Detect overflow of unsigned add, sub and mul operations

This requires clang with -fsanitize=unsigned-integer-overflow tested with clang and llvm 3.4.2
author: Luca Dariz <l.dariz@imamoter.cnr.t> 2014-09-05 14:43:52 +0200
committer: Cristian Cadar <c.cadar@imperial.ac.uk> 2015-02-13 18:49:49 +0000
commit: 8055aff448f1505e764d60ab10f7a202ee702761 (patch)
tree: 11ddbe787923f068170a31530865115702a8c160 /lib/Core
parent: d026e99496355647665af965e27d8baf244e62d3 (diff)
download: klee-8055aff448f1505e764d60ab10f7a202ee702761.tar.gz
2 files changed, 32 insertions, 0 deletions
diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp
index 59e269cb..04a82cf7 100644
--- a/lib/Core/SpecialFunctionHandler.cpp
+++ b/lib/Core/SpecialFunctionHandler.cpp
@@ -108,6 +108,11 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = {
   // operator new(unsigned long)
   add("_Znwm", handleNew, true),
 
+  // clang -fsanitize=unsigned-integer-overflow
+  add("__ubsan_handle_add_overflow", handleAddOverflow, false),
+  add("__ubsan_handle_sub_overflow", handleSubOverflow, false),
+  add("__ubsan_handle_mul_overflow", handleMulOverflow, false),
+
 #undef addDNR
 #undef add  
 };
@@ -707,3 +712,27 @@ void SpecialFunctionHandler::handleMarkGlobal(ExecutionState &state,
     mo->isGlobal = true;
   }
 }
+
+void SpecialFunctionHandler::handleAddOverflow(ExecutionState &state,
+                                               KInstruction *target,
+                                               std::vector<ref<Expr> > &arguments) {
+  executor.terminateStateOnError(state,
+                                 "overflow on unsigned addition",
+                                 "overflow.err");
+}
+
+void SpecialFunctionHandler::handleSubOverflow(ExecutionState &state,
+                                               KInstruction *target,
+                                               std::vector<ref<Expr> > &arguments) {
+  executor.terminateStateOnError(state,
+                                 "overflow on unsigned subtraction",
+                                 "overflow.err");
+}
+
+void SpecialFunctionHandler::handleMulOverflow(ExecutionState &state,
+                                               KInstruction *target,
+                                               std::vector<ref<Expr> > &arguments) {
+  executor.terminateStateOnError(state,
+                                 "overflow on unsigned multiplication",
+                                 "overflow.err");
+}
diff --git a/lib/Core/SpecialFunctionHandler.h b/lib/Core/SpecialFunctionHandler.h
index f68c6edb..601b149b 100644
--- a/lib/Core/SpecialFunctionHandler.h
+++ b/lib/Core/SpecialFunctionHandler.h
@@ -132,6 +132,9 @@ namespace klee {
     HANDLER(handleUnderConstrained);
     HANDLER(handleWarning);
     HANDLER(handleWarningOnce);
+    HANDLER(handleAddOverflow);
+    HANDLER(handleMulOverflow);
+    HANDLER(handleSubOverflow);
 #undef HANDLER
   };
 } // End klee namespace
author	Luca Dariz <l.dariz@imamoter.cnr.t>	2014-09-05 14:43:52 +0200
committer	Cristian Cadar <c.cadar@imperial.ac.uk>	2015-02-13 18:49:49 +0000
commit	8055aff448f1505e764d60ab10f7a202ee702761 (patch)
tree	11ddbe787923f068170a31530865115702a8c160 /lib/Core
parent	d026e99496355647665af965e27d8baf244e62d3 (diff)
download	klee-8055aff448f1505e764d60ab10f7a202ee702761.tar.gz