Expose structure of serialized state

soteria-c/lib/ctree_block.ml

@@ -191,9 +191,9 @@ let uninit ~range = Tree.make ~node:(Owned (Uninit Totally)) ~range ()
 let mk_fix_typed ofs ty () =
   let* len = Layout.size_of_s ty in
   let+ fixes = mk_fix_typed ty () in
-  List.map (fun v -> [ MemVal { offset = ofs; len; v } ]) fixes
+  List.map (fun v -> [ TB.MemVal { offset = ofs; len; v } ]) fixes
 
-let mk_fix_any ofs len () = [ [ MemVal { offset = ofs; len; v = SAny } ] ]
+let mk_fix_any ofs len () = [ [ TB.MemVal { offset = ofs; len; v = SAny } ] ]
 
 let decode ~ty ~ofs node =
   match node with

soteria-c/lib/interp.ml

@@ -1154,7 +1154,11 @@ module Make (State : State_intf.S) = struct
         With_origin.
           {
             node =
-              Freeable.Alive [ Ctree_block.MemVal { offset; len; v = SZeros } ];
+              Freeable.Alive
+                [
+                  Soteria.Sym_states.Tree_block.MemVal
+                    { offset; len; v = Ctree_block.MemVal.SZeros };
+                ];
             info = None;
           }
       in

soteria-rust/lib/rtree_block.ml

@@ -6,6 +6,20 @@ open Rustsymex
 open Rustsymex.Result
 open Charon
 
+type 'a serialized_val =
+  | SInit of ('a Rust_val.t * Types.ty)
+  | SUninit
+  | SZeros
+  | SAny
+[@@deriving show { with_path = false }]
+
+let iter_vars_serialized_val iter_vars_ptr v f =
+  match v with SInit (v, _) -> Rust_val.iter_vars iter_vars_ptr v f | _ -> ()
+
+let subst_serialized_val subst_ptr f = function
+  | SInit (v, ty) -> SInit (Rust_val.subst subst_ptr f v, ty)
+  | v -> v
+
 module Make (Sptr : Sptr.S) = struct
   module Encoder = Encoder.Make (Sptr)
 
@@ -80,22 +94,11 @@ module Make (Sptr : Sptr.S) = struct
       | Lazy | Uninit Partially ->
           failwith "Should never split an intermediate node"
 
-    type serialized =
-      | SInit of (rust_val * Types.ty)
-          [@printer Fmt.(pair ~sep:comma pp_rust_val Charon_util.pp_ty)]
-      | SUninit
-      | SZeros
-      | SAny
+    type serialized = Sptr.t serialized_val
     [@@deriving show { with_path = false }]
 
-    let subst_serialized f = function
-      | SInit (v, ty) -> SInit (Rust_val.subst Sptr.subst f v, ty)
-      | v -> v
-
-    let iter_vars_serialized v f =
-      match v with
-      | SInit (v, _) -> Rust_val.iter_vars Sptr.iter_vars v f
-      | _ -> ()
+    let iter_vars_serialized v f = iter_vars_serialized_val Sptr.iter_vars v f
+    let subst_serialized f = subst_serialized_val Sptr.subst f
 
     (* TODO: serialize tree borrow information! *)
     let serialize ((t, _) : t) : serialized Seq.t option =
@@ -222,7 +225,7 @@ module Make (Sptr : Sptr.S) = struct
     let ((_, bound) as range) = Range.of_low_and_size ofs size in
     let mk_fixes () =
       let+ v = Layout.nondet ty in
-      [ [ MemVal { offset = ofs; len = size; v = SInit (v, ty) } ] ]
+      [ [ TB.MemVal { offset = ofs; len = size; v = SInit (v, ty) } ] ]
     in
     let@ t = with_bound_and_owned_check ~mk_fixes t bound in
     let replace_node t =

soteria-rust/lib/state.ml

@@ -110,9 +110,60 @@ and t = {
 }
 [@@deriving show { with_path = false }]
 
-type serialized = Tree_block.serialized Freeable.serialized SPmap.serialized
+type serialized =
+  (serialized_atom list, serialized_globals) State_intf.Template.t
 [@@deriving show { with_path = false }]
 
+and serialized_atom = T.sloc Typed.t * Tree_block.serialized Freeable.serialized
+[@@deriving show { with_path = false }]
+
+and serialized_globals = T.sloc Typed.t list
+[@@deriving show { with_path = false }]
+
+let serialize_globals globals : serialized_globals =
+  ListLabels.fold_left (GlobMap.bindings globals) ~init:[]
+    ~f:(fun acc (_, ((ptr : Sptr.t), _)) -> Typed.Ptr.loc ptr.ptr :: acc)
+
+let lift_fix_globals globals res =
+  let+? heap = res in
+  State_intf.Template.{ heap; globals = serialize_globals globals }
+
+let serialize st : serialized =
+  let heap =
+    match st.state with
+    | None -> []
+    | Some st ->
+        let serialize_freeable (b, _) = Tree_block.serialize b in
+        SPmap.serialize (Freeable.serialize serialize_freeable) st
+  in
+  let globals = serialize_globals st.globals in
+  { heap; globals }
+
+let subst_serialized (subst_var : Svalue.Var.t -> Svalue.Var.t)
+    (serialized : serialized) : serialized =
+  let heap =
+    let subst_serialized_block subst_var f =
+      Freeable.subst_serialized Tree_block.subst_serialized subst_var f
+    in
+    SPmap.subst_serialized subst_serialized_block subst_var serialized.heap
+  in
+  let globals = List.map (Typed.subst subst_var) serialized.globals in
+  { heap; globals }
+
+let iter_vars_serialized (s : serialized) :
+    (Svalue.Var.t * [< Typed.T.cval ] Typed.ty -> unit) -> unit =
+  let iter_heap =
+    let iter_vars_serialized_block s =
+      Freeable.iter_vars_serialized Tree_block.iter_vars_serialized s
+    in
+    SPmap.iter_vars_serialized iter_vars_serialized_block s.heap
+  in
+  let iter_globals =
+    let append acc x = Iter.append acc (Typed.iter_vars x) in
+    List.fold_left append Iter.empty s.globals
+  in
+  Iter.append iter_heap iter_globals
+
 let pp_pretty ~ignore_freed ft { state; _ } =
   let ignore =
     if ignore_freed then function _, Freeable.Freed -> true | _ -> false
@@ -190,7 +241,10 @@ let with_ptr (ptr : Sptr.t) (st : t)
   in
   let loc, ofs = Typed.Ptr.decompose ptr.ptr in
   let@ state = with_state st in
-  let* res = (SPmap.wrap (Freeable.wrap (fun st -> f (ofs, st)))) loc state in
+  let* res =
+    (SPmap.wrap (Freeable.wrap (fun st -> f (ofs, st)))) loc state
+    |> lift_fix_globals st.globals
+  in
   match res with
   | Missing _ as miss ->
       if%sat Sptr.is_at_null_loc ptr then Result.error `UBDanglingPointer
@@ -365,7 +419,9 @@ let alloc ?zeroed size align st =
   let tb = Tree_borrow.init ~state:Unique () in
   let block = Tree_block.alloc ?zeroed size in
   let block = Freeable.Alive (block, tb) in
-  let** loc, state = SPmap.alloc ~new_codom:block state in
+  let** loc, state =
+    SPmap.alloc ~new_codom:block state |> lift_fix_globals st.globals
+  in
   let ptr = Typed.Ptr.mk loc Usize.(0s) in
   let ptr : Sptr.t Rust_val.full_ptr =
     ({ ptr; tag = tb.tag; align; size }, None)
@@ -404,6 +460,7 @@ let alloc_tys tys st =
         }
       in
       (block, (ptr, None)))
+  |> lift_fix_globals st.globals
 
 let free (({ ptr; _ } : Sptr.t), _) ({ state; _ } as st) =
   let** () = assert_ (Typed.Ptr.ofs ptr ==@ Usize.(0s)) `InvalidFree st in
@@ -415,6 +472,7 @@ let free (({ ptr; _ } : Sptr.t), _) ({ state; _ } as st) =
       (Freeable.free ~assert_exclusively_owned:(fun t ->
            Tree_block.assert_exclusively_owned @@ Option.map fst t))
       (Typed.Ptr.loc ptr) state
+    |> lift_fix_globals st.globals
   in
   ((), { st with state })
 
@@ -559,6 +617,7 @@ let leak_check st =
           Result.ok (k :: leaks)
         else Result.ok leaks)
       [] state
+    |> lift_fix_globals st.globals
   in
   if List.is_empty leaks then Result.ok ((), state)
   else (

soteria-rust/lib/state_intf.ml

@@ -3,6 +3,12 @@ open T
 open Rustsymex
 open Charon
 open Rust_val
+open Soteria.Sym_states
+
+module Template = struct
+  type ('a, 'b) t = { heap : 'a; globals : 'b }
+  [@@deriving show { with_path = false }]
+end
 
 module type S = sig
   module Sptr : Sptr.S
@@ -11,7 +17,14 @@ module type S = sig
 
   (* state *)
   type t
-  type serialized
+
+  type serialized = (serialized_atom list, sloc Typed.t list) Template.t
+
+  and serialized_atom =
+    sloc Typed.t
+    * (Sptr.t Rtree_block.serialized_val, sint Value.t) Tree_block.serialized
+      Freeable.serialized
+
   type 'a err
 
   val add_to_call_trace :
@@ -22,6 +35,15 @@ module type S = sig
   (** Prettier but expensive printing. *)
   val pp_pretty : ignore_freed:bool -> t Fmt.t
 
+  val serialize : t -> serialized
+  val pp_serialized : Format.formatter -> serialized -> unit
+
+  val iter_vars_serialized :
+    serialized -> (Svalue.Var.t * [< cval ] Typed.ty -> unit) -> unit
+
+  val subst_serialized :
+    (Svalue.Var.t -> Svalue.Var.t) -> serialized -> serialized
+
   val empty : t
 
   val load :

soteria/lib/sym_states/freeable.ml

@@ -1,6 +1,14 @@
 (* TODO: Build this with the Sum transformer and `Excl(Freed)` *)
 
 type 'a t = Freed | Alive of 'a
+type 'a serialized = 'a t
+
+let iter_vars_serialized iter_inner serialized f =
+  match serialized with Freed -> () | Alive a -> iter_inner a f
+
+let subst_serialized subst_inner subst_var = function
+  | Freed -> Freed
+  | Alive a -> Alive (subst_inner subst_var a)
 
 let pp ?(alive_prefix = "") pp_alive ft = function
   | Freed -> Fmt.pf ft "Freed"
@@ -10,25 +18,19 @@ module Make (Symex : Symex.S) = struct
   open Symex.Syntax
 
   type nonrec 'a t = 'a t = Freed | Alive of 'a
-  type 'a serialized = 'a t
+  type nonrec 'a serialized = 'a serialized
 
   let lift_fix fix = Alive fix
   let lift_fix_s r = Symex.Result.map_missing r lift_fix
+  let subst_serialized = subst_serialized
+  let iter_vars_serialized = iter_vars_serialized
+  let pp = pp
+  let pp_serialized = pp
 
   let serialize serialize_inner = function
     | Freed -> Freed
     | Alive a -> Alive (serialize_inner a)
 
-  let subst_serialized subst_inner subst_var = function
-    | Freed -> Freed
-    | Alive a -> Alive (subst_inner subst_var a)
-
-  let iter_vars_serialized iter_inner serialized f =
-    match serialized with Freed -> () | Alive a -> iter_inner a f
-
-  let pp = pp
-  let pp_serialized = pp
-
   let unwrap_alive = function
     | None -> Symex.Result.ok None
     | Some (Alive s) -> Symex.Result.ok (Some s)

soteria/lib/sym_states/tree_block.ml

@@ -26,6 +26,33 @@ and 'a node = NotOwned of node_qty | Owned of 'a
 and node_qty = Partially | Totally
 [@@deriving show { with_path = false }, make]
 
+type ('a, 'sint) serialized_atom =
+  | MemVal of { offset : 'sint; len : 'sint; v : 'a }
+  | Bound of 'sint
+[@@deriving show { with_path = false }]
+
+type ('a, 'sint) serialized = ('a, 'sint) serialized_atom list
+
+let iter_vars_serialized iter_vars_serialized_val iter_vars_sint serialized f =
+  List.iter
+    (function
+      | MemVal { offset; len; v } ->
+          iter_vars_sint offset f;
+          iter_vars_sint len f;
+          iter_vars_serialized_val v f
+      | Bound v -> iter_vars_sint v f)
+    serialized
+
+let subst_serialized subst_serialized_val subst_sint subst_var serialized =
+  let v_subst = subst_sint subst_var in
+  let subst_atom = function
+    | MemVal { offset; len; v } ->
+        let v = subst_serialized_val subst_var v in
+        MemVal { offset = v_subst offset; len = v_subst len; v }
+    | Bound v -> Bound (v_subst v)
+  in
+  List.map subst_atom serialized
+
 (** The input module of [Tree_block]. A memory value [t] represents an owned
     part of the tree block, with the property that it can be split or merged as
     needed.
@@ -534,16 +561,7 @@ struct
 
   (** Logic *)
 
-  type serialized_atom =
-    | MemVal of {
-        offset : sint; [@printer Symex.Value.ppa]
-        len : sint; [@printer Symex.Value.ppa]
-        v : MemVal.serialized;
-      }
-    | Bound of sint [@printer fun f v -> Fmt.pf f "Bound(%a)" Symex.Value.ppa v]
-  [@@deriving show { with_path = false }]
-
-  type serialized = serialized_atom list
+  type nonrec serialized = (MemVal.serialized, sint) serialized
 
   let lift_miss ~offset ~len symex =
     let+? fix = symex in
@@ -613,27 +631,28 @@ struct
 
   (** Logic *)
 
+  let iter_vars_serialized serialized f =
+    let iter_vars_serialized =
+      iter_vars_serialized MemVal.iter_vars_serialized Symex.Value.iter_vars
+    in
+    iter_vars_serialized serialized f
+
   let subst_serialized subst_var (serialized : serialized) =
-    let v_subst v = Symex.Value.subst subst_var v in
-    let subst_atom = function
-      | MemVal { offset; len; v } ->
-          let v = MemVal.subst_serialized subst_var v in
-          MemVal { offset = v_subst offset; len = v_subst len; v }
-      | Bound v -> Bound (v_subst v)
+    let subst_serialized =
+      subst_serialized MemVal.subst_serialized Symex.Value.subst
     in
-    List.map subst_atom serialized
+    subst_serialized subst_var serialized
 
-  let iter_vars_serialized serialized f =
-    List.iter
-      (function
-        | MemVal { offset; len; v } ->
-            Symex.Value.iter_vars offset f;
-            Symex.Value.iter_vars len f;
-            MemVal.iter_vars_serialized v f
-        | Bound v -> Symex.Value.iter_vars v f)
-      serialized
-
-  let pp_serialized = Fmt.Dump.list pp_serialized_atom
+  let pp_serialized_atom ft serialized =
+    let pp_serialized_atom =
+      pp_serialized_atom MemVal.pp_serialized Symex.Value.ppa
+    in
+    match serialized with
+    | Bound bound -> Fmt.pf ft "Bound(%a)" Symex.Value.ppa bound
+    | _ -> pp_serialized_atom ft serialized
+
+  let pp_serialized ft serialized =
+    Fmt.Dump.list pp_serialized_atom ft serialized
 
   let serialize t =
     let bound =