blob: 627dc80141fc545c1a27ea7a7f3aa017a3aaa98e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
// RUN: %clang %s -fsanitize=pointer-overflow -emit-llvm -g %O0opt -c -o %t.bc
// RUN: rm -rf %t.klee-out
// RUN: %klee --output-dir=%t.klee-out --emit-all-errors --ubsan-runtime %t.bc 2>&1 | FileCheck %s
// RUN: ls %t.klee-out/ | grep .ktest | wc -l | grep 1
// RUN: ls %t.klee-out/ | grep .ptr.err | wc -l | grep 1
#include "klee/klee.h"
#include <stdio.h>
int main() {
size_t address;
volatile char *result;
klee_make_symbolic(&address, sizeof(address), "address");
klee_assume(address == 0);
char *ptr = (char *)address;
// CHECK: KLEE: ERROR: {{.*}}runtime/Sanitizer/ubsan/ubsan_handlers.cpp:{{[0-9]+}}: nullptr-with-offset
result = ptr + 0;
return 0;
}
|
