Update with changes flowing from GaloicInc/crucible#945.

This mostly deals with the splitting of the old `sym` type into
two: one for dealing with expression creation, and a new simulator
backend type for dealing with control-flow and assertions.

Author: robdockins

macaw-aarch32-symbolic/src/Data/Macaw/AArch32/Symbolic/Functions.hs

@@ -1,4 +1,5 @@
 {-# LANGUAGE GADTs #-}
+{-# LANGUAGE RankNTypes #-}
 {-# LANGUAGE StandaloneDeriving #-}
 module Data.Macaw.AArch32.Symbolic.Functions (
   SymFuns
@@ -82,33 +83,33 @@ funcSemantics :: (CB.IsSymInterface sym, MS.ToCrucibleType mt ~ t)
               -> IO (CS.RegValue sym t, S sym rtp bs r ctx)
 funcSemantics sfns fn st0 =
    case fn of
-    MAA.SDiv _rep lhs rhs -> withSym st0 $ \sym -> do
-      lhs' <- toValBV sym lhs
-      rhs' <- toValBV sym rhs
+    MAA.SDiv _rep lhs rhs -> withBackend st0 $ \sym bak -> do
+      lhs' <- toValBV bak lhs
+      rhs' <- toValBV bak rhs
       -- NOTE: We are applying division directly here without checking the divisor for zero.
       --
       -- The ARM semantics explicitly check this and have different behaviors
       -- depending on what CPU flags are set; this operation is never called
       -- with a divisor of zero.  We could add an assertion to that effect here,
       -- but it might be difficult to prove.
       LL.llvmPointer_bv sym =<< WI.bvSdiv sym lhs' rhs'
-    MAA.UDiv _rep lhs rhs -> withSym st0 $ \sym -> do
-      lhs' <- toValBV sym lhs
-      rhs' <- toValBV sym rhs
+    MAA.UDiv _rep lhs rhs -> withBackend st0 $ \sym bak -> do
+      lhs' <- toValBV bak lhs
+      rhs' <- toValBV bak rhs
       -- NOTE: See the note in SDiv
       LL.llvmPointer_bv sym =<< WI.bvUdiv sym lhs' rhs'
-    MAA.URem _rep lhs rhs -> withSym st0 $ \sym -> do
-      lhs' <- toValBV sym lhs
-      rhs' <- toValBV sym rhs
+    MAA.URem _rep lhs rhs -> withBackend st0 $ \sym bak -> do
+      lhs' <- toValBV bak lhs
+      rhs' <- toValBV bak rhs
       -- NOTE: See the note in SDiv
       LL.llvmPointer_bv sym =<< WI.bvUrem sym lhs' rhs'
-    MAA.SRem _rep lhs rhs -> withSym st0 $ \sym -> do
-      lhs' <- toValBV sym lhs
-      rhs' <- toValBV sym rhs
+    MAA.SRem _rep lhs rhs -> withBackend st0 $ \sym bak -> do
+      lhs' <- toValBV bak lhs
+      rhs' <- toValBV bak rhs
       -- NOTE: See the note in SDiv
       LL.llvmPointer_bv sym =<< WI.bvSrem sym lhs' rhs'
-    MAA.UnsignedRSqrtEstimate _rep v -> withSym st0 $ \sym -> do
-      v' <- toValBV sym v
+    MAA.UnsignedRSqrtEstimate _rep v -> withBackend st0 $ \sym bak -> do
+      v' <- toValBV bak v
       let args = Ctx.empty Ctx.:> v'
       res <- lookupApplySymFun sym sfns "unsignedRSqrtEstimate" CT.knownRepr args CT.knownRepr
       LL.llvmPointer_bv sym res
@@ -139,22 +140,21 @@ funcSemantics sfns fn st0 =
     MAA.ARMSyscall {} ->
       AP.panic AP.AArch32 "funcSemantics" ["The ARM syscall primitive should be eliminated and replaced by a handle lookup"]
 
-withSym :: (CB.IsSymInterface sym)
-        => S sym rtp bs r ctx
-        -> (sym -> IO a)
-        -> IO (a, S sym rtp bs r ctx)
-withSym s action = do
-  let sym = s ^. CSET.stateSymInterface
-  val <- action sym
-  return (val, s)
-
+withBackend ::
+  S sym rtp bs r ctx ->
+  (forall bak. CB.IsSymBackend sym bak => sym -> bak -> IO a) ->
+  IO (a, S sym rtp bs r ctx)
+withBackend s action = do
+  CSET.withBackend (s^.CSET.stateContext) $ \bak ->
+    do val <- action (CB.backendGetSym bak) bak
+       return (val, s)
 
 -- | Assert that the wrapped value is a bitvector
-toValBV :: (CB.IsSymInterface sym)
-        => sym
+toValBV :: (CB.IsSymBackend sym bak)
+        => bak
         -> AA.AtomWrapper (CS.RegEntry sym) (MT.BVType w)
         -> IO (CS.RegValue sym (CT.BVType w))
-toValBV sym (AA.AtomWrapper x) = LL.projectLLVM_bv sym (CS.regValue x)
+toValBV bak (AA.AtomWrapper x) = LL.projectLLVM_bv bak (CS.regValue x)
 
 -- | Apply an uninterpreted function to the provided arguments
 --

macaw-aarch32-symbolic/tests/Main.hs

@@ -37,6 +37,7 @@ import qualified Data.Macaw.Discovery as M
 import qualified Data.Macaw.Symbolic as MS
 import qualified Data.Macaw.Symbolic.Testing as MST
 import qualified What4.Config as WC
+import qualified What4.Expr.Builder as WEB
 import qualified What4.Interface as WI
 import qualified What4.ProblemFeatures as WPF
 import qualified What4.Solver as WS
@@ -113,6 +114,8 @@ mkSymExTest expected exePath = TT.askOption $ \saveSMT@(SaveSMT _) -> TT.askOpti
           symExTestSized expected exePath saveSMT saveMacaw step ehi MA.arm_linux_info
         Elf.ELFCLASS64 -> TTH.assertFailure "64 bit ARM is not supported"
 
+data MacawAarch32TestData t = MacawAarch32TestData
+
 symExTestSized :: MST.SimulationResult
                -> FilePath
                -> SaveSMT
@@ -128,19 +131,20 @@ symExTestSized expected exePath saveSMT saveMacaw step ehi archInfo = do
      step ("Testing " ++ BS8.unpack name ++ " at " ++ show (M.discoveredFunAddr dfi))
      writeMacawIR saveMacaw (BS8.unpack name) dfi
      Some (gen :: PN.NonceGenerator IO t) <- PN.newIONonceGenerator
-     CBO.withYicesOnlineBackend CBO.FloatRealRepr gen CBO.NoUnsatFeatures WPF.noFeatures $ \sym -> do
+     sym <- WEB.newExprBuilder WEB.FloatRealRepr MacawAarch32TestData gen
+     CBO.withYicesOnlineBackend sym CBO.NoUnsatFeatures WPF.noFeatures $ \bak -> do
        -- We are using the z3 backend to discharge proof obligations, so
        -- we need to add its options to the backend configuration
        let solver = WS.z3Adapter
        let backendConf = WI.getConfiguration sym
        WC.extendConfig (WS.solver_adapter_config_options solver) backendConf
 
-       execFeatures <- MST.defaultExecFeatures (MST.SomeOnlineBackend sym)
+       execFeatures <- MST.defaultExecFeatures (MST.SomeOnlineBackend bak)
        let Just archVals = MS.archVals (Proxy @MA.ARM) Nothing
        let extract = armResultExtractor archVals
        logger <- makeGoalLogger saveSMT solver name exePath
        let ?memOpts = LLVM.defaultMemOptions
-       simRes <- MST.simulateAndVerify solver logger sym execFeatures archInfo archVals mem extract dfi
+       simRes <- MST.simulateAndVerify solver logger bak execFeatures archInfo archVals mem extract dfi
        TTH.assertEqual "AssertionResult" expected simRes
 
 writeMacawIR :: (MC.ArchConstraints arch) => SaveMacaw -> String -> M.DiscoveryFunInfo arch ids -> IO ()

macaw-aarch32/src/Data/Macaw/ARM/Semantics/ARMSemantics.hs

@@ -19,15 +19,15 @@ import           Data.Macaw.ARM.Arch ( a32InstructionMatcher )
 import           Data.Macaw.ARM.Semantics.TH ( armAppEvaluator, armNonceAppEval, loadSemantics, armTranslateType )
 import qualified Data.Macaw.CFG as MC
 import           Data.Macaw.SemMC.Generator ( Generator )
-import           Data.Macaw.SemMC.TH ( MacawTHConfig(..), genExecInstruction )
+import           Data.Macaw.SemMC.TH ( MacawTHConfig(..), genExecInstruction, MacawSemMC(..) )
 import qualified Data.Macaw.Types as MT
 import           Data.Parameterized.Classes ( showF )
 import qualified Data.Parameterized.Map as MapF
 import qualified Data.Parameterized.Nonce as PN
 import           Data.Parameterized.Some ( Some(..), mapSome )
 import           Data.Proxy ( Proxy(..) )
 import           Dismantle.ARM.A32 -- must be present to supply definitions for genExecInstruction output
-import qualified Lang.Crucible.Backend.Simple as CBS
+import qualified What4.Expr.Builder as WEB
 import qualified Language.Haskell.TH as TH
 import qualified SemMC.Architecture.AArch32 as ARMSem
 import           SemMC.Architecture.ARM.Opcodes ( ASLSemantics(..), allA32OpcodeInfo )
@@ -40,7 +40,7 @@ execInstruction :: MC.Value ARMSem.AArch32 ids (MT.BVType 32)
                 -> Maybe (Generator ARMSem.AArch32 ids s ())
 execInstruction =
   $(do Some ng <- TH.runIO PN.newIONonceGenerator
-       sym <- TH.runIO (CBS.newSimpleBackend CBS.FloatIEEERepr ng)
+       sym <- TH.runIO (WEB.newExprBuilder WEB.FloatIEEERepr MacawSemMC ng)
        sem <- TH.runIO (loadSemantics sym)
        let
          aconv :: (MapF.Pair (Opcode Operand) x)

macaw-aarch32/src/Data/Macaw/ARM/Semantics/TH.hs

@@ -46,7 +46,7 @@ import qualified Data.Parameterized.Context as Ctx
 import qualified Data.Parameterized.TraversableFC as FC
 import           Data.Parameterized.NatRepr
 import           GHC.TypeLits as TL
-import qualified Lang.Crucible.Backend.Simple as CBS
+import qualified What4.Expr.Builder as WEB
 import           Language.Haskell.TH
 import qualified SemMC.Architecture.AArch32 as ARM
 import qualified SemMC.Architecture.ARM.Opcodes as ARM
@@ -55,7 +55,7 @@ import qualified What4.Expr.Builder as WB
 
 import qualified Language.ASL.Globals as ASL
 
-loadSemantics :: CBS.SimpleBackend t fs -> IO (ARM.ASLSemantics (CBS.SimpleBackend t fs))
+loadSemantics :: WEB.ExprBuilder t st fs -> IO (ARM.ASLSemantics (WEB.ExprBuilder t st fs))
 loadSemantics sym = ARM.loadSemantics sym (ARM.ASLSemanticsOpts { ARM.aslOptTrimRegs = True})
 
 -- n.b. although MacawQ is a monad and therefore has a fail

macaw-aarch32/src/Data/Macaw/ARM/Semantics/ThumbSemantics.hs

@@ -19,15 +19,15 @@ import           Data.Macaw.ARM.Arch ( t32InstructionMatcher )
 import           Data.Macaw.ARM.Semantics.TH ( armAppEvaluator, armNonceAppEval, loadSemantics, armTranslateType )
 import qualified Data.Macaw.CFG as MC
 import           Data.Macaw.SemMC.Generator ( Generator )
-import           Data.Macaw.SemMC.TH ( MacawTHConfig(..), genExecInstruction )
+import           Data.Macaw.SemMC.TH ( MacawTHConfig(..), genExecInstruction, MacawSemMC(..) )
 import qualified Data.Macaw.Types as MT
 import           Data.Parameterized.Classes ( showF )
 import qualified Data.Parameterized.Map as MapF
 import qualified Data.Parameterized.Nonce as PN
 import           Data.Parameterized.Some ( Some(..) )
 import           Data.Proxy ( Proxy(..) )
 import           Dismantle.ARM.T32 -- as ThumbDis -- must be present to supply definitions for genExecInstruction output
-import qualified Lang.Crucible.Backend.Simple as CBS
+import qualified What4.Expr.Builder as WEB
 import qualified Language.Haskell.TH as TH
 import qualified SemMC.Architecture.AArch32 as ARMSem
 import           SemMC.Architecture.ARM.Opcodes ( ASLSemantics(..), allT32OpcodeInfo )
@@ -39,7 +39,7 @@ execInstruction :: MC.Value ARMSem.AArch32 ids (MT.BVType 32)
                 -> Maybe (Generator ARMSem.AArch32 ids s ())
 execInstruction =
   $(do Some ng <- TH.runIO PN.newIONonceGenerator
-       sym <- TH.runIO (CBS.newSimpleBackend CBS.FloatIEEERepr ng)
+       sym <- TH.runIO (WEB.newExprBuilder WEB.FloatIEEERepr MacawSemMC ng)
        sem <- TH.runIO (loadSemantics sym)
        let
          aconv :: (MapF.Pair (Opcode Operand) x)