 4 =/=Int I2
// different indices
andBool I0 =/=Int I1 andBool I0 =/=Int I2 andBool I1 =/=Int I2
// values are within range
andBool 0 <=Int V0 andBool V0 <=Int 65535
andBool 0 <=Int V1 andBool V1 <=Int 4294967295
andBool 0 <=Int V2 andBool V2 <=Int 4294967295
andBool 0 <=Int V3 andBool V3 <=Int 4294967295
andBool 0 <=Int V4 andBool V4 <=Int 4294967295
endmodule

2 changes: 1 addition & 1 deletion uv.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.