Small fix

Author: mamaria-k

include/klee/Expr/Expr.h

@@ -183,6 +183,8 @@ class Expr {
 
   static const Width Fl80 = 80;
 
+  static const Width TaintWidth = 64;
+
   enum States { Undefined, True, False };
 
   enum Kind {
@@ -414,6 +416,8 @@ class Expr {
   static ref<ConstantExpr> createFalse();
 
   static ref<ConstantExpr> createEmptyTaint();
+  static ref<Expr> combineTaints(const ref<Expr> &taintL,
+                                 const ref<Expr> &taintR);
 
   /// Create a little endian read of the given type at offset 0 of the
   /// given object.
@@ -1684,9 +1688,8 @@ class PointerExpr : public NonConstantExpr {
   ref<Expr> value;
   ref<Expr> taint;
 
-  static ref<Expr>
-  alloc(const ref<Expr> &b, const ref<Expr> &v,
-        const ref<Expr> &t = createEmptyTaint()) {
+  static ref<Expr> alloc(const ref<Expr> &b, const ref<Expr> &v,
+                         const ref<Expr> &t = createEmptyTaint()) {
     ref<Expr> r(new PointerExpr(b, v, t));
     r->computeHash();
     r->computeHeight();
@@ -1734,8 +1737,8 @@ class PointerExpr : public NonConstantExpr {
 
   bool isKnownValue() const { return getBase()->isZero(); }
 
-  ref<Expr> combineTaints(const ref<PointerExpr> &RHS) {
-    return OrExpr::create(getTaint(), RHS->getTaint());
+  ref<ConstantExpr> combineTaints(const ref<PointerExpr> &RHS) {
+    return Expr::combineTaints(getTaint(), RHS->getTaint());
   }
 
   ref<Expr> Add(const ref<PointerExpr> &RHS);
@@ -1783,9 +1786,9 @@ class ConstantPointerExpr : public PointerExpr {
     r->computeHeight();
     return r;
   }
-  static ref<Expr>
-  create(const ref<ConstantExpr> &b, const ref<ConstantExpr> &v,
-         const ref<ConstantExpr> &t = createEmptyTaint());
+  static ref<Expr> create(const ref<ConstantExpr> &b,
+                          const ref<ConstantExpr> &v,
+                          const ref<ConstantExpr> &t = createEmptyTaint());
 
   Kind getKind() const { return Expr::ConstantPointer; }
 

lib/Core/SpecialFunctionHandler.cpp

@@ -808,7 +808,8 @@ void SpecialFunctionHandler::handleRealloc(ExecutionState &state,
   if (zeroSize.first) { // size == 0
     executor.executeFree(*zeroSize.first,
                          PointerExpr::create(addressPointer->getValue(),
-                                             addressPointer->getValue()),
+                                             addressPointer->getValue(),
+                                             addressPointer->getTaint()),
                          target);
   }
   if (zeroSize.second) { // size != 0
@@ -1278,11 +1279,8 @@ void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state,
     return;
   }
 
-  char *end = nullptr;
-  size_t rule = strtoul(arguments[0]->toString().c_str(), &end, 10);
-  if (*end != '\0' || errno == ERANGE) {
-    executor.terminateStateOnUserError(
-        state, "Incorrect argument 0 to klee_taint_hit(size_t)");
-  }
-  executor.terminateStateOnTargetTaintError(state, rule);
+//  printf("klee_taint_hit for rule: %s\n", arguments[0]->toString().c_str());
+
+  executor.terminateStateOnTargetTaintError(
+      state, dyn_cast<ConstantExpr>(arguments[0])->getZExtValue());
 }

lib/Expr/Expr.cpp

@@ -553,6 +553,23 @@ ref<ConstantExpr> Expr::createEmptyTaint() {
   return ConstantExpr::create(0, Expr::Int64);
 }
 
+ref<Expr> Expr::combineTaints(const ref<Expr> &taintL,
+                              const ref<Expr> &taintR) {
+  if (SelectExpr *sel = dyn_cast<SelectExpr>(taintL)) {
+    taintL->dump();
+  }
+  if (PointerExpr *sel = dyn_cast<PointerExpr>(taintL)) {
+    taintR->dump();
+  }
+  if (ConstantExpr *sel = dyn_cast<ConstantExpr>(taintL)) {
+    if (ConstantExpr *ser = dyn_cast<ConstantExpr>(taintR)) {
+      sel->getAPValue().dump();
+      ser->getAPValue().dump();
+    }
+  }
+  return OrExpr::create(taintL, taintR);
+}
+
 Expr::ByteWidth Expr::getByteWidth() const {
   return (getWidth() + CHAR_BIT - 1) / CHAR_BIT;
 }
@@ -2974,7 +2991,7 @@ ref<Expr> ConstantPointerExpr::create(const ref<ConstantExpr> &b,
                                  combineTaints(RHS));                          \
     } else {                                                                   \
       auto value = _e_op::create(getValue(), RHS->getValue());                 \
-      if (getTaint().isNull() && RHS->getTaint().isNull()) {                   \
+      if (getTaint()->isZero() && RHS->getTaint()->isZero()) {                   \
         return value;                                                          \
       } else {                                                                 \
         return PointerExpr::create(ConstantExpr::create(0, value->getWidth()), \