On Thu, Apr 8, 2010 at 8:03 AM, Daniel Dunbar <daniel at zuster.org> wrote: > On Tue, Apr 6, 2010 at 6:31 AM, Cristian Zamfir <cristian.zamfir at epfl.ch> > wrote: >> >> Hi, >> >> When Klee finds an of bound pointer it creates a test case which can be used >> to replay the bug on the native binaries. >> >> However, there are also failed external calls, which are due to SIGSEGV >> caught during runProtectedCall(). These usually show up in calls such as >> vprintf in klee-libc. I think these are also bugs, right? However, during >> klee-replay the bug is not reproduced. Is this due to linking against glibc >> instead of klee-libc or are these false positives? > > I don't know of any false positives, but there can always be bugs. > > However, there are known cases where things won't replay. > Non-replayable malloc is the main source I am aware of, although it is > possible others have leaked in. > > Have you tried verifying exactly why the code is crashing in vprintf? > Is it actually trying to access invalid memory, or is something else > happening (for example, maybe KLEE generated the wrong code for the > external call).
One extra point, it is also definitely possible that the uClibc vprintf implementation would have some kind of bug. We have found a small number of problems like that in the past. - Daniel > ?- Daniel > >> Thanks, >> Cristi >> >> _______________________________________________ >> klee-dev mailing list >> klee-dev at keeda.stanford.edu >> http://keeda.Stanford.EDU/mailman/listinfo/klee-dev >> >
