diff options
| -rw-r--r-- | lib/Module/ModuleUtil.cpp | 17 | ||||
| -rw-r--r-- | test/Feature/EscapingFunctions.c | 49 | ||||
| -rw-r--r-- | test/Feature/EscapingFunctionsAlias.c | 43 |
3 files changed, 100 insertions, 9 deletions
diff --git a/lib/Module/ModuleUtil.cpp b/lib/Module/ModuleUtil.cpp index deb5a3e2..5ca0a55b 100644 --- a/lib/Module/ModuleUtil.cpp +++ b/lib/Module/ModuleUtil.cpp @@ -312,9 +312,7 @@ static bool valueIsOnlyCalled(const Value *v) { #else for (auto user : v->users()) { #endif - if (const Instruction *instr = dyn_cast<Instruction>(user)) { - if (instr->getOpcode()==0) continue; // XXX function numbering inst - + if (const auto *instr = dyn_cast<Instruction>(user)) { // Make sure the instruction is a call or invoke. CallSite cs(const_cast<Instruction *>(instr)); if (!cs) return false; @@ -323,16 +321,17 @@ static bool valueIsOnlyCalled(const Value *v) { // not an argument. if (cs.hasArgument(v)) return false; - } else if (const llvm::ConstantExpr *ce = - dyn_cast<llvm::ConstantExpr>(user)) { - if (ce->getOpcode()==Instruction::BitCast) + } else if (const auto *ce = dyn_cast<ConstantExpr>(user)) { + if (ce->getOpcode() == Instruction::BitCast) if (valueIsOnlyCalled(ce)) continue; return false; - } else if (const GlobalAlias *ga = dyn_cast<GlobalAlias>(user)) { - // XXX what about v is bitcast of aliasee? - if (v==ga->getAliasee() && !valueIsOnlyCalled(ga)) + } else if (const auto *ga = dyn_cast<GlobalAlias>(user)) { + if (v == ga->getAliasee() && !valueIsOnlyCalled(ga)) return false; + } else if (isa<BlockAddress>(user)) { + // only valid as operand to indirectbr or comparison against null + continue; } else { return false; } diff --git a/test/Feature/EscapingFunctions.c b/test/Feature/EscapingFunctions.c new file mode 100644 index 00000000..8c9612a5 --- /dev/null +++ b/test/Feature/EscapingFunctions.c @@ -0,0 +1,49 @@ +// RUN: %llvmgcc -emit-llvm -O0 -g -c %s -o %t.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee -debug-print-escaping-functions --output-dir=%t.klee-out %t.bc 2> %t.log +// RUN: FileCheck --input-file=%t.log %s + +int functionpointer(void) { + return 1; +} + +int functionpointer_as_argument(void) { + return 2; +} + +short bitcasted_functionpointer(void) { + return 3; +} + +int receives_functionpointer(int (*f)(void)); + +int blockaddress(int x) { + void * target = &&one; + switch (x) { + case 1: break; + case 2: + target = &&two; + goto *target; + default: + goto *target; + } +one: + return 1; +two: + return 2; +} + +int main(int argc, char *argv[]) { + int (*f1)(void) = functionpointer; + f1(); + + receives_functionpointer(functionpointer_as_argument); + + int (*f2)(void) =(int (*)(void))bitcasted_functionpointer; + f2(); + + blockaddress(argc); + + // CHECK: KLEE: escaping functions: {{\[((functionpointer|functionpointer_as_argument|bitcasted_functionpointer), ){3}\]}} + return 0; +} diff --git a/test/Feature/EscapingFunctionsAlias.c b/test/Feature/EscapingFunctionsAlias.c new file mode 100644 index 00000000..7eb2a962 --- /dev/null +++ b/test/Feature/EscapingFunctionsAlias.c @@ -0,0 +1,43 @@ +// Darwin does not support strong aliases. +// REQUIRES: not-darwin +// RUN: %llvmgcc -emit-llvm -O0 -g -c %s -o %t.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee -debug-print-escaping-functions --output-dir=%t.klee-out %t.bc 2> %t.log +// RUN: FileCheck --input-file=%t.log %s + +void global_alias(void) __attribute__((alias("global_aliasee"))); +void global_aliasee(void) { + return; +} + +short bitcast_of_alias(void) __attribute__((alias("bitcast_of_global_alias"))); +short bitcast_of_global_alias(void) { + return 1; +} + +short bitcast_of_aliasee(void) __attribute__((alias("bitcast_of_global_aliasee"))); +short bitcast_of_global_aliasee(void) { + return 1; +} + +int bitcast_in_global_alias(void) __attribute__((alias("bitcast_in_alias"))); +short bitcast_in_alias(void) { + return 1; +} + +int main(int argc, char *argv[]) { + global_aliasee(); + global_alias(); + + int (*f1)(void) =(int (*)(void))bitcast_of_alias; + f1(); + + int (*f2)(void) =(int (*)(void))bitcast_of_global_aliasee; + f2(); + + bitcast_in_alias(); + bitcast_in_global_alias(); + + // CHECK: KLEE: escaping functions: {{\[((bitcast_of_global_alias|bitcast_of_global_aliasee), ){2}\]}} + return 0; +} |