diff options
| author | Timotej Kapus <tk1713@ic.ac.uk> | 2018-05-16 14:25:13 +0100 |
|---|---|---|
| committer | Cristian Cadar <c.cadar@imperial.ac.uk> | 2018-05-17 13:50:04 +0100 |
| commit | 8fe14b1041f39b61cdb43c32840f3d2cb97cc110 (patch) | |
| tree | fc76b0a198bdfaf7512334f2f062ecc544bd9147 | |
| parent | 8f2bc3a7188d93edd9a131bfd2101c2ec5adab9e (diff) | |
| download | klee-8fe14b1041f39b61cdb43c32840f3d2cb97cc110.tar.gz | |
Improve error messages for ReadStringAtAddress
| -rw-r--r-- | lib/Core/SpecialFunctionHandler.cpp | 14 | ||||
| -rw-r--r-- | test/Feature/MakeSymbolicAPI.c | 19 |
2 files changed, 26 insertions, 7 deletions
diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index e927adf0..22c27432 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -236,9 +236,19 @@ SpecialFunctionHandler::readStringAtAddress(ExecutionState &state, ref<Expr> addressExpr) { ObjectPair op; addressExpr = executor.toUnique(state, addressExpr); + if (!isa<ConstantExpr>(addressExpr)) { + executor.terminateStateOnError( + state, "Symbolic string pointer passed to one of the klee_ functions", + Executor::TerminateReason::User); + return ""; + } ref<ConstantExpr> address = cast<ConstantExpr>(addressExpr); - if (!state.addressSpace.resolveOne(address, op)) - assert(0 && "XXX out of bounds / multiple resolution unhandled"); + if (!state.addressSpace.resolveOne(address, op)) { + executor.terminateStateOnError( + state, "Invalid string pointer passed to one of the klee_ functions", + Executor::TerminateReason::User); + return ""; + } bool res __attribute__ ((unused)); assert(executor.solver->mustBeTrue(state, EqExpr::create(address, diff --git a/test/Feature/MakeSymbolicAPI.c b/test/Feature/MakeSymbolicAPI.c index 0ff4b82f..6868edc7 100644 --- a/test/Feature/MakeSymbolicAPI.c +++ b/test/Feature/MakeSymbolicAPI.c @@ -5,15 +5,24 @@ // RUN: FileCheck %s -check-prefix=CHECK-ERR --input-file=%t.stderr.log int main() { - unsigned a, b, c; + unsigned a, b, c, d, e; + const char *invalid_pointer = 0xf; klee_make_symbolic(&a, sizeof(a), ""); -// CHECK-WRN: KLEE: WARNING: klee_make_symbolic: renamed empty name to "unnamed" + //CHECK-WRN: KLEE: WARNING: klee_make_symbolic: renamed empty name to "unnamed" + klee_make_symbolic(&b, sizeof(b)); -// CHECK-WRN: KLEE: WARNING: klee_make_symbolic: deprecated number of arguments (2 instead of 3) -// CHECK-WRN: KLEE: WARNING: klee_make_symbolic: renamed empty name to "unnamed" + //CHECK-WRN: KLEE: WARNING: klee_make_symbolic: deprecated number of arguments (2 instead of 3) + //CHECK-WRN: KLEE: WARNING: klee_make_symbolic: renamed empty name to "unnamed" + + if(a == 2) + klee_make_symbolic(&d, sizeof(e), invalid_pointer); + //CHECK-ERR-DAG: KLEE: ERROR: {{.*}} Invalid string pointer passed to one of the klee_ functions + if(a == 3) + klee_make_symbolic(&d, sizeof(e), (char *) b); + //CHECK-ERR-DAG: KLEE: ERROR: {{.*}} Symbolic string pointer passed to one of the klee_ functions klee_make_symbolic(&c); -// CHECK-ERR: KLEE: ERROR: {{.*}} illegal number of arguments to klee_make_symbolic(void*, size_t, char*) + //CHECK-ERR-DAG: KLEE: ERROR: {{.*}} illegal number of arguments to klee_make_symbolic(void*, size_t, char*) } |