From 8fe14b1041f39b61cdb43c32840f3d2cb97cc110 Mon Sep 17 00:00:00 2001 From: Timotej Kapus Date: Wed, 16 May 2018 14:25:13 +0100 Subject: Improve error messages for ReadStringAtAddress --- lib/Core/SpecialFunctionHandler.cpp | 14 ++++++++++++-- test/Feature/MakeSymbolicAPI.c | 19 ++++++++++++++----- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index e927adf0..22c27432 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -236,9 +236,19 @@ SpecialFunctionHandler::readStringAtAddress(ExecutionState &state, ref addressExpr) { ObjectPair op; addressExpr = executor.toUnique(state, addressExpr); + if (!isa(addressExpr)) { + executor.terminateStateOnError( + state, "Symbolic string pointer passed to one of the klee_ functions", + Executor::TerminateReason::User); + return ""; + } ref address = cast(addressExpr); - if (!state.addressSpace.resolveOne(address, op)) - assert(0 && "XXX out of bounds / multiple resolution unhandled"); + if (!state.addressSpace.resolveOne(address, op)) { + executor.terminateStateOnError( + state, "Invalid string pointer passed to one of the klee_ functions", + Executor::TerminateReason::User); + return ""; + } bool res __attribute__ ((unused)); assert(executor.solver->mustBeTrue(state, EqExpr::create(address, diff --git a/test/Feature/MakeSymbolicAPI.c b/test/Feature/MakeSymbolicAPI.c index 0ff4b82f..6868edc7 100644 --- a/test/Feature/MakeSymbolicAPI.c +++ b/test/Feature/MakeSymbolicAPI.c @@ -5,15 +5,24 @@ // RUN: FileCheck %s -check-prefix=CHECK-ERR --input-file=%t.stderr.log int main() { - unsigned a, b, c; + unsigned a, b, c, d, e; + const char *invalid_pointer = 0xf; klee_make_symbolic(&a, sizeof(a), ""); -// CHECK-WRN: KLEE: WARNING: klee_make_symbolic: renamed empty name to "unnamed" + //CHECK-WRN: KLEE: WARNING: klee_make_symbolic: renamed empty name to "unnamed" + klee_make_symbolic(&b, sizeof(b)); -// CHECK-WRN: KLEE: WARNING: klee_make_symbolic: deprecated number of arguments (2 instead of 3) -// CHECK-WRN: KLEE: WARNING: klee_make_symbolic: renamed empty name to "unnamed" + //CHECK-WRN: KLEE: WARNING: klee_make_symbolic: deprecated number of arguments (2 instead of 3) + //CHECK-WRN: KLEE: WARNING: klee_make_symbolic: renamed empty name to "unnamed" + + if(a == 2) + klee_make_symbolic(&d, sizeof(e), invalid_pointer); + //CHECK-ERR-DAG: KLEE: ERROR: {{.*}} Invalid string pointer passed to one of the klee_ functions + if(a == 3) + klee_make_symbolic(&d, sizeof(e), (char *) b); + //CHECK-ERR-DAG: KLEE: ERROR: {{.*}} Symbolic string pointer passed to one of the klee_ functions klee_make_symbolic(&c); -// CHECK-ERR: KLEE: ERROR: {{.*}} illegal number of arguments to klee_make_symbolic(void*, size_t, char*) + //CHECK-ERR-DAG: KLEE: ERROR: {{.*}} illegal number of arguments to klee_make_symbolic(void*, size_t, char*) } -- cgit 1.4.1