diff options
Diffstat (limited to 'test/Feature')
| -rw-r--r-- | test/Feature/SingleObjectResolution.c | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/test/Feature/SingleObjectResolution.c b/test/Feature/SingleObjectResolution.c new file mode 100644 index 00000000..687ce9b6 --- /dev/null +++ b/test/Feature/SingleObjectResolution.c @@ -0,0 +1,52 @@ +// RUN: %clang %s -g -emit-llvm %O0opt -c -o %t.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out --single-object-resolution %t.bc > %t.log 2>&1 +// RUN: FileCheck %s -input-file=%t.log + +#include "klee/klee.h" +#include <stdlib.h> + +struct A { + long long int y; + long long int y2; + int z; +}; + +struct B { + long long int x; + struct A y[20]; + struct A *y1; + struct A *y2; + int z; +}; + +int foo(int *pointer) { + //printf("pointer is called\n"); + int *ptr = pointer + 123; + return *ptr; +} + +int main(int argc, char *argv[]) { + + int x; + struct B b; + + // create a lot of memory objects + int *ptrs[1024]; + for (int i = 0; i < 1024; i++) { + ptrs[i] = malloc(23); + } + + klee_make_symbolic(&x, sizeof(x), "x"); + + b.y1 = malloc(20 * sizeof(struct A)); + + // dereference of a pointer within a struct + int *tmp = &b.y1[x].z; + + // CHECK: SingleObjectResolution.c:26: memory error: out of bound pointer + // CHECK: KLEE: done: completed paths = 1 + // CHECK: KLEE: done: partially completed paths = 1 + // CHECK: KLEE: done: generated tests = 2 + return foo(tmp); +} |