Check bitvector types in crucible_llvm_extract (#567)

Aaron Tomb · web-flow · commit 6adf6f12055f · 2019-10-17T16:28:39.000-07:00
Because `crucible-llvm` merges integer and pointer types, it is not sufficient to look at Crucible types to determine whether a CFG coming from LLVM takes pointer arguments or returns a pointer. Instead, we have to look at the original LLVM types. This commit does that, and produces an error if `crucible_llvm_extract` is used with a function that has poiinter types anywhere in its signature. Fixes #521.
diff --git a/intTests/test_issue521/ptr.bc b/intTests/test_issue521/ptr.bc
diff --git a/intTests/test_issue521/ptr.c b/intTests/test_issue521/ptr.c
@@ -0,0 +1,3 @@
+unsigned int add(unsigned int *x, unsigned int *y) {
+    return *x + *y;
+}
diff --git a/intTests/test_issue521/test.saw b/intTests/test_issue521/test.saw
@@ -0,0 +1,2 @@
+m <- llvm_load_module "ptr.bc";
+fails (crucible_llvm_extract m "add");
diff --git a/intTests/test_issue521/test.sh b/intTests/test_issue521/test.sh
@@ -0,0 +1,3 @@
+set -e
+
+$SAW test.saw
diff --git a/src/SAWScript/Crucible/LLVM/Builtins.hs b/src/SAWScript/Crucible/LLVM/Builtins.hs
@@ -64,7 +64,7 @@ import           Control.Monad.State hiding (fail)
 import           Control.Monad.Fail (MonadFail(..))
 import qualified Data.Bimap as Bimap
 import           Data.Char (isDigit)
-import           Data.Foldable (for_, toList, find)
+import           Data.Foldable (for_, toList, find, fold)
 import           Data.Function
 import           Data.IORef
 import           Data.List
@@ -1103,6 +1103,17 @@ crucible_llvm_extract ::
 crucible_llvm_extract bic opts (Some lm) fn_name = do
   let ctx = lm ^. modTrans . Crucible.transContext
   let ?lc = ctx^.Crucible.llvmTypeCtx
+  let edef = findDefMaybeStatic (lm ^. modAST) fn_name
+  case edef of
+    Right defs -> do
+      let defTypes = fold $
+                     NE.map (map L.typedType . L.defArgs) defs <>
+                     NE.map (\d -> [L.defRetType d]) defs
+      when (any L.isPointer defTypes) $
+        fail "Pointer types are not supported by `crucible_llvm_extract`."
+      when (any L.isAlias defTypes) $
+        fail "Type aliases are not supported by `crucible_llvm_extract`."
+    Left err -> fail (displayVerifExceptionOpts opts err)
   setupLLVMCrucibleContext bic opts lm $ \cc ->
     case Map.lookup (fromString fn_name) (Crucible.cfgMap (cc^.ccLLVMModuleTrans)) of
       Nothing  -> fail $ unwords ["function", fn_name, "not found"]

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+unsigned int add(unsigned int x, unsigned int y) {`
	`2`	`+ return x + y;`
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+m <- llvm_load_module "ptr.bc";`
	`2`	`+fails (crucible_llvm_extract m "add");`