Hi All,
I have a use case where I need to call* interpreter->runFunctionAsMain(mainFn,
pArgc, pArgv, pEnvp); *more than once from *main* in main.cpp.
The first call to runFunctionAsMain works fine. However, the second run
generates a out of bounds access error in *klee_init_env.c*. I am unable to
figure
out the reason for this and was hoping to get some insights.
I am working off *d2fbdf7 *and have the following patch.
--- a/tools/klee/main.cpp
+++ b/tools/klee/main.cpp
@@ -56,6 +56,7 @@
#include <iomanip>
#include <iterator>
#include <sstream>
+#include <iostream>
using namespace llvm;
@@ -1420,6 +1421,8 @@ int main(int argc, char **argv, char **envp) {
}
}
interpreter->runFunctionAsMain(mainFn, pArgc, pArgv, pEnvp);
+ std::cout << "One more run\n";
+ interpreter->runFunctionAsMain(mainFn, pArgc, pArgv, pEnvp);
while (!seeds.empty()) {
kTest_free(seeds.back());
*Sample program to demonstrate the issue - *
#include <klee/klee.h>
int run(unsigned int buf_size) {
if(run > 3) {
return 7;
} else {
return 10;
}
}
int main(int argc, char* argv[]) {
int a;
klee_make_symbolic(&a, sizeof(a), "a");
return run(a);
}
Klee command - *klee --libc=uclibc --posix-runtime main.bc 32*
Error - KLEE: ERROR:
/home/shelly/klee_vanilla/klee/runtime/POSIX/klee_init_env.c:54: memory
error: out of bound pointer
I would be happy to provide any additional information.
--
Live Long & Prosper
_______________________________________________
klee-dev mailing list
klee-dev@imperial.ac.uk
https://mailman.ic.ac.uk/mailman/listinfo/klee-dev
