Fix for klee_get_obj_size() crashing on 64-bit, resolves #446

2 files changed, 27 insertions, 2 deletions

diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp
index caec5e39..542d7f5b 100644
--- a/lib/Core/SpecialFunctionHandler.cpp
+++ b/lib/Core/SpecialFunctionHandler.cpp
@@ -30,6 +30,14 @@
 #endif
 #include "llvm/ADT/Twine.h"
 
+#if LLVM_VERSION_CODE <= LLVM_VERSION(3, 1)
+#include "llvm/Target/TargetData.h"
+#elif LLVM_VERSION_CODE <= LLVM_VERSION(3, 2)
+#include "llvm/DataLayout.h"
+#else
+#include "llvm/IR/DataLayout.h"
+#endif
+
 #include <errno.h>
 
 using namespace llvm;
@@ -538,8 +546,11 @@ void SpecialFunctionHandler::handleGetObjSize(ExecutionState &state,
   executor.resolveExact(state, arguments[0], rl, "klee_get_obj_size");
   for (Executor::ExactResolutionList::iterator it = rl.begin(), 
          ie = rl.end(); it != ie; ++it) {
-    executor.bindLocal(target, *it->second, 
-                       ConstantExpr::create(it->first.first->size, Expr::Int32));
+    executor.bindLocal(
+        target, *it->second,
+        ConstantExpr::create(it->first.first->size,
+                             executor.kmodule->targetData->getTypeSizeInBits(
+                                 target->inst->getType())));
   }
 }
 
diff --git a/test/regression/2016-08-06-klee-get-obj-size.c b/test/regression/2016-08-06-klee-get-obj-size.c
new file mode 100644
index 00000000..df4114ff
--- /dev/null
+++ b/test/regression/2016-08-06-klee-get-obj-size.c
@@ -0,0 +1,14 @@
+// RUN: %llvmgcc %s -emit-llvm -g -O0 -c -o %t.bc
+// RUN: rm -rf %t.klee-out
+// RUN: %klee --output-dir=%t.klee-out %t.bc
+// RUN: test -f %t.klee-out/test000001.assert.err
+
+
+#include <klee/klee.h>
+#include <assert.h>
+
+int main() {
+  char s[5];
+  assert(5 != klee_get_obj_size(s));
+  return 0;
+}