Hi,
Below is a patch that addresses an issue that would cause Klee to
incorrectly execute a getelementptr instruction that contains negative
offsets. I presume this situation has not been encountered too much before,
but it appears that LLVM 3.0 likes to construct such instructions more
often.
Cheers,
Stefan
==============================================
diff --git a/include/klee/Expr.h b/include/klee/Expr.h
index 1f0305b..6e98de2 100644
--- a/include/klee/Expr.h
+++ b/include/klee/Expr.h
@@ -330,6 +330,11 @@ public:
return value.getZExtValue();
}
+ uint64_t getSExtValue(unsigned bits = 64) const {
+ assert(getWidth() <= bits && "Value may be out of range!");
+ return value.getSExtValue();
+ }
+
/// getLimitedValue - If this value is smaller than the specified limit,
/// return it, otherwise return the limit value.
uint64_t getLimitedValue(uint64_t Limit = ~0ULL) const {
diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp
index f64b3a0..d54fc26 100644
--- a/lib/Core/Executor.cpp
+++ b/lib/Core/Executor.cpp
@@ -2511,7 +2511,7 @@ void Executor::computeOffsets(KGEPInstruction *kgepi,
TypeIt ib, TypeIt ie) {
Value *operand = ii.getOperand();
if (Constant *c = dyn_cast<Constant>(operand)) {
ref<ConstantExpr> index =
- evalConstant(c)->ZExt(Context::get().getPointerWidth());
+ evalConstant(c)->SExt(Context::get().getPointerWidth());
ref<ConstantExpr> addend =
index->Mul(ConstantExpr::alloc(elementSize,
Context::get().getPointerWidth()));
@@ -2522,7 +2522,7 @@ void Executor::computeOffsets(KGEPInstruction *kgepi,
TypeIt ib, TypeIt ie) {
}
index++;
}
- kgepi->offset = constantOffset->getZExtValue();
+ kgepi->offset = constantOffset->getSExtValue();
}
void Executor::bindInstructionConstants(KInstruction *KI) {
_______________________________________________
klee-dev mailing list
[email protected]
http://keeda.Stanford.EDU/mailman/listinfo/klee-dev
