1-- SPDX-FileCopyrightText: 2025 Sören Tempel <soeren+git@soeren-tempel.net>2--3-- SPDX-License-Identifier: GPL-3.0-only45module Explorer (exploreTests) where67import Data.List (sort)8import Data.Map qualified as Map9import Data.Maybe (fromJust)10import Language.QBE.Backend.Store qualified as ST11import Language.QBE.Simulator.Default.Expression qualified as DE12import Language.QBE.Simulator.Explorer (explore)13import Language.QBE.Simulator.Symbolic.Tracer qualified as T14import Language.QBE.Types qualified as QBE15import Test.Tasty16import Test.Tasty.HUnit17import Util1819branchPoints :: [(ST.Assign, T.ExecTrace)] -> [[Bool]]20branchPoints lst = sort $ map (\(_, t) -> map fst t) lst2122findAssign :: [(ST.Assign, T.ExecTrace)] -> [Bool] -> Maybe ST.Assign23findAssign [] _ = Nothing24findAssign ((a, eTrace) : xs) toFind25 | map fst eTrace == toFind = Just a26 | otherwise = findAssign xs toFind2728------------------------------------------------------------------------2930exploreTests :: TestTree31exploreTests =32 testGroup33 "Tests for Symbolic Program Exploration"34 [ testCase "Explore program with four execution paths" $35 do36 prog <-37 parseProg38 "function $branchOnInput(w %cond1, w %cond2) {\n\39 \@jump.1\n\40 \jnz %cond1, @branch.1, @branch.2\n\41 \@branch.1\n\42 \jmp @jump.2\n\43 \@branch.2\n\44 \jmp @jump.2\n\45 \@jump.2\n\46 \jnz %cond2, @branch.3, @branch.4\n\47 \@branch.3\n\48 \ret\n\49 \@branch.4\n\50 \ret\n\51 \}"5253 let funcDef = findFunc prog (QBE.GlobalIdent "branchOnInput")54 eTraces <- explore prog funcDef [("cond1", QBE.Word), ("cond2", QBE.Word)]5556 let branches = branchPoints eTraces57 branches @?= [[False, False], [False, True], [True, False], [True, True]],58 testCase "Unsatisfiable branches" $59 do60 prog <-61 parseProg62 "function $branchOnInput(w %cond1) {\n\63 \@jump.1\n\64 \jnz %cond1, @branch.1, @branch.2\n\65 \@branch.1\n\66 \jmp @jump.2\n\67 \@branch.2\n\68 \jmp @jump.2\n\69 \@jump.2\n\70 \jnz %cond1, @branch.3, @branch.4\n\71 \@branch.3\n\72 \ret\n\73 \@branch.4\n\74 \ret\n\75 \}"7677 let funcDef = findFunc prog (QBE.GlobalIdent "branchOnInput")78 eTraces <- explore prog funcDef [("cond1", QBE.Word)]7980 let branches = branchPoints eTraces81 branches @?= [[False, False], [True, True]],82 testCase "Branch with overflow arithmetics" $83 do84 prog <-85 parseProg86 "function $branchArithmetics(w %input) {\n\87 \@start\n\88 \%cond =w add %input, 1\n\89 \jnz %input, @branch.1, @branch.2\n\90 \@branch.1\n\91 \ret\n\92 \@branch.2\n\93 \ret\n\94 \}"9596 let funcDef = findFunc prog (QBE.GlobalIdent "branchArithmetics")97 eTraces <- explore prog funcDef [("input", QBE.Word)]9899 let branches = branchPoints eTraces100 branches @?= [[False], [True]]101102 let assign = fromJust $ findAssign eTraces [False]103 Map.lookup "input" assign @?= (Just $ DE.VWord 0),104 testCase "Store symbolic value and memory, load it and pass it to function" $105 do106 prog <-107 parseProg108 "function $branchOnInput(w %cond1) {\n\109 \@jump.1\n\110 \jnz %cond1, @branch.1, @branch.2\n\111 \@branch.1\n\112 \jmp @jump.2\n\113 \@branch.2\n\114 \jmp @jump.2\n\115 \@jump.2\n\116 \jnz %cond1, @branch.3, @branch.4\n\117 \@branch.3\n\118 \ret\n\119 \@branch.4\n\120 \ret\n\121 \}\n\122 \function $entry(w %in) {\n\123 \@start\n\124 \%a =l alloc4 4\n\125 \storew %in, %a\n\126 \%l =w loadw %a\n\127 \call $branchOnInput(w %l)\n\128 \ret\n\129 \}"130131 let funcDef = findFunc prog (QBE.GlobalIdent "entry")132 eTraces <- explore prog funcDef [("x", QBE.Word)]133134 let branches = branchPoints eTraces135 branches @?= [[False, False], [True, True]],136 testCase "Branch on a specific concrete 64-bit value" $137 do138 prog <-139 parseProg140 "function $f(l %input.0) {\n\141 \@start\n\142 \%input.1 =l sub %input.0, 42\n\143 \jnz %input.1, @not42, @is42\n\144 \@not42\n\145 \ret\n\146 \@is42\n\147 \ret\n\148 \}"149150 let funcDef = findFunc prog (QBE.GlobalIdent "f")151 eTraces <- explore prog funcDef [("y", QBE.Long)]152153 branchPoints eTraces @?= [[False], [True]]154 let assign = fromJust $ findAssign eTraces [False]155 Map.lookup "y" assign @?= (Just $ DE.VLong 42),156 testCase "Branching with subtyping" $157 do158 prog <-159 parseProg160 "function $f(l %input.0, w %input.1) {\n\161 \@start\n\162 \%added =w add %input.1, 1\n\163 \%subed =w sub %added, %input.1\n\164 \%result =w add %added, %subed\n\165 \jnz %result, @b1, @b2\n\166 \@b1\n\167 \jnz %input.0, @b2, @b2\n\168 \@b2\n\169 \ret\n\170 \}"171172 let funcDef = findFunc prog (QBE.GlobalIdent "f")173 eTraces <- explore prog funcDef [("y", QBE.Long), ("x", QBE.Word)]174175 branchPoints eTraces @?= [[False], [True, False], [True, True]]176 ]