The question about std::cin
liushengahn opened this issue · comments
hello,
I build an instrumented C++ standard library to track data. When I use syd::cin in my program, the result appears as shown in the figure.
#include <iostream>
int nested_checking(const char *buff_array)
{
if(buff_array[0] == 'A'){
if(buff_array[1] == 'B'){
if(buff_array[2] == 'M'){
return 4;
}
if(buff_array[2] == 'N'){
return 5;
}
}
else if(buff_array[1] == 'C'){
if(buff_array[2] == 'D'){
if(buff_array[3] == 'E'){
return 5;
}
if(buff_array[3] == 'F'){
return 6;
}
}
else{
return 1;
}
}
}
return 3;
}
int main(int argc,char** argv){
std::string n;
std::cin>>n;
return nested_checking(n.c_str());
}
After symbolic execution, I got a result that starts with A, but there are a lot of redundant results. This would not have happened without std::cin. Also, there are some strategies for string symbolization (Exponential back-off as I saw in Qsym's paper, It only executes blocks whose frequency number is a power of two.)I suspect it may have introduced a loop that produced redundant results.But I'm not sure. I was hoping you could explain why.
Thank you very much. I look forward to your reply.