From ad866e123b6be8a160ecb87249884cc3dfc3a349 Mon Sep 17 00:00:00 2001 From: hutoTUM Date: Mon, 8 Aug 2016 09:26:30 +0200 Subject: Fix for klee_get_obj_size() crashing on 64-bit, resolves #446 --- lib/Core/SpecialFunctionHandler.cpp | 15 +++++++++++++-- test/regression/2016-08-06-klee-get-obj-size.c | 14 ++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 test/regression/2016-08-06-klee-get-obj-size.c diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index caec5e39..542d7f5b 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -30,6 +30,14 @@ #endif #include "llvm/ADT/Twine.h" +#if LLVM_VERSION_CODE <= LLVM_VERSION(3, 1) +#include "llvm/Target/TargetData.h" +#elif LLVM_VERSION_CODE <= LLVM_VERSION(3, 2) +#include "llvm/DataLayout.h" +#else +#include "llvm/IR/DataLayout.h" +#endif + #include using namespace llvm; @@ -538,8 +546,11 @@ void SpecialFunctionHandler::handleGetObjSize(ExecutionState &state, executor.resolveExact(state, arguments[0], rl, "klee_get_obj_size"); for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); it != ie; ++it) { - executor.bindLocal(target, *it->second, - ConstantExpr::create(it->first.first->size, Expr::Int32)); + executor.bindLocal( + target, *it->second, + ConstantExpr::create(it->first.first->size, + executor.kmodule->targetData->getTypeSizeInBits( + target->inst->getType()))); } } diff --git a/test/regression/2016-08-06-klee-get-obj-size.c b/test/regression/2016-08-06-klee-get-obj-size.c new file mode 100644 index 00000000..df4114ff --- /dev/null +++ b/test/regression/2016-08-06-klee-get-obj-size.c @@ -0,0 +1,14 @@ +// RUN: %llvmgcc %s -emit-llvm -g -O0 -c -o %t.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out %t.bc +// RUN: test -f %t.klee-out/test000001.assert.err + + +#include +#include + +int main() { + char s[5]; + assert(5 != klee_get_obj_size(s)); + return 0; +} -- cgit 1.4.1