diff options
author | Cristian Cadar <c.cadar@imperial.ac.uk> | 2023-08-18 15:32:52 +0100 |
---|---|---|
committer | MartinNowack <2443641+MartinNowack@users.noreply.github.com> | 2023-09-11 11:23:24 +0100 |
commit | 2e393db175cd55662f369d15905ce4eb44b154a9 (patch) | |
tree | 5fce2165c62b9671ef4a7b91bb93a13afa9005cd /test/Feature | |
parent | 9912da3912436a71949b1b97d96975bddcb169e3 (diff) | |
download | klee-2e393db175cd55662f369d15905ce4eb44b154a9.tar.gz |
Changed use-after-free and double-free tests to expect KDAlloc, plus some small improvements.
Diffstat (limited to 'test/Feature')
-rw-r--r-- | test/Feature/DoubleFree.c | 8 | ||||
-rw-r--r-- | test/Feature/MultipleFreeResolution.c | 10 | ||||
-rw-r--r-- | test/Feature/OneFreeError.c | 8 |
3 files changed, 16 insertions, 10 deletions
diff --git a/test/Feature/DoubleFree.c b/test/Feature/DoubleFree.c index 96cf9bcd..c8fb1974 100644 --- a/test/Feature/DoubleFree.c +++ b/test/Feature/DoubleFree.c @@ -1,12 +1,14 @@ // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s +// RUN: %klee --output-dir=%t.klee-out --kdalloc %t1.bc 2>&1 | FileCheck %s // RUN: test -f %t.klee-out/test000001.ptr.err +#include <stdlib.h> + int main() { - int *x = malloc(4); + int *x = malloc(sizeof(*x)); free(x); - // CHECK: memory error: invalid pointer: free + // CHECK: memory error: double free free(x); return 0; } diff --git a/test/Feature/MultipleFreeResolution.c b/test/Feature/MultipleFreeResolution.c index aa931c13..f30eabed 100644 --- a/test/Feature/MultipleFreeResolution.c +++ b/test/Feature/MultipleFreeResolution.c @@ -1,9 +1,11 @@ // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out --emit-all-errors %t1.bc 2>&1 | FileCheck %s +// RUN: %klee --output-dir=%t.klee-out --kdalloc --emit-all-errors %t1.bc 2>&1 | FileCheck %s // RUN: ls %t.klee-out/ | grep .ktest | wc -l | grep 4 // RUN: ls %t.klee-out/ | grep .err | wc -l | grep 3 +#include "klee/klee.h" + #include <stdio.h> #include <stdlib.h> @@ -34,9 +36,9 @@ int main() { free(buf[s]); for (i = 0; i < 3; i++) { - // CHECK: MultipleFreeResolution.c:[[@LINE+3]]: memory error: out of bound pointer - // CHECK: MultipleFreeResolution.c:[[@LINE+2]]: memory error: out of bound pointer - // CHECK: MultipleFreeResolution.c:[[@LINE+1]]: memory error: out of bound pointer + // CHECK: MultipleFreeResolution.c:[[@LINE+3]]: memory error: use after free + // CHECK: MultipleFreeResolution.c:[[@LINE+2]]: memory error: use after free + // CHECK: MultipleFreeResolution.c:[[@LINE+1]]: memory error: use after free printf("*buf[%d] = %d\n", i, *buf[i]); } diff --git a/test/Feature/OneFreeError.c b/test/Feature/OneFreeError.c index 7eed722a..aa403717 100644 --- a/test/Feature/OneFreeError.c +++ b/test/Feature/OneFreeError.c @@ -1,12 +1,14 @@ // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc // RUN: rm -rf %t.klee-out -// RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s +// RUN: %klee --output-dir=%t.klee-out --kdalloc %t1.bc 2>&1 | FileCheck %s // RUN: test -f %t.klee-out/test000001.ptr.err +#include <stdlib.h> + int main() { - int *x = malloc(4); + int *x = malloc(sizeof(*x)); free(x); - // CHECK: OneFreeError.c:[[@LINE+1]]: memory error: out of bound pointer + // CHECK: OneFreeError.c:[[@LINE+1]]: memory error: use after free x[0] = 1; return 0; } |