UTBotCpp icon indicating copy to clipboard operation
UTBotCpp copied to clipboard
verified publisher icon UnitTestBot

GEP issue in BatCast operation

Open S1eGa opened this issue 3 years ago • 0 comments

https://github.com/UnitTestBot/klee/blob/e1a2b064fcb0fe4a891c18f6310334b4ff6a87f7/lib/Core/Executor.cpp#L2918

  case Instruction::BitCast: {
    ref<Expr> result = eval(ki, 0, state).value;
    BitCastInst *bc = cast<BitCastInst>(ki->inst);

    if(UseGEPExpr && isGEPExpr(result)) {
      unsigned size = bc->getType()->isPointerTy() ?
            kmodule->targetData->getTypeStoreSize(ki->inst->getType()->getPointerElementType()) :
            kmodule->targetData->getTypeStoreSize(ki->inst->getType());
      gepExprBases[result] = {gepExprBases[result].first, size};
    }

    bindLocal(ki, state, result);
    break;
  }

This code handles bitcast operation from IR: gets expression to access to the operand, changes the size, and then writes to gepExprBases. It it not, that expected, as bitcast in IR creates a new register with new type, and leaves the old register untouched: in this code we rewrite the old register, so we will always access to the last register, that we got after bitcast.

This can be fixed by storing the keys in gepExprBases as a pair of <Expr, Type>.

S1eGa avatar Jun 10 '22 09:06 S1eGa