blob: af42c0126239b027208ca2b0e44ce9c27efd13e9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
// RUN: echo "x" > %t1.res
// RUN: echo "x" >> %t1.res
// RUN: echo "x" >> %t1.res
// RUN: echo "x" >> %t1.res
// RUN: %llvmgcc %s -emit-llvm -O0 -c -o %t1.bc
// RUN: rm -rf %t.klee-out
// RUN: %klee --output-dir=%t.klee-out %t1.bc > %t1.log
// RUN: diff %t1.res %t1.log
#include <stdio.h>
unsigned klee_urange(unsigned start, unsigned end) {
unsigned x;
klee_make_symbolic(&x, sizeof x);
if (x-start>=end-start) klee_silent_exit(0);
return x;
}
int *make_int(int i) {
int *x = malloc(sizeof(*x));
*x = i;
return x;
}
int main() {
int *buf[4];
int i,s,t;
for (i=0; i<4; i++)
buf[i] = make_int((i+1)*2);
s = klee_urange(0,4);
int x = *buf[s];
if (x == 4)
if (s!=1)
abort();
printf("x\n");
fflush(stdout);
return 0;
}
|