On Tue, Apr 6, 2010 at 6:31 AM, Cristian Zamfir <cristian.zamfir at epfl.ch> wrote: > > Hi, > > When Klee finds an of bound pointer it creates a test case which can be used > to replay the bug on the native binaries. > > However, there are also failed external calls, which are due to SIGSEGV > caught during runProtectedCall(). These usually show up in calls such as > vprintf in klee-libc. I think these are also bugs, right? However, during > klee-replay the bug is not reproduced. Is this due to linking against glibc > instead of klee-libc or are these false positives?
I don't know of any false positives, but there can always be bugs. However, there are known cases where things won't replay. Non-replayable malloc is the main source I am aware of, although it is possible others have leaked in. Have you tried verifying exactly why the code is crashing in vprintf? Is it actually trying to access invalid memory, or is something else happening (for example, maybe KLEE generated the wrong code for the external call). - Daniel > Thanks, > Cristi > > _______________________________________________ > klee-dev mailing list > klee-dev at keeda.stanford.edu > http://keeda.Stanford.EDU/mailman/listinfo/klee-dev >
