That's a valid point. You need to look at wget's code to see what causes the 'out of bound' message.
Paul On 27 Oct 2011, at 16:50, David Ramos wrote: > I don't think it's an actual OoB access. If you look at the warnings, there > were a lot of external functions invoked, including gethostbyname(), which > returns a pointer to static data. Since KLEE isn't aware of the location or > size of this static data, it considers it an invalid memory access when the > user code tries to dereference the pointer. That's just a guess, though. > > KLEE doesn't support external calls to functions that return pointers to > static data (unless it's defined in the LLVM module) or that allocate and > return pointers to new data. > -David > > (I forgot to CC the list first, sorry!) > > On Oct 27, 2011, at 7:19 AM, Paul Marinescu wrote: > >> Hi, >> Most likely this is an invalid memory access which doesn't show up when >> running the program natively (which is what klee-replay does). >> >> Best, >> Paul >> >> On 26/10/11 04:15, [email protected] wrote: >>> Hi, >>> Now, I am studying klee and use it to test some programs. >>> I test wget and find a bug, but there is something I can't understand >>> clearly. >>> the step I do the experiments is listed as below: >>> >>> 1) I compiler the wget program and get wget.bc file. >>> then >>> 2)yun@yun-pc:~/wget-1.5.3/obj/src$ klee --libc=uclibc --posix-runtime >>> ./wget.bc >>> www.google.com >>> the output of klee show that there is a bug in host.c file because of >>> bound of >>> out of bound pointer. >>> >>> *********************************************************************************************************** >>> yun@yun-pc:~/wget-1.5.3/obj/src$ klee --libc=uclibc --posix-runtime >>> ./wget.bc >>> www.google.com >>> [00000.036] Cloud9: Debug: Using Klee path /home/yun/cloud/cloud9 >>> [00000.036] Cloud9: Debug: Using uClibc path /home/yun/cloud/uclibc >>> [00000.121] Cloud9: Debug: Using uClibc path /home/yun/cloud/uclibc >>> [00000.122] Cloud9: Debug: Using Klee path /home/yun/cloud/cloud9 >>> KLEE: NOTE: Using model: >>> /home/yun/cloud/cloud9/Release+Asserts/lib/libkleeRuntimePOSIX.bca >>> [00000.199] Cloud9: Debug: Using Klee path /home/yun/cloud/cloud9 >>> KLEE: output directory = "klee-out-0" >>> [00000.199] Cloud9: Info: Instrumentation started >>> WARNING: this target does not support the llvm.stacksave intrinsic. >>> KLEE: WARNING: function "iwrite" has inline asm >>> KLEE: WARNING: function "iread" has inline asm >>> KLEE: WARNING: function "acceptport" has inline asm >>> KLEE: WARNING: undefined reference to function: __ctype_b_loc >>> KLEE: WARNING: undefined reference to function: __ctype_tolower_loc >>> KLEE: WARNING: undefined reference to function: __ctype_toupper_loc >>> KLEE: WARNING: undefined reference to function: __libc_fcntl >>> KLEE: WARNING: undefined reference to function: bindtextdomain >>> KLEE: WARNING: undefined reference to function: dcgettext >>> KLEE: WARNING: undefined reference to function: gethostbyaddr >>> KLEE: WARNING: undefined reference to function: gethostbyname >>> KLEE: WARNING: undefined reference to function: snprintf >>> KLEE: WARNING: undefined reference to function: textdomain >>> KLEE: WARNING: undefined reference to function: kill (UNSAFE)! >>> KLEE: WARNING: calling external: stat(140052474042240, 140052474050912) >>> KLEE: WARNING: calling external: syscall(5, 1, 140052474054304) >>> KLEE: WARNING: calling external: snprintf(140052474048704, 16, >>> 140052474048832, >>> 140052474048896, 0) >>> KLEE: WARNING: _ioctl_file: operation not supported on symbolic files >>> KLEE: WARNING: calling __user_main298 with extra arguments. >>> KLEE: WARNING: calling __user_main with extra arguments. >>> KLEE: WARNING: calling external: bindtextdomain(140052473969440, >>> 140052473969504) >>> KLEE: WARNING: calling external: textdomain(140052473969440) >>> KLEE: WARNING: signal: silently ignoring >>> KLEE: WARNING: calling external: __ctype_toupper_loc() >>> Attempting to open: /etc/TZ >>> --17:03:26-- http://www.google.com:80/ >>> => `index.html.3' >>> KLEE: WARNING: calling external: dcgettext(0, 140052473950368, 5) >>> Connecting to www.google.com:80... KLEE: WARNING: calling external: >>> gethostbyname(140052474229248) >>> KLEE: ERROR: /home/yun/cloud/wget-1.5.3/obj/src/../../src/host.c:160: >>> memory error: >>> out of bound pointer >>> KLEE: NOTE: now ignoring this error at this location >>> [00001.008] Cloud9: Debug: Code coverage is 0/0 (local) and 0/0 (global)... >>> >>> KLEE: done: total instructions = 247972 >>> KLEE: done: completed paths = 3 >>> KLEE: done: generated tests = 1 >>> [00002.001] Cloud9: Info: Instrumentation interrupted. Stopping. >>> ************************************************************************************************************* >>> >>> 3) yun@yun-pc:~/wget-1.5.3/obj/src$ klee-replay ./wget >>> ./klee-last/test000001.ktest >>> the output of klee show that there is no error and the execution of >>> program is >>> normal >>> ************************************************************************************************************** >>> yun@yun-pc:~/wget-1.5.3/obj/src$ klee-replay ./wget >>> ./klee-last/test000001.ktest >>> WARNING: klee_assume(0)! >>> klee-replay: TEST CASE: ./klee-last/test000001.ktest >>> klee-replay: ARGS: "./wget" "www.google.com" >>> --11:16:21-- http://www.google.com:80/ >>> => `index.html.3' >>> Connecting to www.google.com:80... connected! >>> HTTP request sent, awaiting response... 302 Found >>> Location: >>> http://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=http://www.google.com.hk/&ust=1319599011889039&usg=AFQjCNE2wsk6e-Y-pUCHPK7GX-HOg_0AWg >>> [following] >>> --11:16:21-- >>> http://www.google.com.hk:80/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=http%3A/www.google.com.hk/&ust=1319599011889039&usg=AFQjCNE2wsk6e-Y-pUCHPK7GX-HOg_0AWg >>> => `&ust=1319599011889039&usg=AFQjCNE2wsk6e-Y-pUCHPK7GX-HOg_0AWg' >>> Connecting to www.google.com.hk:80... connected! >>> HTTP request sent, awaiting response... 200 OK >>> Length: unspecified [text/html] >>> >>> 0K -> . >>> >>> 11:16:21 (1.10 MB/s) - >>> `&ust=1319599011889039&usg=AFQjCNE2wsk6e-Y-pUCHPK7GX-HOg_0AWg' saved [1155] >>> >>> klee-replay: EXIT STATUS: NORMAL (0 seconds) >>> *************************************************************************************************************** >>> >>> So I think this is a false bug report or there is something else I don't >>> understand >>> it clearly >>> >>> _______________________________________________ >>> klee-dev mailing list >>> [email protected] >>> http://keeda.Stanford.EDU/mailman/listinfo/klee-dev >> >> _______________________________________________ >> klee-dev mailing list >> [email protected] >> http://keeda.Stanford.EDU/mailman/listinfo/klee-dev > _______________________________________________ klee-dev mailing list [email protected] http://keeda.Stanford.EDU/mailman/listinfo/klee-dev
