fix: bcmp with n==0

This was executing the loop when n==0 leading to an out of bound pointer error. Found while verifying Rust code that compares strings.
author: Alastair Reid <adreid@google.com> 2020-11-02 16:47:51 +0000
committer: Cristian Cadar <c.cadar@imperial.ac.uk> 2020-11-03 13:15:06 +0000
commit: bef9f39d033ea5c9600f39af7cfd213e01aab4c1 (patch)
tree: 6e9e1ac2f03045850ddf0dcebb1706d7f8872844 /test/Runtime
parent: 909bca0e15282a56e3345850fb23a8f16c9e39e6 (diff)
download: klee-bef9f39d033ea5c9600f39af7cfd213e01aab4c1.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/test/Runtime/klee-libc/bcmp.c b/test/Runtime/klee-libc/bcmp.c
new file mode 100644
index 00000000..d0f5d7e5
--- /dev/null
+++ b/test/Runtime/klee-libc/bcmp.c
@@ -0,0 +1,21 @@
+// RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc
+// RUN: rm -rf %t.klee-out
+// RUN: %klee --output-dir=%t.klee-out --exit-on-error --libc=klee %t1.bc
+
+// test bcmp for sizes including zero
+
+#include <assert.h>
+#include <stdlib.h>
+#include <strings.h>
+
+int main() {
+  for (int i = 0; i < 5; ++i) {
+    void *s = malloc(i);
+    if (s) {
+      klee_make_symbolic(s, i, "s");
+      assert(0 == bcmp(s, s, i));
+      free(s);
+    }
+  }
+  return 0;
+}
author	Alastair Reid <adreid@google.com>	2020-11-02 16:47:51 +0000
committer	Cristian Cadar <c.cadar@imperial.ac.uk>	2020-11-03 13:15:06 +0000
commit	bef9f39d033ea5c9600f39af7cfd213e01aab4c1 (patch)
tree	6e9e1ac2f03045850ddf0dcebb1706d7f8872844 /test/Runtime
parent	909bca0e15282a56e3345850fb23a8f16c9e39e6 (diff)
download	klee-bef9f39d033ea5c9600f39af7cfd213e01aab4c1.tar.gz