Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/zyedidia/rvsym
A small RISC-V symbolic execution engine
https://github.com/zyedidia/rvsym
riscv symbolic-execution symbolic-execution-engine
Last synced: 2 months ago
JSON representation
A small RISC-V symbolic execution engine
- Host: GitHub
- URL: https://github.com/zyedidia/rvsym
- Owner: zyedidia
- License: mit
- Created: 2021-11-07T22:19:10.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2022-10-03T18:18:47.000Z (over 2 years ago)
- Last Synced: 2024-06-20T02:10:17.518Z (7 months ago)
- Topics: riscv, symbolic-execution, symbolic-execution-engine
- Language: Go
- Homepage:
- Size: 523 KB
- Stars: 4
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Rvsym: a small RISC-V symbolic execution engine
Rvsym can execute rv32im RISC-V programs symbolically.
# Building
By default, rvsym uses Boolector as the SMT backend. First you need to set up
Boolector:```
./pkg/smt/setup-boolector.sh
```Then you can build
```
go build ./cmd/rvsym
```Alternatively, you may build with dynamic linking to Z3 if it is installed:
```
go build -tags z3,noboolector ./cmd/rvsym
```In order to build the examples you will also need the RISC-V GNU toolchain.
Pre-built toolchains are available from [my repo](https://github.com/zyedidia/riscv-gnu-toolchain-prebuilt/releases/tag/v1). After downloading, unpack the tar
archive to `/opt/riscv` (or if you choose another location, point the `RISCV`
environment variable to your installation).# Usage
See the `./examples/basic` directory for a number of example programs. Compile with `make`,
and then run the example of your choosing with `rvsym example.elf`.For example, here is `get_sign.c`:
```c
#include "rvsym.h"int get_sign(int x) {
if (x == 0)
return 0;
else if (x < 0)
return -1;
else
return 1;
}int main() {
int a;
rvsym_mark_bytes(&a, sizeof(a), "a");
int r = get_sign(a);
rvsym_exit();
return r;
}
```Now we compile with the RISC-V toolchain and execute the resulting ELF binary with `rvsym`.
It finds three test cases that exercise each path in the `get_sign` function.```
$ make get_sign.elf
$ rvsym get_sign.elf --summary
--- Test case 0: exit at get_sign.c:20 (0x100a4) ---
a[3:0] -> 0x1
---
--- Test case 1: exit at get_sign.c:20 (0x100a4) ---
a[3:0] -> 0x80000001
---
--- Test case 2: exit at get_sign.c:20 (0x100a4) ---
a[3:0] -> 0x0
---
--- Summary ---
Instructions executed: 148
Total paths: 3
Quiet exits: 0
Unsat exits: 0
Normal exits: 3
Failures: 0
---
```Rvsym has the following additional options:
```
Usage:
rvsym [OPTIONS] EXEApplication Options:
--time= Stop execution after a given amount of seconds
-s, --summary Show execution summary
--elf= ELF debug information file
--entry= Program start address (default: 4096)
-p, --profile= Dump profiling information to file
-V, --verbose Show verbose debug information
-v, --version Show version information
-h, --help Show this help message
```# Notes
Rvsym runs in Linux mode for ELF files, and bare-metal mode for `.hex` or
`.bin` files. In Linux mode, Rvsym sets up the stack properly and provides a
limited set of system calls, shown below. In bare-metal mode, Rvsym does not do
any set-up. In the future bare-metal mode may include support for exceptions
and other privileged CPU features.The following system calls are provided in Linux mode: `exit`, `open`, `read`,
`write`, `lseek`, `close`, `fstat` (does not provide accurate information),
`brk`. These are a minimal set allowing basic memory allocation and file I/O.