Dear all,
In klee, the memory should be allocated before its running. E.g., if we
have a pointer p, then its initialization code could be
int p_instance;
klee_make_symbolic(&p_instance,sizeof(int),'p');
where int*p=&p_instance;
or,
int*p=malloc(sizeof(int));
klee_make_symbolic(p,sizeof(int),'p');
This causes the problem that we cannot deal with the complex, pointer-rich
data such as a chained list in klee. E.g., the following
is a node structure. While running klee, its pointer next cannot be allocated
automatically.
struct point{
int x;
struct point*next;
};
In the paper "Under-Constrained Symbolic Execution: Correctness Checking
for Real Code, 24th USENIX Security Symposium 2015",
it introduced the UC-KLEE which can handle such situation and mentioned a
technique named "Lazy initialization" (see section 2.1).
I want to know where can I get the release version of UC-KLEE? Or, how to
implement this technique in klee?
Thanks a lot.
-Buka
【网易自营|30天无忧退货】德国Birkenstock制造商“经典软木凉拖”限时仅69.9元>>
_______________________________________________
klee-dev mailing list
klee-dev@imperial.ac.uk
https://mailman.ic.ac.uk/mailman/listinfo/klee-dev
