Giters

klee / klee

KLEE Symbolic Execution Engine

Home Page:https://klee-se.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Klee crashes on Rust Hello World program

nano-o opened this issue · comments

commented

Hello,

I built klee against LLVM 12. Then I ran klee on a bc file produced by rustc version 1.63, also built with LLVM 12. The original program is a simple Hello World program.
klee --libc=klee --warnings-only-to-file target/release/deps/my_test*.bc
I was expecting klee not to crash, but this is what happened:

KLEE: output directory is "/home/user/test-2/target/release/deps/klee-out-6"
KLEE: Using Z3 solver backend
warning: Linking two modules of different target triples: '__cxa_atexit64_Debug+Asserts.bc' is 'x86_64-pc-linux-gnu' whereas 'target/release/deps/my_test-43a0438413d8e099.bc' is 'x86_64-unknown-linux-gnu'

warning: Linking two modules of different target triples: 'abort64_Debug+Asserts.bc' is 'x86_64-pc-linux-gnu' whereas 'target/release/deps/my_test-43a0438413d8e099.bc' is 'x86_64-unknown-linux-gnu'

warning: Linking two modules of different target triples: 'bcmp64_Debug+Asserts.bc' is 'x86_64-pc-linux-gnu' whereas 'target/release/deps/my_test-43a0438413d8e099.bc' is 'x86_64-unknown-linux-gnu'

warning: Linking two modules of different target triples: 'strlen64_Debug+Asserts.bc' is 'x86_64-pc-linux-gnu' whereas 'target/release/deps/my_test-43a0438413d8e099.bc' is 'x86_64-unknown-linux-gnu'

warning: Linking two modules of different target triples: 'dso_handle64_Debug+Asserts.bc' is 'x86_64-pc-linux-gnu' whereas 'target/release/deps/my_test-43a0438413d8e099.bc' is 'x86_64-unknown-linux-gnu'

warning: Linking two modules of different target triples: 'memcpy64_Debug+Asserts.bc' is 'x86_64-pc-linux-gnu' whereas 'target/release/deps/my_test-43a0438413d8e099.bc' is 'x86_64-unknown-linux-gnu'

warning: Linking two modules of different target triples: 'memmove64_Debug+Asserts.bc' is 'x86_64-pc-linux-gnu' whereas 'target/release/deps/my_test-43a0438413d8e099.bc' is 'x86_64-unknown-linux-gnu'

warning: Linking two modules of different target triples: 'memset64_Debug+Asserts.bc' is 'x86_64-pc-linux-gnu' whereas 'target/release/deps/my_test-43a0438413d8e099.bc' is 'x86_64-unknown-linux-gnu'

warning: Linking two modules of different target triples: 'klee_div_zero_check64_Debug+Asserts.bc' is 'x86_64-pc-linux-gnu' whereas 'target/release/deps/my_test-43a0438413d8e099.bc' is 'x86_64-unknown-linux-gnu'

warning: Linking two modules of different target triples: 'klee_overshift_check64_Debug+Asserts.bc' is 'x86_64-pc-linux-gnu' whereas 'target/release/deps/my_test-43a0438413d8e099.bc' is 'x86_64-unknown-linux-gnu'

klee: /home/user/klee/lib/Core/Executor.cpp:1234: const klee::Cell& klee::Executor::eval(klee::KInstruction*, unsigned int, klee::ExecutionState&) const: Assertion `vnumber != -1 && "Invalid operand to eval(), not a value or constant!"' failed.
 #0 0x00007f9cc214d2a1 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/usr/lib/llvm-12/lib/libLLVM-12.so.1+0xd732a1)
 #1 0x00007f9cc214b3a2 llvm::sys::RunSignalHandlers() (/usr/lib/llvm-12/lib/libLLVM-12.so.1+0xd713a2)
 #2 0x00007f9cc214d9ad (/usr/lib/llvm-12/lib/libLLVM-12.so.1+0xd739ad)
 #3 0x00007f9cc0ee1520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x00007f9cc0f35a7c pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x96a7c)
 #5 0x00007f9cc0ee1476 raise (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
 #6 0x00007f9cc0ec77f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
 #7 0x00007f9cc0ec771b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
 #8 0x00007f9cc0ed8e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
 #9 0x000055f9fd42f100 klee::Executor::eval(klee::KInstruction*, unsigned int, klee::ExecutionState&) const /home/user/klee/lib/Core/Executor.cpp:1231:3
#10 0x000055f9fd449405 klee::Executor::executeInstruction(klee::ExecutionState&, klee::KInstruction*) /home/user/klee/lib/Core/Executor.cpp:2404:26
#11 0x000055f9fd44aca0 klee::Executor::run(klee::ExecutionState&) /home/user/klee/lib/Core/Executor.cpp:3525:18
#12 0x000055f9fd44b995 std::__uniq_ptr_impl<klee::PTree, std::default_delete<klee::PTree> >::reset(klee::PTree*) /usr/include/c++/11/bits/unique_ptr.h:179:16
#13 0x000055f9fd44b995 std::unique_ptr<klee::PTree, std::default_delete<klee::PTree> >::reset(klee::PTree*) /usr/include/c++/11/bits/unique_ptr.h:456:12
#14 0x000055f9fd44b995 std::unique_ptr<klee::PTree, std::default_delete<klee::PTree> >::operator=(std::nullptr_t) /usr/include/c++/11/bits/unique_ptr.h:397:7
#15 0x000055f9fd44b995 klee::Executor::runFunctionAsMain(llvm::Function*, int, char**, char**) /home/user/klee/lib/Core/Executor.cpp:4437:17
#16 0x000055f9fd416562 main /home/user/klee/tools/klee/main.cpp:1532:5
#17 0x00007f9cc0ec8d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#18 0x00007f9cc0ec8e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#19 0x000055f9fd422065 _start (/home/user/klee/build/bin/klee+0x38065)
Aborted (core dumped)

The bc file is attached.
my_test-43a0438413d8e099.zip

Output of klee --version:

KLEE 2.3 (https://klee.github.io)
  Build mode: RelWithDebInfo (Asserts: ON)
  Build revision: 879be792870d20a51e26f8f007d24fc0584ee514

Ubuntu LLVM version 12.0.1

  Optimized build.
  Default target: x86_64-pc-linux-gnu
  Host CPU: goldmont
commented

@nano-o Rust is not officially supported by mainline KLEE, but it would be great to support it. You should take a look at Project Oak from Google (https://github.com/project-oak/rust-verification-tools/), which added support for Rust to KLEE. Your code should run correctly there, but let us know if not, by reopening this issue.

If you are interested in contributing that support to mainline KLEE, that would be very welcome.