int main() { char buf[4]; klee_make_symbolic(buf, sizeof buf); buf[1] = 'a'; constantArr[klee_range(0, 16, "idx.0")] = buf[0]; // Use this to trigger an interior update list usage. int y = constantArr[klee_range(0, 16, "idx.1")]; constantArr[klee_range(0, 16, "idx.2")] = buf[3]; buf[klee_range(0, 4, "idx.3")] = 0; klee_assume(buf[0] == 'h'); int x = *((int*) buf); klee_assume(x > 2); klee_assume(x == constantArr[12]); klee_assume(y != (1 << 5)); assert(0); return 0; }
int main() { if (klee_range(0,2, "range")) { assert(__LINE__ == 10); printf("__LINE__ = %d\n", __LINE__); } else { assert(__LINE__ == 12); printf("__LINE__ = %d\n", __LINE__); } return 0; }
int main() { char buf[4]; klee_check_memory_access(&buf, 1); printf("good\n"); if (klee_range(0, 2, "range1")) { klee_check_memory_access(0, 1); printf("null pointer deref: bad\n"); } if (klee_range(0, 2, "range2")) { klee_check_memory_access(buf, 5); printf("oversize access: bad\n"); } return 0; }
int main() { // concrete case void *p = malloc(0); free(p); p = malloc(0); void *arr[4] = { p, 0, 0, 0 }; // symbolic case free(arr[klee_range(0, 4, "range")]); }
int main(int argc, char** argv) { int x = klee_range(0, BOUND_VALUE, "x"); #ifdef FORCE_VALUE klee_assume(x == FORCE_VALUE); #endif #ifdef PRINT_VALUE printf("x=%d\n", x); #endif return 0; }
int main(int argc, char **argv) { switch(klee_range(0, 3, "range")) { case 0: free(argv); break; case 1: free(argv[0]); break; case 2: free(argv[1]); break; } return 0; }
int main() { int x = klee_range(0, 256, "x"); if (x == 17) { f0(); } else if (x == 32) { f1(); } else if (x == 99) { f2(); } else { klee_prefer_cex(&x, x == 0); f3(); } return 0; }
int main(int argc, char **argv) { struct stat s; int res = stat("A", &s); int hasA = !(res!=0 && errno==ENOENT); //printf("sizeof(dirent) = %d\n", sizeof(struct dirent)); //printf("sizeof(dirent64) = %d\n", sizeof(struct dirent64)); //printf("\"A\" exists: %d\n", hasA); DIR *d = opendir("."); assert(d); int snum = 1; if (klee_range(0,2,"range")) { snum = 2; printf("state%d\n", snum); } int foundA = 0, count = 0; struct dirent *de; while ((de = readdir(d))) { // printf("state%d: dirent: %s\n", snum, de->d_name); if (strcmp(de->d_name, "A") == 0) foundA = 1; count++; } closedir(d); //printf("found A: %d\n", foundA); // Ensure atomic write char buf[64]; sprintf(buf, "COUNT: %d\n", count); fputs(buf, stdout); assert(hasA == foundA); return 0; }