-
Notifications
You must be signed in to change notification settings - Fork 45
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Havoc register if truncating non-number
Signed-off-by: Alan Jowett <[email protected]>
- Loading branch information
Showing
3 changed files
with
364 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,357 @@ | ||
# Copyright (c) Prevail Verifier contributors. | ||
# SPDX-License-Identifier: MIT | ||
--- | ||
test-case: 32-bit pointer truncation - addition | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 += 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: [] | ||
|
||
messages: | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - subtraction | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 -= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: [] | ||
|
||
messages: | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - multiplication | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 *= 1 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - division | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 /= 1 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - modulo | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 %= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - signed division | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 s/= 1 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - signed modulo | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 s%= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - AND | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 &= -1 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - OR | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 |= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - XOR | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 ^= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - LSH | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 <<= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - RSH | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 >>= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - ARSH | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 s>>= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - NOT | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 = - w1 | ||
w1 = - w1 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.type=ctx" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type == number)" | ||
- "2: Lower bound must be at least 0 (valid_access(r1.offset, width=4) for read)" | ||
- "2: Upper bound must be at most 64 (valid_access(r1.offset, width=4) for read)" |