Age | Commit message (Collapse) | Author |
|
This instrinsic detects whether the program is being executed
symbolically or concretely (i.e., using the libkleeRuntest library).
The intended usage (illustrated in the test program) is to
allow the test program to display the input values by invoking
any libraries it wants to.
This is especially valuable if you are constructing complex,
structured values and for languages like Rust (or C++) that have
rich libraries and print libraries.
For example, you might pick a symbolic value N with the
assumption "0 <= N < 10" and then pick N symbolic
values and write them to an array.
The resulting ktest file is a bit hard to understand compared with the
output of the standard print function in Rust/C++.
|
|
|
|
|
|
|
|
to function names.
|
|
|
|
Hoist increment of `sc` into the loop header.
Memory locations can only be written to if they are writeable.
Avoid concretising a value by writing it. If the location is not symbolic in the first place.
This avoids writing read-only memory locations.
|
|
glibc 2.30 moved definition of getdents64 to dirent_ext.h. Hence, it
became visible to us (via dirent.h) and conflicts with our definition:
runtime/POSIX/fd_64.c:112:5: error: conflicting types for 'getdents64'
int getdents64(unsigned int fd, struct dirent *dirp, unsigned int count) {
^
/usr/include/bits/dirent_ext.h:29:18: note: previous declaration is here
extern __ssize_t getdents64 (int __fd, void *__buffer, size_t __length)
We use the parameters defined by kernel, not by userspace (libc). Both
glibc and uclibc define it as:
ssize_t __getdents64 (int fd, char *buf, size_t nbytes)
so follow it.
|
|
|
|
|
|
|
|
|
|
consistent naming convention
|
|
|
|
|
|
|
|
|
|
|
|
Otherwise optimizations done in klee won't have any effect.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
|
|
* also adds klee-replay as dependency for systemtests
|
|
add a corresponding check.
|
|
test.
|
|
To enable the POSIX support, the former implementation instrumented the
main function and inserted a call to `klee_init_env` at the beginning.
This has multiple disadvantages:
* debugging information was not correctly propagated leaving the call to
`klee_init_env` without debug information
* the main function always required `int arg, char**` as part of the
function definition of `main`
Based on the new linking infrastructure, we can now add an additional
wrapper `__klee_posix_wraper(int, char**)` that gets always called when
POSIX support is enabled. It executes `klee_init_env` and after that
calls the `main` function.
Enabling POSIX support only requires the renaming of the user provided
`main` into `__klee_posix_wrapped_main` in addition to linking.
|
|
Fixes #46 and reverts #47. As stated in #46, the solution works for
musl, glibc etc. However, the code in stub.c is executed by uclibc
and uclibc doesn't allocate the target buffer in realpath. The
memory error occured while running df for 10min with DFS.
|
|
klee_make_symbolic. Changed a test case to check this feature.
|
|
|
|
Link intrinsic library before executing optimizations.
This makes sure that any optimization run by KLEE on the module
is executed for the intrinsic library as well.
Support .ll files as input for KLEE as well.
|
|
Strictly differentiate between the following type of libraries:
* FreeStanding: contains minimal amount of methods a compiler would expect
* klee-libc: contains a minimal libc implementation
* POSIX: contains a POSIX layer that can be used on top of a libc implementation
* Intrinsic: contains additional runtime functions which provide KLEE-specific functionalities, (e.g. checks)
Builds always archives instead of single modules.
This allows to reduce linked-in dependencies of tested applications.
|
|
|
|
If an external function in KLEE is invoked, it might update errno.
Previously, the errno specific variable in a state was only updated
if it was part of the executed instructions.
That opened up a timeframe that increased the likelihood of errno being
overwritten by another method call.
This patch fixes two issues:
* the errno of the KLEE process state is updated before the external
function call allowing to detect changes to it later on
* after the external call, the memory object of errno is directly
updated
with its new value, reducing the likelihood to be overwritten by
another
call
Additional features:
* Add support for `errno()` for Darwin as well.
* Simplified errno handling in POSIX layer
|
|
options. Make klee_abort() call abort() in replay, and removed trivial test which cannot be easily integrated into the test suite.
|
|
corresponding tests
|
|
This target invokes the `clean` target but is also intended for use by
other cleaning targets. The `clean_runtime` target is now declared as a
dependency of `clean-all` so that the runtime is cleaned as well.
|
|
configuration, TravisCI scripts and Dockerfile build appropriately.
There are a bunch of clean ups this enables but this commit doesn't
attempt them. We can do that in future commits.
|
|
This was introduced when we added the --readable-posix-inputs option.
|
|
|
|
provide a better error message (and stop earlier) when no C source
files are found.
|
|
archive/modules when the list of source files that constitute it
changes.
To fix this a file is written in the build directory that contains
the list of `.bc` files. This file is updated whenever the list of
`.bc` files for a module changes and then the rule that builds the
module/archive depends on that file.
This fixes a bug reported by @ccadar in #718.
|
|
to clean the runtime build.
Unfortuantely there is no way to have the `clean` target trigger the
`clean_runtime` target unfortunately.
|
|
`ExternalProject_Add_Step()` so that when using Ninja the output of the
bitcode build system is shown immediately.
|
|
This fixes a bug in the bitcode build system where the build would
fail if the build directory was a symbolic link (i.e. create a symbolic
link for the root of the build tree and try to do the build in that
directory).
The problem was that `DIR_SUFFIX` implicitly assumed that there was
only one way to refer to the build tree which is an incorrect assumption
in the presence of symbolic links. This has been fixed by using the
`$(realpath)` GNU make built in to resolve all symbolic links.
An additional sanity check has been added to check that `SRC_DIR`
exists.
|
|
runtime: POSIX, make it compile with glibc 2.25
|
|
clang warns about check-after-use in POSIX runtime:
runtime/POSIX/fd.c:573:17: warning: nonnull parameter 'path' will evaluate to 'true' on first r [-Wpointer-bool-conversion]
(path ? __concretize_string(path) : NULL),
^~~~ ~
path is dereferenced in __get_sym_file before this check. So add a check
to __get_sym_file and handle NULL appropriatelly by returning NULL too.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
|
|
With glibc 2.25, we see:
runtime/POSIX/stubs.c:243:14: error: conflicting types for 'gnu_dev_major'
unsigned int gnu_dev_major(unsigned long long int __dev) __attribute__((weak));
^
/usr/include/sys/sysmacros.h:79:27: note: previous definition is here
__SYSMACROS_DEFINE_MAJOR (__SYSMACROS_IMPL_TEMPL)
^
Glibc 2.25 switched from ULL to dev_t for gnu_dev_major, gnu_dev_minor,
and gnu_dev_makedev. Handle by using an appropriate type according to
the glibc version.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
|
|
Modify scripts and a test to allow ASan/UBSan builds.
|
|
Signed-off-by: Levente Kurusa <levex@linux.com>
|
|
with ASan.
|
|
Previously error messages would be emitted but execution would continue
which might not be desirable.
Now a wrapper function (for fprintf) `report_internal_error()` is used
which will cause the program to exit. The older behaviour of continuing
to execute after an error can be achieved by setting a new environment
variable `KLEE_RUN_TEST_ERRORS_NON_FATAL`.
This commit also adds a test for each error case.
|
|
If KLEE generates ktest files with `--posix-runtime` then if replaying
using libkleeRuntest then replay would be incorrect because the
`model_version` object would be unintentionally used during replay.
For now just skip over that object and try the next one.
Also emit a warning if the object names don't match.
|
|
test is marked XFAIL because there is a bug in the implementation
of `libkleeRuntest`.
Quite a few changes had to be made to the lit configuration in
order to support these tests.
To run the tests I had to fix #480 for the autoconf/Makefile build
system otherwise the `libkleeRuntest` library would not be found
by the system linker at runtime.
|