-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Havoc register if truncating non-number
Signed-off-by: Alan Jowett <[email protected]>
- Loading branch information
Alan Jowett
committed
Oct 21, 2024
1 parent
4832643
commit 319335f
Showing
3 changed files
with
364 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,357 @@ | ||
# Copyright (c) Prevail Verifier contributors. | ||
# SPDX-License-Identifier: MIT | ||
--- | ||
test-case: 32-bit pointer truncation - addition | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 += 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: [] | ||
|
||
messages: | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - subtraction | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 -= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: [] | ||
|
||
messages: | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - multiplication | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 *= 1 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - division | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 /= 1 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - modulo | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 %= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - signed division | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 s/= 1 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - signed modulo | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 s%= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - AND | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 &= -1 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - OR | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 |= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - XOR | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 ^= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - LSH | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 <<= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - RSH | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 >>= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - ARSH | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 s>>= 0 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type in {ctx, stack, packet, shared})" | ||
- "1: Invalid type (valid_access(r1.offset, width=4) for read)" | ||
|
||
--- | ||
test-case: 32-bit pointer truncation - NOT | ||
|
||
pre: | ||
- "r1.ctx_offset=0" | ||
- "r1.svalue=[0, 4294967295]" | ||
- "r1.svalue=r1.uvalue" | ||
- "r1.type=ctx" | ||
- "r1.uvalue=[0, 4294967295]" | ||
|
||
# Trigger 32-bit ALU operation without changing the value | ||
code: | ||
<start>: | | ||
w1 = - w1 | ||
w1 = - w1 | ||
r2 = *(u32 *)(r1 + 0) | ||
post: | ||
- "r1.type=ctx" | ||
|
||
messages: | ||
- "0: Invalid type (r1.type == number)" | ||
- "1: Invalid type (r1.type == number)" | ||
- "2: Lower bound must be at least 0 (valid_access(r1.offset, width=4) for read)" | ||
- "2: Upper bound must be at most 64 (valid_access(r1.offset, width=4) for read)" |