staged concolic miniwasm #89
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
use the sub-nodes of the branch to classify whether the execution is true or false
butterunderflow
force-pushed
the
zdh/staged-symbolic-miniwasm
branch
from
41858de to
61215b6
Compare
butterunderflow
force-pushed
the
zdh/staged-symbolic-miniwasm
branch
from
ce6489c to
314ff5f
Compare
ahuoguo
reviewed
Jul 23, 2025
Comment on lines
262
to
271
| ExploreTree.fillWithIfElse(cond.s) | ||
| if (cond.toInt != 0) { | ||
| info(s"Jump to $label") | ||
| ExploreTree.moveCursor(true) | ||
| trail(label)(newCtx)(mkont) | ||
| } else { | ||
| info(s"Continue") | ||
| ExploreTree.moveCursor(false) | ||
| eval(rest, kont, mkont, trail)(newCtx) | ||
| } |
Contributor
There was a problem hiding this comment.
TODO: if cons.s is SymVal.Concrete, then do not fork on Exploration Tree
A test case will be a straight line for an exploration tree with a bunch of SymVal
Same for If, BrTable, and other control flow constructs
1. split concrete and symbolic interpreter 2. copy tests from concrete execution 3. some bug fixes
… call optimizations later)
To run larger benchmarks, we must have this
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The starting point of this PR is
src/main/scala/wasm/StagedMiniWasm.scala, which is a staged interpreter of MiniWasm that generates C++ code.By extending
src/main/scala/wasm/StagedMiniWasm.scalawith symbolic semantics, we gotsrc/main/scala/wasm/StagedConcolicMiniWasm.scala, which is a concolic staged interpreter that generates concolic C++ code.Combine the generated code with the runtime defined in
headers/wasm/we can achieve compiled concolic execution for WebAssembly.The generated C++ code looks like this:
where
Snippetis the generated concolic function corresponding to the entryfunction of the input WebAssembly module, and
start_concolic_execution_withaC++ runtime function defined that manages the concolic execution process.
To test this feature, you can run:
sbt 'testOnly gensym.wasm.TestStagedConcolicEval'To use this feature to compile a particular WebAssembly module, you can run this sbt test command: