diff options
author | Cristian Cadar <c.cadar@imperial.ac.uk> | 2020-11-29 20:33:32 +0000 |
---|---|---|
committer | MartinNowack <2443641+MartinNowack@users.noreply.github.com> | 2020-12-04 15:57:01 +0000 |
commit | 9d33f395e34aaef9902d6fe6c15e06e894231f85 (patch) | |
tree | 7a06efa82dd1325d242ecf4eeccaeb2f3bef07b2 /test/VectorInstructions | |
parent | 9be3e76ed1f9eb0ec86531e2437091f7f1f02c88 (diff) | |
download | klee-9d33f395e34aaef9902d6fe6c15e06e894231f85.tar.gz |
Test reflecting the LLVM 11 behavior for transforming writes of the form f[k] = v, with f a 4-element vector, into something along the lines:
if k == 0 => f[0] = v if k == 1 => f[1] = v if k == 2 => f[2] = v if k == 3 => f[3] = v
Diffstat (limited to 'test/VectorInstructions')
-rw-r--r-- | test/VectorInstructions/oob-write-llvm-geq11.c | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/test/VectorInstructions/oob-write-llvm-geq11.c b/test/VectorInstructions/oob-write-llvm-geq11.c new file mode 100644 index 00000000..5c3e691c --- /dev/null +++ b/test/VectorInstructions/oob-write-llvm-geq11.c @@ -0,0 +1,51 @@ +// REQUIRES: geq-llvm-11.0 + +/* The scalarizer pass in LLVM 11 was changed to generate, for a + write of the form f[k] = v, with f a 4-element vector: + if k == 0 => f[0] = v + if k == 1 => f[1] = v + if k == 2 => f[2] = v + if k == 3 => f[3] = v + + Therefore, even though an OOB write access might exist at the source + code level (e.g., f[5] = v), no such OOB accesses exist anymore at + the LLVM IR level. + + So unlike in the LLVM < 11 test, here we test that the contents of + the vector is unmodified after the OOB write. +*/ + +// RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc +// RUN: rm -rf %t.klee-out +// NOTE: Have to pass `--optimize=false` to avoid vector operations being +// constant folded away. +// RUN: %klee --output-dir=%t.klee-out --optimize=false --exit-on-error %t1.bc + +#include "klee/klee.h" + +#include <assert.h> +#include <stdint.h> +#include <stdio.h> + +typedef uint32_t v4ui __attribute__((vector_size(16))); +int main() { + v4ui f = {1, 2, 3, 4}; + int k = klee_range(0, 10, "k"); + + if (k < 4) { + f[5] = 3; // Concrete out-of-bounds write + assert(f[0] == 1); + assert(f[1] == 2); + assert(f[2] == 3); + assert(f[3] == 4); + } + else { + f[k] = 255; // Symbolic out-of-bounds write + assert(f[0] == 1); + assert(f[1] == 2); + assert(f[2] == 3); + assert(f[3] == 4); + } + + return 0; +} |