diff options
| author | Cristian Cadar <c.cadar@imperial.ac.uk> | 2015-02-10 13:29:11 +0000 |
|---|---|---|
| committer | Cristian Cadar <c.cadar@imperial.ac.uk> | 2015-02-10 13:29:11 +0000 |
| commit | a743d7072d9ccf11f96e3df45f25ad07da6ad9d6 (patch) | |
| tree | 19e77dd4a3eb6bc4102eb59a136ead47b537c372 /lib/Core | |
| parent | ad4f23ac1b1faa561d199b27e041e1a1afa3adcb (diff) | |
| download | klee-a743d7072d9ccf11f96e3df45f25ad07da6ad9d6.tar.gz | |
Merged @luckyluke's change for detecting overflow of unsigned add, sub
and mul operations. Refactored tests into two main cases, and disabled them on LLVM 2.9, which does not support -fsanitized=*signed-integer-overflow.
Diffstat (limited to 'lib/Core')
| -rw-r--r-- | lib/Core/SpecialFunctionHandler.cpp | 39 | ||||
| -rw-r--r-- | lib/Core/SpecialFunctionHandler.h | 4 |
2 files changed, 43 insertions, 0 deletions
diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 59e269cb..43185511 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -108,6 +108,12 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { // operator new(unsigned long) add("_Znwm", handleNew, true), + // clang -fsanitize=unsigned-integer-overflow + add("__ubsan_handle_add_overflow", handleAddOverflow, false), + add("__ubsan_handle_sub_overflow", handleSubOverflow, false), + add("__ubsan_handle_mul_overflow", handleMulOverflow, false), + add("__ubsan_handle_divrem_overflow", handleDivRemOverflow, false), + #undef addDNR #undef add }; @@ -707,3 +713,36 @@ void SpecialFunctionHandler::handleMarkGlobal(ExecutionState &state, mo->isGlobal = true; } } + +void SpecialFunctionHandler::handleAddOverflow(ExecutionState &state, + KInstruction *target, + std::vector<ref<Expr> > &arguments) { + executor.terminateStateOnError(state, + "overflow on unsigned addition", + "overflow.err"); +} + +void SpecialFunctionHandler::handleSubOverflow(ExecutionState &state, + KInstruction *target, + std::vector<ref<Expr> > &arguments) { + executor.terminateStateOnError(state, + "overflow on unsigned subtraction", + "overflow.err"); +} + +void SpecialFunctionHandler::handleMulOverflow(ExecutionState &state, + KInstruction *target, + std::vector<ref<Expr> > &arguments) { + executor.terminateStateOnError(state, + "overflow on unsigned multiplication", + "overflow.err"); +} + +void SpecialFunctionHandler::handleDivRemOverflow(ExecutionState &state, + KInstruction *target, + std::vector<ref<Expr> > &arguments) { + executor.terminateStateOnError(state, + "overflow on division or remainder", + "overflow.err"); +} + diff --git a/lib/Core/SpecialFunctionHandler.h b/lib/Core/SpecialFunctionHandler.h index f68c6edb..d52b8fc5 100644 --- a/lib/Core/SpecialFunctionHandler.h +++ b/lib/Core/SpecialFunctionHandler.h @@ -132,6 +132,10 @@ namespace klee { HANDLER(handleUnderConstrained); HANDLER(handleWarning); HANDLER(handleWarningOnce); + HANDLER(handleAddOverflow); + HANDLER(handleMulOverflow); + HANDLER(handleSubOverflow); + HANDLER(handleDivRemOverflow); #undef HANDLER }; } // End klee namespace |