KLEE error reports
来源:互联网 发布:马赛克复原软件 编辑:程序博客网 时间:2024/05/16 15:57
When KLEE detects an error in the program being executed it will generate a test case which exhibits the error, and write some additional information about the error into a file testN.TYPE.err, where N is the test case number, and TYPE identifies the kind of error. Some types of errors KLEE detects include:
- ptr: Stores or loads of invalid memory locations.
- free: Double or invalid free().
- abort: The program called abort().
- assert: An assertion failed.
- div: A division or modulus by zero was detected.
- user: There is a problem with the input (invalid klee intrinsic calls) or the way KLEE is being used.
- exec: There was a problem which prevented KLEE from executing the program; for example an unknown instruction, a call to an invalid function pointer, or inline assembly.
- model: KLEE was unable to keep full precision and is only exploring parts of the program state. For example, symbolic sizes to malloc are not currently supported, in such cases KLEE will concretize the argument.
A way to fix some errors is to use the klee_assume intrinsic function. klee_assume takes a single argument (an unsigned integer) which generally should some kind of conditional expression, and “assumes” that expression to be true on the current path (if that can never happen, i.e. the expression is provably false, KLEE will report an error).
We can use klee_assume to cause KLEE to only explore states where the string is null terminated by writing the driver like this:
int main() { // The input regular expression. char re[SIZE]; // Make the input symbolic. klee_make_symbolic(re, sizeof re, "re"); klee_assume(re[SIZE - 1] == '\0'); // Try to match against a constant string "hello". match(re, "hello"); return 0; }NOTE: One important caveat when using klee_assume with multiple conditions; remember that boolean conditionals like ‘&&’ and ‘||’ may be compiled into code which branches before computing the result of the expression. In such situations KLEE will branch the process before it reaches the call to klee_assume, which may result in exploring unnecessary additional states. For this reason it is good to use as simple expressions as possible to klee_assume (for example splitting a single call into multiple ones), and to use the ‘&’ and ‘|’ operators instead of the short-circuiting ones.
Reference:
http://klee.github.io/tutorials/testing-regex/
- KLEE error reports
- Updating Error Reports Database
- updating error reports database
- updating error reports database
- updating error reports database解决方案
- Upload Reports to JasperReports Server Error
- AngularJS: Error reports on $injector:modulerr
- KLee安装
- Install KLEE
- Understanding the Login Failed Error in Crystal Reports
- DynamIPS 启动提示 file system device reports an error
- Browsing SASL error reports in the remote shell
- Exception: Error dropping database (can't rmdir './Reports', errno: 39)
- 关于stm32报错Library reports error: __use_no_semihosting was requested
- Eclipse出现updating error reports database Sleeping问题
- Library reports error: __use_no_semihosting was requested, but _tty
- KLEE软件分析
- klee-uclibc configure错误
- Python 2.7.x 和 Python 3.x 的主要区别
- TP5自动验证机制
- [USACO08JAN]电话线Telephone Lines 洛谷P1948
- 初探oracle高级队列锁V$LOCK
- Spring Data Redis(sdr)-----序列化
- KLEE error reports
- ECharts 去掉地图(map)的指示图(visualMap)
- 深入理解JAVA集合系列二:ConcurrentHashMap源码解读
- solr历史版本
- 面试题3:数组中重复的数字
- 一个数组中只有两个数字是出现一次,其他所有数字都出现了两次。找出这两个数字
- HDU-1233-还是畅通工程(最小生成树kruscal)
- fork函数与I/O函数之间的交互关系
- 深入理解JAVA I/O系列五:对象序列化
