Thanks. You are right. I solved the problem.
Best regards,
Qiuping Yi
Parasol Laboratory
Department of Computer Science and Engineering
Texas A&M University
College Station
TX 77843
On Sat, Jan 28, 2017 at 4:12 AM, Dan Liew wrote:
> On 27 January 2017 at 04:18, Qiuping Yi wrote:
> > Dear all,
> >
> > I encountered a strange problem when testing the next code snippet:
> >
> > 1 if (pw = getpwuid(getuid()) == NULL)
> > 2 return ;
> >
> > 3 .. = pw->pw_dir;
>
> Please use the correct mailing list (klee-dev@imperial.ac.uk) instead
> of the old klee-...@keeda.stanford.edu mailing list.
>
> It would be better if you provided a small complete example. Like this.
>
> ```
> #include
> #include
> #include
> #include
> #include
>
> int main(int arc, char** argv) {
> struct passwd* pw;
> uid_t uid = getuid();
> printf("uid is %d\n", uid);
> if (pw = getpwuid(getuid()) == NULL) {
> printf("Failed\n");
> return 1;
> }
> assert(pw && "pw cannot be NULL");
>
> char* pw_dir = pw->pw_dir;
> printf("pw_dir: %s\n", pw_dir);
> return 0;
> }
> ```
>
> Your code is wrong.
>
> if (pw = getpwuid(getuid()) == NULL)
>
> is doing this
>
> if ( pw = ( getpwuid(getuid()) == NULL )
>
> so a pointer is returned by `getpwuid()` and then we compare with NULL
> which is false so then `pw` gets assigned the value zero.
>
> However once I fix your code to
>
> if ((pw = getpwuid(getuid())) == NULL) {
>
> then I can reproduce the problem if I just run `klee program.bc`
>
> I suspect it's to do with the fact `getpwuid()` returns a pointer to
> "real memory" which does not point to anything in KLEE's own model of
> the memory (i.e. the address space of the program under).
>
> To fix this you need not call `getpwuid()` as an external function but
> instead call it from klee-uclibc so that it can be symbolically
> executed.
>
> If you run
>
> ```
> klee -libc=uclibc program.bc
> ```
>
> no out of bounds access is reported.
>
> HTH,
> Dan.
>
___
klee-dev mailing list
klee-dev@imperial.ac.uk
https://mailman.ic.ac.uk/mailman/listinfo/klee-dev