Hi,
On Mon, 2 May 2022 09:50:23 +0200
Niklaus Leuenberger wrote:
> For this I have written following KLEE harness:
> ---
> #include "klee/klee.h"
> #include "buggy_api.h"
> int main(void) {
> for (int i = 0; i < 2; ++i) { // sequentially call 2 APIs
> int f_select = klee_choose(2);
Hi Niklaus,
There is no obvious improvement to recommend for the general case. Of
course, search heuristics have an important influence on which API
sequences are explored first. There is also a lot of research into this
problem: I would recommend Randoop
Hello klee-dev members,
I'm currently testing out a few approaches on how to test and fuzz a
stateful C API. In the process thereof I found KLEE and am fascinated
by it. I managed to get it to work and am now asking if my approach is
ok or if it has some major drawbacks or problems.
Let's
