Hello. I've compiled this code into bytecode:
void foo(int * a) { printf("%d",a); }
void main() { foo(NULL) }
After that, i've hacked klee's main.cpp so after loading bitcode from the
file, it replaces foo(NULL) call with foo(<my ptr>), where <my ptr> is
IntToPtrInst pointing to klee's process heap:
char * mem = new char;
fooCallInst->setArgOperand(0, new IntToPtrInst(...));
To be sure, i'm dumping whole module and @main looks like this:
define i32 @main() nounwind uwtable {
entry:
%retval = alloca i32, align 4
store i32 0, i32* %retval
%0 = inttoptr i64 34397700356 to i32*
call void @foo(i32* %0)
ret i32 0
}
which is ok. But during execution i get
KLEE: ERROR: memory error: out of bound pointer
KLEE: NOTE: now ignoring this error at this location
I suppose, this memory location isn't registered within klee's memory
manager, or something like this. So, what should i hack to make it work?
And is this possible at all? Would it be possible to symbolicaze such
memory?
_______________________________________________
klee-dev mailing list
[email protected]
http://keeda.Stanford.EDU/mailman/listinfo/klee-dev
