diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index 08e928b8e1d..bca91d87438 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -1344,7 +1344,12 @@ void Executor::addConstraint(ExecutionState &state, ref condition) { klee_warning("seeds patched for violating constraint"); } + ConstraintSet oldCS = state.constraints; state.addConstraint(condition); + if (cm->get(state.constraints).bindings.empty()) { + cm->add(Query(oldCS, condition), Assignment(true)); + } + if (ivcEnabled) doImpliedValueConcretization(state, condition, ConstantExpr::alloc(1, Expr::Bool)); @@ -4866,7 +4871,6 @@ void Executor::executeMemoryOperation(ExecutionState &state, } if (bound) { - addConstraint(*bound, inBounds); bound->addPointerResolution(base, address, mo); /* FIXME: same as above. Wasting memory. */ @@ -4900,6 +4904,7 @@ void Executor::executeMemoryOperation(ExecutionState &state, return; } if (mayBeOutOfBound) { + addConstraint(*unbound, checkOutOfBounds); terminateStateOnError(*unbound, "memory error: out of bound pointer", StateTerminationType::Ptr, getAddressInfo(*unbound, address)); diff --git a/lib/Solver/ConcretizationManager.cpp b/lib/Solver/ConcretizationManager.cpp index 14818404836..8de16616c78 100644 --- a/lib/Solver/ConcretizationManager.cpp +++ b/lib/Solver/ConcretizationManager.cpp @@ -48,26 +48,25 @@ void ConcretizationManager::add(const ConstraintSet &oldCS, } delete independent; - std::set> dependentWithNew; + ConstraintSet dependentWithNew; + ConstraintManager cm(dependentWithNew); + for (auto i : dependent) { - dependentWithNew.insert(i); + cm.addConstraint(i); } for (auto i : newCS) { - dependentWithNew.insert(i); + cm.addConstraint(i); } for (auto i : assign.bindings) { - newAssign.bindings.insert(i); + newAssign.bindings[i.first] = i.second; } - concretizations.insert(dependentWithNew, newAssign); + concretizations.insert(dependentWithNew.asSet(), newAssign); } void ConcretizationManager::add(const Query &q, const Assignment &assign) { - std::vector> dependent; - getIndependentConstraints(q, dependent); - ConstraintSet newCS(dependent); - newCS.push_back(q.expr); - add({}, newCS, assign); + ConstraintSet newCS(std::vector>{q.expr}); + add(q.constraints, newCS, assign); } diff --git a/lib/Solver/ConcretizingSolver.cpp b/lib/Solver/ConcretizingSolver.cpp index 844522087e0..bb84f300a03 100644 --- a/lib/Solver/ConcretizingSolver.cpp +++ b/lib/Solver/ConcretizingSolver.cpp @@ -110,10 +110,6 @@ bool ConcretizingSolver::computeTruth(const Query &query, bool &isValid) { // symcretes until remove all of them or query starts to evaluate // to `mayBeFalse`. - if (isValid) { - cm->add(query, assign); - } - if (!isValid) { cm->add(query.negateExpr(), assign); }