about summary refs log tree commit diff homepage
path: root/test
AgeCommit message (Collapse)Author
2024-02-08Fix test case: using unsupported `CHECK_NEXT` instead of `CHECK-NEXT`Martin Nowack
2024-02-08Fix test cases to support opaque pointersMartin Nowack
2024-02-08Explicitly enable opaque pointer support for LLVM 15Martin Nowack
This automatically lifts old-style pointers to opaque pointers. More recent versions use opaque pointers automatically and do not need an explicit enabling.
2024-02-08Assume C compiler's default standard is `-std=gnu17`Martin Nowack
Newer compilers use `-std=gnu17` as the default when compiling C code. Fix all the test cases that violate this behaviour or explicitly request older standards `-std=c89` where necessary.
2024-02-08Replace `%libcxx_include` with `%libcxx_includes` for multi-include directoriesMartin Nowack
To support multiple include directories for c++ header files, use `%libcxx_includes`. This string contains the `-I` compiler directive for each include path as well. Update test cases to use new directive.
2024-01-30Avoid generating array names in solver builders that could accidently collideMartin Nowack
If an array name ended with a number, adding a number-only suffix could generate the same name used as part of the solvers. In the specific testcase `val_1` became solver array `val_111` which collided with array `val_11` that became `val_111` as well. Using an `_` as prefix for the suffix, solves that problem in general, i.e. `val_1` becomes `val_1_11` and `val_11` becomes `val_11_1`. Fixes #1668
2024-01-30Add checks to the seed concretization tests about the expected number of queriesCristian Cadar
2024-01-30Added a test for --allow-seed-extensionCristian Cadar
2024-01-30Removed --zero-seed-extension, and merge it with --allow-seed-extension. ↵Cristian Cadar
This reworked logic also fixes a buffer overflow which could be triggered during seed extension.
2024-01-30On a symbolic allocation, retrieve size from a seed, if availableCristian Cadar
2024-01-30Concretize arguments to external function calls using seeds, if available. ↵Cristian Cadar
Added a test case.
2024-01-30Concretize constants using seed values, when available. Added two tests (w/ ↵Cristian Cadar
and w/o seed extension) based on FP concretization.
2024-01-12Remove check for the number of solver queriesTomasz Kuchta
2024-01-12Make test more deterministicTomasz Kuchta
2024-01-12Follow-up: applied review comments, implemented meta-data cleanup (one more ↵Tomasz Kuchta
map added to ExecutionState); now storing addresses of MemoryObjects for easier cleanup
2024-01-12Feature: implement single memory object resolution for symbolic addresses.Tomasz Kuchta
This feature implements tracking of and resolution of memory objects in the presence of symbolic addresses. For example, an expression like the following: int x; klee_make_symbolic(&x, sizeof(x), "x"); int* tmp = &b.y[x].z; For a concrete array object "y", which is a member of struct "b", a symbolic offset "x" would normally be resolved to any matching memory object - including the ones outside of the object "b". This behaviour is consistent with symbex approach of exploring all execution paths. However, from the point of view of security testing, we would only be interested to know if we are still in-bounds or there is a buffer overflow. The implemented feature creates and tracks (via the GEP instruction) the mapping between the current symbolic offset and the base object it refers to: in our example we are able to tell that the reference should happen within the object "b" (as the array "y" is inside the same memory blob). As a result, we are able to minimize the symbolic exploration to only two paths: one within the bounds of "b", the other with a buffer overflow bug. The feature is turned on via the single-object-resolution command line flag. A new test case was implemented to illustrate how the feature works.
2024-01-12Renamed PTree to ExecutionTree (and similar)Cristian Cadar
2024-01-12Rename files from PTree to ExecutionTree (and similar)Cristian Cadar
2024-01-12new: persistent ptree (-write-ptree) and klee-ptreeFrank Busse
Introduce three different kinds of process trees: 1. Noop: does nothing (e.g. no allocations for DFS) 2. InMemory: same behaviour as before (e.g. RandomPathSearcher) 3. Persistent: similar to InMemory but writes nodes to ptree.db and tracks information such as branch type, termination type or source location (asm) in nodes. Enabled with -write-ptree ptree.db files can be analysed/plotted with the new "klee-ptree" tool.
2023-09-11Changed use-after-free and double-free tests to expect KDAlloc, plus some ↵Cristian Cadar
small improvements.
2023-07-12Replaced --suppress-external-warnings and --all-external-warnings with ↵Cristian Cadar
--external-call-warnings=none|once-per-function|all. This eliminates the ambiguity when both of the old options were set. Added test for the new option.
2023-06-11Rewrote has_permission in the POSIX runtime. We now only return with ↵Cristian Cadar
permission error a single time in symbolic execution mode. The rewrite also fixes a bug reported in #1230. Rewrote the FilePerm.c test accordingly.
2023-06-05test/Feature/StackTraceOutput.c: relative checks, clang-formatJulian Büning
2023-06-05re-enable StackTraceOutput.c testJulian Büning
This test previously had a REQUIRES line with geq-llvm-7.0. Because LLVM version 7.0 is no longer "known" (test/lit.cfg), the required feature is not available and the test is discarded as unsupported by llvm-lit.
2023-06-05fix BatchingSearcher's disabled time budgetJulian Büning
The functionality of the batching searcher that increases the time budget if it is shorter than the time between two calls to `selectState()` ignored the disabled time budget. Effectively, the batching searcher thus picks a very arbitrary time budget on its own.
2023-06-05also check for default CHECK directive in ArrayOpt TestsMatthis Gördel
2023-05-26Copy stats to test directory when running testsDaniel Schemmel
The sqlite3 databases used for the stats are journalled and potentially must be written to. Therefore, the sqlite3 driver used by `klee-stats` requires write permissions on the database files. By copying the stats files to the test directory, we can now compile and test an out-of-tree build without requiring any write permissions on the source folder at all.
2023-05-26Refactored and fixed the code dealing with the entry point.Cristian Cadar
main() should not be processed if the entry point is a different function. This also fixes an abnormal termination when --entry-point and --libc=uclibc are used together (#1572)
2023-04-21Tests: replaced "-data" and "-stat" by "_data" and "_stat" for consistency ↵Cristian Cadar
with recent changes.
2023-03-26tests: add some missing headersFrank Busse
2023-03-23Remove model_version from the POSIX runtime, as we have never used it.Cristian Cadar
2023-03-23tests: add Feature/KleeStatsTermClasses.cFrank Busse
2023-03-23tests: add Feature/KleeStatsBranches.cFrank Busse
2023-03-22Added more test cases for --entry-point. EntryPointMissing is currently ↵Cristian Cadar
expected to fail.
2023-03-22STP: add option to switch SAT solver: --stp-sat-solver and set default to ↵Frank Busse
CryptoMinisat
2023-03-22Change `llvm_map_components_to_libnames` to `llvm_config` CMake functionMartin Nowack
With recent LLVM versions, this should allow to link against dynamic LLVM libraries.
2023-03-22Remove hard to understand and debug pcregrep testCristian Cadar
2023-03-22Fixed typoMartin Nowack
2023-03-22Handle fail of KLEE gracefullyMartin Nowack
Under 64bit architecture, a ptr-error might be found. Ignore this for now.
2023-03-22Explicitly check if 32bit support is enabled for testingMartin Nowack
Ignore test in the first place, if no 32bit is enabled.
2023-03-20ConstantArrayExprVisitor: Fix detection of multiple array indicesLukáš Zaoral
Previously, the code did two consecutive checks. First one succeeded only if the given index was not already seen and the second one did an analogous check but for arrays. However, if the given index usage was already detected for some array, its usage for another array that already had some other index detected would be silently skipped and the `incompatible` flag would not be set. Therefore, if the code contained e.g. the following conditional jump on two arrays with two symbolic indices, the multi-index access would remain undetected: if ((array1[k] + array2[x] + array2[k]) == 0) Resulting in the following output: KLEE: WARNING: OPT_I: infeasible branch! KLEE: WARNING: OPT_I: successful
2023-03-20llvm14: port test/Feature/VarArgByVal.c to LLVM 14Lukáš Zaoral
LLVM 14 has introduced the noundef function argument attribute.
2023-03-20llvm14: Add LLVM 14 to lit.cfgLukáš Zaoral
2023-03-17Don't fail `KleeStats.c` test if it takes 1s or longerMartin Nowack
2023-03-17Disable `const_array_opt1` for ubsan as wellMartin Nowack
2023-03-17[cmake] Use LLVM's CMake functionality onlyMartin Nowack
LLVM became more complex, use LLVM's CMake functionality directly instead of replicating this behaviour in KLEE's build system. Use the correct build flags provided by LLVM itself. This is influenced by the way LLVM is built in the first place. Remove older CMake support (< 3.0).
2023-03-16Add some system tests for KDAllocDaniel Schemmel
2023-03-16Integrate KDAlloc into KLEEDaniel Schemmel
2023-02-28Add a few simple solver testsDaniel Schemmel
2023-02-06Disable memcpy_chk_err.c on FreeBSD, where a call to __memcpy_chk is not ↵Cristian Cadar
generated