From 325c6cdcab632a6824be8ca9a926f4c4573adbdb Mon Sep 17 00:00:00 2001
From: Daniel Schemmel <daniel@schemmel.net>
Date: Thu, 1 Feb 2024 14:51:37 +0000
Subject: drop llvm 9 and 10

---
 ...ow-applying_nonzero_offset_to_nonnull_pointer.c |  4 +-
 ...applying_nonzero_offset_to_nonnull_pointer_10.c | 24 ----------
 ...rflow-applying_nonzero_offset_to_null_pointer.c |  2 -
 ...overflow-applying_zero_offset_to_null_pointer.c |  2 -
 test/Runtime/FreeStanding/memcpy_chk_err.c         |  4 +-
 test/VectorInstructions/oob-llvm-lt11.c            | 44 -------------------
 test/VectorInstructions/oob-read-llvm-geq11.c      | 46 -------------------
 test/VectorInstructions/oob-read.c                 | 45 +++++++++++++++++++
 test/VectorInstructions/oob-write-llvm-geq11.c     | 51 ----------------------
 test/VectorInstructions/oob-write.c                | 49 +++++++++++++++++++++
 test/lit.cfg                                       |  2 +-
 11 files changed, 97 insertions(+), 176 deletions(-)
 delete mode 100644 test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_nonnull_pointer_10.c
 delete mode 100644 test/VectorInstructions/oob-llvm-lt11.c
 delete mode 100644 test/VectorInstructions/oob-read-llvm-geq11.c
 create mode 100644 test/VectorInstructions/oob-read.c
 delete mode 100644 test/VectorInstructions/oob-write-llvm-geq11.c
 create mode 100644 test/VectorInstructions/oob-write.c

(limited to 'test')

diff --git a/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_nonnull_pointer.c b/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_nonnull_pointer.c
index ce1a8fea..6109fcd7 100644
--- a/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_nonnull_pointer.c
+++ b/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_nonnull_pointer.c
@@ -1,5 +1,3 @@
-// REQUIRES: lt-llvm-10.0
-
 // RUN: %clang %s -fsanitize=pointer-overflow -emit-llvm -g %O0opt -c -o %t.bc
 // RUN: rm -rf %t.klee-out
 // RUN: %klee --output-dir=%t.klee-out --emit-all-errors --ubsan-runtime %t.bc 2>&1 | FileCheck %s
@@ -18,7 +16,7 @@ int main() {
 
   char *ptr = (char *)address;
 
-  // CHECK: KLEE: ERROR: {{.*}}runtime/Sanitizer/ubsan/ubsan_handlers.cpp:{{[0-9]+}}: pointer-overflow
+  // CHECK: KLEE: ERROR: {{.*}}runtime/Sanitizer/ubsan/ubsan_handlers.cpp:{{[0-9]+}}: nullptr-after-nonzero-offset
   result = ptr + 1;
   return 0;
 }
diff --git a/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_nonnull_pointer_10.c b/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_nonnull_pointer_10.c
deleted file mode 100644
index 7a6b5153..00000000
--- a/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_nonnull_pointer_10.c
+++ /dev/null
@@ -1,24 +0,0 @@
-// REQUIRES: geq-llvm-10.0
-
-// RUN: %clang %s -fsanitize=pointer-overflow -emit-llvm -g %O0opt -c -o %t.bc
-// RUN: rm -rf %t.klee-out
-// RUN: %klee --output-dir=%t.klee-out --emit-all-errors --ubsan-runtime %t.bc 2>&1 | FileCheck %s
-// RUN: ls %t.klee-out/ | grep .ktest | wc -l | grep 2
-// RUN: ls %t.klee-out/ | grep .ptr.err | wc -l | grep 1
-
-#include "klee/klee.h"
-#include <stdio.h>
-
-int main() {
-  size_t address;
-  volatile char *result;
-
-  klee_make_symbolic(&address, sizeof(address), "address");
-  klee_assume(address != 0);
-
-  char *ptr = (char *)address;
-
-  // CHECK: KLEE: ERROR: {{.*}}runtime/Sanitizer/ubsan/ubsan_handlers.cpp:{{[0-9]+}}: nullptr-after-nonzero-offset
-  result = ptr + 1;
-  return 0;
-}
diff --git a/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_null_pointer.c b/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_null_pointer.c
index 5fb711b6..f4f09745 100644
--- a/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_null_pointer.c
+++ b/test/Feature/ubsan/ubsan_pointer_overflow-applying_nonzero_offset_to_null_pointer.c
@@ -1,5 +1,3 @@
-// REQUIRES: geq-llvm-10.0
-
 // RUN: %clang %s -fsanitize=pointer-overflow -emit-llvm -g %O0opt -c -o %t.bc
 // RUN: rm -rf %t.klee-out
 // RUN: %klee --output-dir=%t.klee-out --emit-all-errors --ubsan-runtime %t.bc 2>&1 | FileCheck %s
diff --git a/test/Feature/ubsan/ubsan_pointer_overflow-applying_zero_offset_to_null_pointer.c b/test/Feature/ubsan/ubsan_pointer_overflow-applying_zero_offset_to_null_pointer.c
index c65954e3..627dc801 100644
--- a/test/Feature/ubsan/ubsan_pointer_overflow-applying_zero_offset_to_null_pointer.c
+++ b/test/Feature/ubsan/ubsan_pointer_overflow-applying_zero_offset_to_null_pointer.c
@@ -1,5 +1,3 @@
-// REQUIRES: geq-llvm-10.0
-
 // RUN: %clang %s -fsanitize=pointer-overflow -emit-llvm -g %O0opt -c -o %t.bc
 // RUN: rm -rf %t.klee-out
 // RUN: %klee --output-dir=%t.klee-out --emit-all-errors --ubsan-runtime %t.bc 2>&1 | FileCheck %s
diff --git a/test/Runtime/FreeStanding/memcpy_chk_err.c b/test/Runtime/FreeStanding/memcpy_chk_err.c
index 490d3f1d..997499ec 100644
--- a/test/Runtime/FreeStanding/memcpy_chk_err.c
+++ b/test/Runtime/FreeStanding/memcpy_chk_err.c
@@ -1,9 +1,7 @@
 // This test checks that __memcpy_chk find the kind of errors it was
 // designed to find
 
-// It requires clang >= 10 and not FreeBSD, otherwise a direct call to
-// memcpy is emitted instead of to __memcpy_chk
-// REQUIRES: geq-llvm-10.0
+// On FreeBSD, a direct call to memcpy is emitted instead of to __memcpy_chk
 // REQUIRES: not-freebsd
 
 // RUN: %clang %s -emit-llvm -O2 -g -c -D_FORTIFY_SOURCE=1 -o %t2.bc
diff --git a/test/VectorInstructions/oob-llvm-lt11.c b/test/VectorInstructions/oob-llvm-lt11.c
deleted file mode 100644
index 9d80ef7d..00000000
--- a/test/VectorInstructions/oob-llvm-lt11.c
+++ /dev/null
@@ -1,44 +0,0 @@
-// REQUIRES: lt-llvm-11.0
-// RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc
-// RUN: rm -rf %t.klee-out
-// NOTE: Have to pass `--optimize=false` to avoid vector operations being
-// constant folded away.
-// RUN: %klee --output-dir=%t.klee-out --optimize=false  %t1.bc > %t.stdout.log 2> %t.stderr.log
-// RUN: FileCheck -input-file=%t.stderr.log %s
-
-#include "klee/klee.h"
-
-#include <assert.h>
-#include <stdint.h>
-#include <stdio.h>
-
-typedef uint32_t v4ui __attribute__((vector_size(16)));
-int main() {
-  v4ui f = {1, 2, 3, 4};
-  int k = klee_range(0, 10, "k");
-
-  if (k == 0) {
-    // CHECK-DAG: [[@LINE+1]]: Out of bounds write when inserting element
-    f[4] = 255; // Out of bounds write
-  }
-
-  if (k == 1) {
-    // CHECK-DAG: [[@LINE+1]]: Out of bounds read when extracting element
-    printf("f[4] = %u\n", f[5]); // Out of bounds
-  }
-
-  if (k > 6) {
-    // Performing read should be ExtractElement instruction.
-    // For now this is an expected limitation.
-    // CHECK-DAG: [[@LINE+1]]: ExtractElement, support for symbolic index not implemented
-    uint32_t readValue = f[k];
-  }
-  else {
-    // Performing write should be InsertElement instructions.
-    // For now this is an expected limitation.
-    // CHECK-DAG: [[@LINE+1]]: InsertElement, support for symbolic index not implemented
-    f[k] = 255;
-  }
-
-  return 0;
-}
diff --git a/test/VectorInstructions/oob-read-llvm-geq11.c b/test/VectorInstructions/oob-read-llvm-geq11.c
deleted file mode 100644
index 309e05b1..00000000
--- a/test/VectorInstructions/oob-read-llvm-geq11.c
+++ /dev/null
@@ -1,46 +0,0 @@
-// REQUIRES: geq-llvm-11.0
-// XFAIL: geq-llvm-11.0
-
-/* The scalarizer pass in LLVM 11 was changed to generate, for a
- read f[k], with k symbolic and f a 4-element vector:
- if k == 0 => f[0]
- elif k == 1 => f[1]
- elif k == 2 => f[2]
- elif k == 3 => f[3]
- else ==> undef
-
- Therefore, even though an OOB access might exist at the source code
- level, no such OOB accesses exist anymore at the LLVM IR level.
-
- And since undef is currently treated in KLEE as 0, an overflowing
- access is always translated as f[0], which may lead to future
- problems being missed.
-
- This test is marked as XFAIL as a reminder that we need to fix this
- behaviour, most likely by having undef return a new symbolic variable.
-*/
-
-// RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc
-// RUN: rm -rf %t.klee-out
-// NOTE: Have to pass `--optimize=false` to avoid vector operations being
-// constant folded away.
-// RUN: %klee --output-dir=%t.klee-out --optimize=false --exit-on-error %t1.bc 2>%t.log
-// RUN: FileCheck -input-file=%t.stderr.log %s
-
-#include "klee/klee.h"
-
-#include <assert.h>
-#include <stdint.h>
-#include <stdio.h>
-
-typedef uint32_t v4ui __attribute__((vector_size(16)));
-int main() {
-  v4ui f = {1, 2, 3, 4};
-  int k = klee_range(4, 10, "k");
-
-  uint32_t v = f[k]; // Symbolic out-of-bounds read
-  v = f[v];          // This should trigger an error, but currently this returns f[0] = 1
-  assert(v != 1);
-
-  return 0;
-}
diff --git a/test/VectorInstructions/oob-read.c b/test/VectorInstructions/oob-read.c
new file mode 100644
index 00000000..2584b3a0
--- /dev/null
+++ b/test/VectorInstructions/oob-read.c
@@ -0,0 +1,45 @@
+// XFAIL: *
+
+/* The scalarizer pass in LLVM 11 was changed to generate, for a
+ read f[k], with k symbolic and f a 4-element vector:
+ if k == 0 => f[0]
+ elif k == 1 => f[1]
+ elif k == 2 => f[2]
+ elif k == 3 => f[3]
+ else ==> undef
+
+ Therefore, even though an OOB access might exist at the source code
+ level, no such OOB accesses exist anymore at the LLVM IR level.
+
+ And since undef is currently treated in KLEE as 0, an overflowing
+ access is always translated as f[0], which may lead to future
+ problems being missed.
+
+ This test is marked as XFAIL as a reminder that we need to fix this
+ behaviour, most likely by having undef return a new symbolic variable.
+*/
+
+// RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc
+// RUN: rm -rf %t.klee-out
+// NOTE: Have to pass `--optimize=false` to avoid vector operations being
+// constant folded away.
+// RUN: %klee --output-dir=%t.klee-out --optimize=false --exit-on-error %t1.bc 2>%t.log
+// RUN: FileCheck -input-file=%t.stderr.log %s
+
+#include "klee/klee.h"
+
+#include <assert.h>
+#include <stdint.h>
+#include <stdio.h>
+
+typedef uint32_t v4ui __attribute__((vector_size(16)));
+int main() {
+  v4ui f = {1, 2, 3, 4};
+  int k = klee_range(4, 10, "k");
+
+  uint32_t v = f[k]; // Symbolic out-of-bounds read
+  v = f[v];          // This should trigger an error, but currently this returns f[0] = 1
+  assert(v != 1);
+
+  return 0;
+}
diff --git a/test/VectorInstructions/oob-write-llvm-geq11.c b/test/VectorInstructions/oob-write-llvm-geq11.c
deleted file mode 100644
index 5c3e691c..00000000
--- a/test/VectorInstructions/oob-write-llvm-geq11.c
+++ /dev/null
@@ -1,51 +0,0 @@
-// REQUIRES: geq-llvm-11.0
-
-/* The scalarizer pass in LLVM 11 was changed to generate, for a
- write of the form f[k] = v, with f a 4-element vector:
- if k == 0 => f[0] = v
- if k == 1 => f[1] = v
- if k == 2 => f[2] = v
- if k == 3 => f[3] = v
-
- Therefore, even though an OOB write access might exist at the source
- code level (e.g., f[5] = v), no such OOB accesses exist anymore at
- the LLVM IR level.
-
- So unlike in the LLVM < 11 test, here we test that the contents of
- the vector is unmodified after the OOB write.
-*/
-
-// RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc
-// RUN: rm -rf %t.klee-out
-// NOTE: Have to pass `--optimize=false` to avoid vector operations being
-// constant folded away.
-// RUN: %klee --output-dir=%t.klee-out --optimize=false --exit-on-error %t1.bc
-
-#include "klee/klee.h"
-
-#include <assert.h>
-#include <stdint.h>
-#include <stdio.h>
-
-typedef uint32_t v4ui __attribute__((vector_size(16)));
-int main() {
-  v4ui f = {1, 2, 3, 4};
-  int k = klee_range(0, 10, "k");
-
-  if (k < 4) {
-    f[5] = 3; // Concrete out-of-bounds write
-    assert(f[0] == 1);
-    assert(f[1] == 2);
-    assert(f[2] == 3);
-    assert(f[3] == 4);
-  }
-  else {
-    f[k] = 255; // Symbolic out-of-bounds write
-    assert(f[0] == 1);
-    assert(f[1] == 2);
-    assert(f[2] == 3);
-    assert(f[3] == 4); 
-  }
-
-  return 0;
-}
diff --git a/test/VectorInstructions/oob-write.c b/test/VectorInstructions/oob-write.c
new file mode 100644
index 00000000..6906dc62
--- /dev/null
+++ b/test/VectorInstructions/oob-write.c
@@ -0,0 +1,49 @@
+/* The scalarizer pass in LLVM 11 was changed to generate, for a
+ write of the form f[k] = v, with f a 4-element vector:
+ if k == 0 => f[0] = v
+ if k == 1 => f[1] = v
+ if k == 2 => f[2] = v
+ if k == 3 => f[3] = v
+
+ Therefore, even though an OOB write access might exist at the source
+ code level (e.g., f[5] = v), no such OOB accesses exist anymore at
+ the LLVM IR level.
+
+ So unlike in the LLVM < 11 test, here we test that the contents of
+ the vector is unmodified after the OOB write.
+*/
+
+// RUN: %clang %s -emit-llvm %O0opt -g -c -o %t1.bc
+// RUN: rm -rf %t.klee-out
+// NOTE: Have to pass `--optimize=false` to avoid vector operations being
+// constant folded away.
+// RUN: %klee --output-dir=%t.klee-out --optimize=false --exit-on-error %t1.bc
+
+#include "klee/klee.h"
+
+#include <assert.h>
+#include <stdint.h>
+#include <stdio.h>
+
+typedef uint32_t v4ui __attribute__((vector_size(16)));
+int main() {
+  v4ui f = {1, 2, 3, 4};
+  int k = klee_range(0, 10, "k");
+
+  if (k < 4) {
+    f[5] = 3; // Concrete out-of-bounds write
+    assert(f[0] == 1);
+    assert(f[1] == 2);
+    assert(f[2] == 3);
+    assert(f[3] == 4);
+  }
+  else {
+    f[k] = 255; // Symbolic out-of-bounds write
+    assert(f[0] == 1);
+    assert(f[1] == 2);
+    assert(f[2] == 3);
+    assert(f[3] == 4); 
+  }
+
+  return 0;
+}
diff --git a/test/lit.cfg b/test/lit.cfg
index 489c272d..773c249d 100644
--- a/test/lit.cfg
+++ b/test/lit.cfg
@@ -170,7 +170,7 @@ config.substitutions.append(
 
 # Add feature for the LLVM version in use, so it can be tested in REQUIRES and
 # XFAIL checks. We also add "not-XXX" variants, for the same reason.
-known_llvm_versions = { "9.0", "10.0", "11.0", "11.1", "12.0", "13.0", "14.0", "15.0", "16.0", "17.0" }
+known_llvm_versions = { "11.0", "11.1", "12.0", "13.0", "14.0", "15.0", "16.0", "17.0" }
 current_llvm_version_tuple = (int(config.llvm_version_major), int(config.llvm_version_minor))
 current_llvm_version = "%s.%s" % current_llvm_version_tuple
 
-- 
cgit 1.4.1