klee-replay fails to run with -sym-arg and bitcode with klee_make_symbolic call
Hripsime-H opened this issue · comments
I run KLEE on the following C example (ex.c)
#include <stdio.h>
#include "klee/klee.h"
int main (int argc, char** argv) {
if (argc < 2) {
printf("case1");
}
if (argv[1][2] == 'c') {
printf("case2");
}
int a;
klee_make_symbolic(&a, sizeof(a), "a");
if (a == 1) {
printf("case3");
}
else {
printf("case4");
}
}
I compiled to bitcode using the following command
clang -emit-llvm -c ex.c -I include -S -o argument.ll
I compiled the executable using the following command
clang ex.c -L build/lib/ -I include -o argument.out -lkleeRuntest
I ran KLEE using the following command
klee -posix-runtime argument.ll -sym-arg 5
Output:
KLEE: NOTE: Using POSIX model: /home/skywalker/Documents/klee_project/klee_org/build/runtime/lib/libkleeRuntimePOSIX64_Debug+Asserts.bca
KLEE: output directory is "/home/skywalker/Documents/klee_project/klee_org/klee-out-0"
KLEE: Using Z3 solver backend
KLEE: Deterministic allocator: Using quarantine queue size 8
KLEE: Deterministic allocator: globals (start-address=0x7f85cfdf3000 size=10 GiB)
KLEE: Deterministic allocator: constants (start-address=0x7f834fdf3000 size=10 GiB)
KLEE: Deterministic allocator: heap (start-address=0x7e834fdf3000 size=1024 GiB)
KLEE: Deterministic allocator: stack (start-address=0x7e634fdf3000 size=128 GiB)
KLEE: WARNING: undefined reference to function: printf
KLEE: WARNING: undefined reference to function: strlen
KLEE: WARNING: undefined reference to function: strncmp
KLEE: WARNING ONCE: Alignment of memory from call "malloc" is not modelled. Using alignment of 8.
KLEE: WARNING ONCE: calling external: syscall(4, 140203299647488, 139020841463808) at runtime/POSIX/fd.c:530 12
KLEE: WARNING ONCE: calling __klee_posix_wrapped_main with extra arguments.
KLEE: WARNING ONCE: calling external: printf(140204851539968) at [no debug info]KLEE: done: total instructions = 1962
KLEE: done: completed paths = 4
KLEE: done: partially completed paths = 0
KLEE: done: generated tests = 4
case2case3case4case4case3
Then I tried to replay test000001.ktest with klee-replay and it gave " KLEE_RUN_TEST_ERROR: object name mismatch. Requesting "a" but returning "arg00" "
KTEST_FILE=/absalute/path/to/klee-last/test000001 klee-replay argument.out /absalute/path/to/klee-last/test000001.ktest
Output:
KLEE-REPLAY: NOTE: Test file: /absalute/path/to/klee-last/test000001.ktest
KLEE-REPLAY: NOTE: Arguments: "argument.out" ""
KLEE-REPLAY: NOTE: Storing KLEE replay files in /tmp/klee-replay-REor8k
KLEE_RUN_TEST_ERROR: object name mismatch. Requesting "a" but returning "arg00"
KLEE-REPLAY: NOTE: EXIT STATUS: ABNORMAL 1 (0 seconds)
KLEE-REPLAY: NOTE: removing /tmp/klee-replay-REor8k
ktest-tool klee-last/test000001.ktest
ktest file : 'klee-last/test000001.ktest'
args : ['argument.ll', '-sym-arg', '5']
num objects: 2
object 0: name: 'arg00'
object 0: size: 6
object 0: data: b'\x00\x00\x00\x00\x00\x00'
object 0: hex : 0x000000000000
object 0: text: ......
object 1: name: 'a'
object 1: size: 4
object 1: data: b'\x01\x00\x00\x00'
object 1: hex : 0x01000000
object 1: int : 1
object 1: uint: 1
object 1: text: ....
@Hripsime-H thanks for your report. Right now, KLEE does not support replaying a test involving both symbolic arguments/files and klee_make_symbolic (or similar) calls. I have marked this issue as a feature request.
@ccadar thank you for your reply. I'll try to solve it and open a pull request.