Hello all,

I am performing static analysis on a codebase and for that I am trying to
find all the possible paths from function 'A' to function 'B' along with
the conditions that are responsible while traversing that path. My input is
a large llvm IR file which contains all the functions definitions.

So if we consider the below toy example :-

int functionA(int a) {
if (a > 0) {
return functionB(20, 50);
}
else {
return functionC(100, 500);
}
}

int functionB(int x, int y) {
if(x > y){
return multiply(x, y);
}
else {
return divide(y, x);
}
}

int functionC(int x, int y) {
if(y > 0){
return divide(x, y);
}
else {
return multiply(y, x);
}
}

int multiply(int a, int b){
return a*b;
}

int divide(int x, int y){
return x/y;
}

So lets say I want to trace the execution path from function "functionA" to
function "divide", the following is the output I am expecting

1. "functionA && ((x < y) && divide)"
2. "functionA && ((y > 0) && divide)"

or it can be combined as "functionA && ((x < y) || (y > 0)) && divide"

I just want to know whether klee is capable of performing such analysis
(not exact as I knew I need to modify few things to arrive at the final
solution but you get the gist). If yes, can you please provide some
references and resources that I can look into.

Thank you.
_______________________________________________
klee-dev mailing list
klee-dev@imperial.ac.uk
https://mailman.ic.ac.uk/mailman/listinfo/klee-dev

Reply via email to