about summary refs log tree commit diff homepage
path: root/test/Feature
diff options
context:
space:
mode:
authorCristian Cadar <c.cadar@imperial.ac.uk>2023-08-18 15:32:52 +0100
committerMartinNowack <2443641+MartinNowack@users.noreply.github.com>2023-09-11 11:23:24 +0100
commit2e393db175cd55662f369d15905ce4eb44b154a9 (patch)
tree5fce2165c62b9671ef4a7b91bb93a13afa9005cd /test/Feature
parent9912da3912436a71949b1b97d96975bddcb169e3 (diff)
downloadklee-2e393db175cd55662f369d15905ce4eb44b154a9.tar.gz
Changed use-after-free and double-free tests to expect KDAlloc, plus some small improvements.
Diffstat (limited to 'test/Feature')
-rw-r--r--test/Feature/DoubleFree.c8
-rw-r--r--test/Feature/MultipleFreeResolution.c10
-rw-r--r--test/Feature/OneFreeError.c8
3 files changed, 16 insertions, 10 deletions
diff --git a/test/Feature/DoubleFree.c b/test/Feature/DoubleFree.c
index 96cf9bcd..c8fb1974 100644
--- a/test/Feature/DoubleFree.c
+++ b/test/Feature/DoubleFree.c
@@ -1,12 +1,14 @@
 // RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc
 // RUN: rm -rf %t.klee-out
-// RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s
+// RUN: %klee --output-dir=%t.klee-out --kdalloc %t1.bc 2>&1 | FileCheck %s
 // RUN: test -f %t.klee-out/test000001.ptr.err
 
+#include <stdlib.h>
+
 int main() {
-  int *x = malloc(4);
+  int *x = malloc(sizeof(*x));
   free(x);
-  // CHECK: memory error: invalid pointer: free
+  // CHECK: memory error: double free
   free(x);
   return 0;
 }
diff --git a/test/Feature/MultipleFreeResolution.c b/test/Feature/MultipleFreeResolution.c
index aa931c13..f30eabed 100644
--- a/test/Feature/MultipleFreeResolution.c
+++ b/test/Feature/MultipleFreeResolution.c
@@ -1,9 +1,11 @@
 // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc
 // RUN: rm -rf %t.klee-out
-// RUN: %klee --output-dir=%t.klee-out --emit-all-errors %t1.bc 2>&1 | FileCheck %s
+// RUN: %klee --output-dir=%t.klee-out --kdalloc --emit-all-errors %t1.bc 2>&1 | FileCheck %s
 // RUN: ls %t.klee-out/ | grep .ktest | wc -l | grep 4
 // RUN: ls %t.klee-out/ | grep .err | wc -l | grep 3
 
+#include "klee/klee.h"
+
 #include <stdio.h>
 #include <stdlib.h>
 
@@ -34,9 +36,9 @@ int main() {
   free(buf[s]);
 
   for (i = 0; i < 3; i++) {
-    // CHECK: MultipleFreeResolution.c:[[@LINE+3]]: memory error: out of bound pointer
-    // CHECK: MultipleFreeResolution.c:[[@LINE+2]]: memory error: out of bound pointer
-    // CHECK: MultipleFreeResolution.c:[[@LINE+1]]: memory error: out of bound pointer
+    // CHECK: MultipleFreeResolution.c:[[@LINE+3]]: memory error: use after free
+    // CHECK: MultipleFreeResolution.c:[[@LINE+2]]: memory error: use after free
+    // CHECK: MultipleFreeResolution.c:[[@LINE+1]]: memory error: use after free
     printf("*buf[%d] = %d\n", i, *buf[i]);
   }
 
diff --git a/test/Feature/OneFreeError.c b/test/Feature/OneFreeError.c
index 7eed722a..aa403717 100644
--- a/test/Feature/OneFreeError.c
+++ b/test/Feature/OneFreeError.c
@@ -1,12 +1,14 @@
 // RUN: %clang %s -g -emit-llvm %O0opt -c -o %t1.bc
 // RUN: rm -rf %t.klee-out
-// RUN: %klee --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s
+// RUN: %klee --output-dir=%t.klee-out --kdalloc %t1.bc 2>&1 | FileCheck %s
 // RUN: test -f %t.klee-out/test000001.ptr.err
 
+#include <stdlib.h>
+
 int main() {
-  int *x = malloc(4);
+  int *x = malloc(sizeof(*x));
   free(x);
-  // CHECK: OneFreeError.c:[[@LINE+1]]: memory error: out of bound pointer
+  // CHECK: OneFreeError.c:[[@LINE+1]]: memory error: use after free
   x[0] = 1;
   return 0;
 }