Hi, just did an (stupid and interesting) experiment on klee:
wrote a simple parser using flex/bison, making the parser accept string input(size of 64 or 1024), then make the string symbolic in klee, and let klee generate test cases for the parser. It turns out that the test cases starts from all 0x00, to some random values. and also the parser keeps reporting syntax errors (of course). and the whole program seems to be never stop. The conclusion is that klee can not really test structured input to test parser. NOTE: in klee's example, it tests a regular expression program, then I thought it might test parser, which is the original motivation of doing the experiment. Any comment are greatly welcomed. --Shuying
