about summary refs log tree commit diff homepage
path: root/test/Feature
diff options
context:
space:
mode:
authorLuca Dariz <l.dariz@imamoter.cnr.t>2014-09-23 14:52:00 +0200
committerCristian Cadar <c.cadar@imperial.ac.uk>2015-02-13 18:49:49 +0000
commitdbe13e13a215aa7212b5737dd8903699301a4940 (patch)
tree95981808ecab4298b54544bc5c28a1b9a1373b1b /test/Feature
parent64a404f89da5aa6a99e688c007c56f1f422541bc (diff)
downloadklee-dbe13e13a215aa7212b5737dd8903699301a4940.tar.gz
Fix overflow detection in unsigned multiplication
Previously the check was done as

	unsigned int a, b, c;
	c = a * b;
	if (c < a)
		// error

but it is wrong, since it catches only a subset of all the
possible overflows.
This patch improves the check as

	unsigned int a, b, c;
	if ((a > 1) && (b > 1){
		if ((UINT_MAX/a) < b)
			// error
	}

An additional case has been added to the tests, with two 32-bit
values that cause overflow and are not detected by the old check.

It is also necessary to break the lowering procedure in case the current
BasicBlock is splitted; in this case it was necessary in order not to
trigger the division by 0 error.
Diffstat (limited to 'test/Feature')
-rw-r--r--test/Feature/ubsan_mul_overflow.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/test/Feature/ubsan_mul_overflow.c b/test/Feature/ubsan_mul_overflow.c
index bbf6df06..12300b05 100644
--- a/test/Feature/ubsan_mul_overflow.c
+++ b/test/Feature/ubsan_mul_overflow.c
@@ -1,7 +1,8 @@
 // RUN: %llvmgcc %s -fsanitize=unsigned-integer-overflow -emit-llvm -g -O0 -c -o %t.bc
 // RUN: %klee %t.bc 2> %t.log
 // RUN: grep -c "overflow on unsigned multiplication" %t.log
-// RUN: grep -c "ubsan_mul_overflow.c:16: overflow" %t.log
+// RUN: grep -c "ubsan_mul_overflow.c:18: overflow" %t.log
+// RUN: grep -c "ubsan_mul_overflow.c:19: overflow" %t.log
 
 #include "klee/klee.h"
 
@@ -9,11 +10,13 @@ int main()
 {
   unsigned int x;
   unsigned int y;
+  uint32_t x2=3147483648, y2=3727483648;
   volatile unsigned int result;
 
   klee_make_symbolic(&x, sizeof(x), "unsigned add 1");
   klee_make_symbolic(&y, sizeof(y), "unsigned add 2");
   result = x * y;
+  result = x2 * y2;
 
   return 0;
 }