Merge pull request #168 from willemp/fix-va-args-passing-for-big-types

Fix va args passing for big types
author: Cristian Cadar <c.cadar@imperial.ac.uk> 2014-12-19 16:47:28 +0000
committer: Cristian Cadar <c.cadar@imperial.ac.uk> 2014-12-19 16:47:28 +0000
commit: ad4f23ac1b1faa561d199b27e041e1a1afa3adcb (patch)
tree: 63c6d60e7c70e0a3148f34216b0877fb36448e7b
parent: 80f9833b31650a7cb76d2e6d74a073319b86e683 (diff)
parent: 4af13aa1ae965a3fff9f005a78674efdc49ce3f7 (diff)
download: klee-ad4f23ac1b1faa561d199b27e041e1a1afa3adcb.tar.gz
2 files changed, 65 insertions, 6 deletions
diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp
index 7867f2af..cdd6ba54 100644
--- a/lib/Core/Executor.cpp
+++ b/lib/Core/Executor.cpp
@@ -1260,6 +1260,8 @@ void Executor::executeCall(ExecutionState &state,
         return;
       }
     } else {
+      Expr::Width WordSize = Context::get().getPointerWidth();
+
       if (callingArgs < funcArgs) {
         terminateStateOnError(state, "calling function with too few arguments", 
                               "user.err");
@@ -1271,12 +1273,18 @@ void Executor::executeCall(ExecutionState &state,
       for (unsigned i = funcArgs; i < callingArgs; i++) {
         // FIXME: This is really specific to the architecture, not the pointer
         // size. This happens to work fir x86-32 and x86-64, however.
-        Expr::Width WordSize = Context::get().getPointerWidth();
         if (WordSize == Expr::Int32) {
           size += Expr::getMinBytesForWidth(arguments[i]->getWidth());
         } else {
-          size += llvm::RoundUpToAlignment(arguments[i]->getWidth(), 
-                                           WordSize) / 8;
+          Expr::Width argWidth = arguments[i]->getWidth();
+          // AMD64-ABI 3.5.7p5: Step 7. Align l->overflow_arg_area upwards to a 16
+          // byte boundary if alignment needed by type exceeds 8 byte boundary.
+          //
+          // Alignment requirements for scalar types is the same as their size
+          if (argWidth > Expr::Int64) {
+             size = llvm::RoundUpToAlignment(size, 16);
+          }
+          size += llvm::RoundUpToAlignment(argWidth, WordSize) / 8;
         }
       }
 
@@ -1286,20 +1294,29 @@ void Executor::executeCall(ExecutionState &state,
         terminateStateOnExecError(state, "out of memory (varargs)");
         return;
       }
+
+      if ((WordSize == Expr::Int64) && (mo->address & 15)) {
+        // Both 64bit Linux/Glibc and 64bit MacOSX should align to 16 bytes.
+        klee_warning_once(0, "While allocating varargs: malloc did not align to 16 bytes.");
+      }
+
       ObjectState *os = bindObjectInState(state, mo, true);
       unsigned offset = 0;
       for (unsigned i = funcArgs; i < callingArgs; i++) {
         // FIXME: This is really specific to the architecture, not the pointer
         // size. This happens to work fir x86-32 and x86-64, however.
-        Expr::Width WordSize = Context::get().getPointerWidth();
         if (WordSize == Expr::Int32) {
           os->write(offset, arguments[i]);
           offset += Expr::getMinBytesForWidth(arguments[i]->getWidth());
         } else {
           assert(WordSize == Expr::Int64 && "Unknown word size!");
+
+          Expr::Width argWidth = arguments[i]->getWidth();
+          if (argWidth > Expr::Int64) {
+             offset = llvm::RoundUpToAlignment(offset, 16);
+          }
           os->write(offset, arguments[i]);
-          offset += llvm::RoundUpToAlignment(arguments[i]->getWidth(), 
-                                             WordSize) / 8;
+          offset += llvm::RoundUpToAlignment(argWidth, WordSize) / 8;
         }
       }
     }
diff --git a/test/Feature/VarArgLongDouble.c b/test/Feature/VarArgLongDouble.c
new file mode 100644
index 00000000..ae553131
--- /dev/null
+++ b/test/Feature/VarArgLongDouble.c
@@ -0,0 +1,42 @@
+// RUN: %llvmgcc %s -emit-llvm -O0 -c -o %t.bc
+// RUN: rm -rf %t.klee-out
+// RUN: %klee --output-dir=%t.klee-out %t.bc | FileCheck %s
+
+#include <stdarg.h>
+#include <assert.h>
+#include <stdio.h>
+
+void ld_after_zero(int first,...)
+{
+	va_list ap;
+	long double dub;
+
+	va_start(ap, first);
+
+	while (va_arg(ap, int) != 0)
+		;
+
+	dub = va_arg(ap, long double);
+
+	printf("%Lf\n", dub);
+
+}
+
+int main() {
+  long double dub = 1.123456;
+  int zero = 0;
+  int one = 1;
+
+  // AMD64-ABI 3.5.7p5: Step 7. Align l->overflow_arg_area upwards to a 16
+  // byte boundary if alignment needed by type exceeds 8 byte boundary.
+  // 
+  // the long double dub requires 16 byte alignment.
+  // we try passing one,zero and one, one, zero
+  // at least on those will align dub such that it needs the extra alignment
+  ld_after_zero(one, zero, dub);
+  // CHECK: 1.123456
+  ld_after_zero(one, one, zero, dub);
+  // CHECK-NEXT: 1.123456
+
+  return 0;
+}
author	Cristian Cadar <c.cadar@imperial.ac.uk>	2014-12-19 16:47:28 +0000
committer	Cristian Cadar <c.cadar@imperial.ac.uk>	2014-12-19 16:47:28 +0000
commit	ad4f23ac1b1faa561d199b27e041e1a1afa3adcb (patch)
tree	63c6d60e7c70e0a3148f34216b0877fb36448e7b
parent	80f9833b31650a7cb76d2e6d74a073319b86e683 (diff)
parent	4af13aa1ae965a3fff9f005a78674efdc49ce3f7 (diff)
download	klee-ad4f23ac1b1faa561d199b27e041e1a1afa3adcb.tar.gz