about summary refs log tree commit diff homepage
path: root/test
diff options
context:
space:
mode:
authorDan Liew <daniel.liew@imperial.ac.uk>2013-08-29 17:30:33 +0100
committerDan Liew <daniel.liew@imperial.ac.uk>2013-09-02 16:45:47 +0100
commit4b477f8108a2a92012ff138725f6c6f26ccb23e5 (patch)
tree31349b361d8db8e03b511b67e8abb3ba470e6882 /test
parentf8301282120cc3cc58d641ddc99f92b14d894692 (diff)
downloadklee-4b477f8108a2a92012ff138725f6c6f26ccb23e5.tar.gz
Implemented runtime check for overshift (controllable with --check-overshift
command line argument).

Overshift is where a Shl, AShr or LShr has a shift width greater
than the bit width of the first operand. This is undefined behaviour
in LLVM so we report this as an error.
Diffstat (limited to 'test')
-rw-r--r--test/Feature/OvershiftCheck.c26
1 files changed, 26 insertions, 0 deletions
diff --git a/test/Feature/OvershiftCheck.c b/test/Feature/OvershiftCheck.c
new file mode 100644
index 00000000..bb967166
--- /dev/null
+++ b/test/Feature/OvershiftCheck.c
@@ -0,0 +1,26 @@
+// RUN: %llvmgcc %s -emit-llvm -g -O0 -c -o %t.bc
+// RUN: %klee -check-overshift %t.bc 2> %t.log
+// RUN: grep -c "overshift error" %t.log
+// RUN: grep -c "OvershiftCheck.c:19: overshift error" %t.log
+// RUN: grep -c "OvershiftCheck.c:23: overshift error" %t.log
+
+/* This test checks that two consecutive potential overshifts
+ * are reported as errors.
+ */
+int main()
+{
+  unsigned int x=15;
+  unsigned int y;
+  unsigned int z;
+  volatile unsigned int result;
+
+  /* Overshift if y>= sizeof(x) */
+  klee_make_symbolic(&y,sizeof(y),"shift_amount1");
+  result = x << y;
+
+  /* Overshift is z>= sizeof(x) */
+  klee_make_symbolic(&z,sizeof(z),"shift_amount2");
+  result = x >> z;
+
+  return 0;
+}