Questions tagged [klee]

KLEE: Unassisted and Automatic Generation of High-Coverage, is a symbolic virtual machine built on top of the LLVM compiler infrastructure

KLEE is a symbolic execution tool, capable of automatically generating tests that achieve high coverage on a diverse set of complex and environmentally-intensive programs, KLEE could also be used as a bug finding too.

Home page

KLEE publication

64 questions

vote

1 answer

Is this how to test a stateful API with klee symbolic execution?

I'm currently testing out a few approaches on how to test and fuzz a C API. In the process thereof I found KLEE which runs the code symbolically, meaning that it tries to cover all branches that depend on some symbolic input and checks for all sorts…

c testing klee symbolic-execution

asked Apr 01 '22 at 09:55

NikLeberg

vote

1 answer

Undefined reference to klee when building s2e

I'm trying to start a new prject and build s2e in a new directory. But at arounf the 100% mark, it gives me an undefined reference error. The relevant part (imo) is this: [ 92%] Linking CXX executable…

cmake makefile llvm reverse-engineering klee

asked Jan 19 '22 at 03:52

mrZ

vote

0 answers

LLVM interate over the content of a structure accessed through pointer in KLEE code

I am quite new to LLVM and KLEE and I am trying to understand whether it is possible to access the content of a structure that is referred to by a pointer. The code I am working on is quite long and complicated, but the problem is the following: In…

c++ struct llvm klee

asked Nov 07 '20 at 04:45

fabCic

vote

2 answers

Can the return value of a function call be made symbolic so as to bypass executing that function?

I want avoid doing inter-procedural symbolic execution. Perhaps have a return value that would not have any constraints and might resolve to any possible concrete value. Is something like this even possible? The reason I want to do this is that I…

klee

asked Jul 05 '18 at 17:43

pizzaEatingGuy

vote

1 answer

Z3 infinite loop from KLEE

I have a modified version of KLEE and an essentially simple query like (assert (= 173 (str.len "OREN"))) (meant to be false). When I invoke the Z3 solver I get stuck in an infinite loop (haven't waited forever though :]) inside the following while…

z3 klee

asked Nov 16 '17 at 14:30

OrenIshShalom

5,974
9
37
87

vote

1 answer

checking C LLVM Bitcode compiler works... /xxx/llvm-3.4/Release+Asserts/bin/llvm-dis: Invalid type for value

This error appears when I try to install LLVM 3.4 before installing Klee. The sources code is downloaded from LLVM official website and decompressed to a separate file from Klee. Makefile in llvm-3.4 directory is used to build LLVM. To build Klee,…

linux ubuntu llvm klee

asked Jul 10 '17 at 10:25

Yushan ZHANG

vote

1 answer

klee on c++14 programs

As I have understood, I can not use klee on programs in C++14, as llvm-3.4 does not support it. However, I would like to know if there is any way, trick, experimental version, etc, which would allow me use klee on c++14 programs.

c++ llvm c++14 klee

asked Aug 15 '16 at 13:56

lrleon

2,610
3
25
38

vote

2 answers

how does klee check verify the test pass or fail?

I have read the klee tutorial at Klee tutorial. It's pretty simple and straight forward. However, when I check files that generated by the test at KLEE generated files, I have not found any file tell me whether the test pass or fail? There could be…

llvm autotest klee

asked Jun 18 '16 at 04:46

Max Li

vote

1 answer

How can I tell if the variable involed in a instruction in KLEE is symbolic or concrete

I want to know if there is a way to tell if a variable is symbolic or not in KLEE when KLEE is executing an instruction involving the variable.

variables concrete klee

asked Mar 17 '16 at 17:16

sumit

vote

1 answer

Can symbolic execution tool KLEE run in parallel?

According to their paper (OSDI'08), symbolic execution tool KLEE needs about 1 hour to generate test cases for a single COREUTIL application. I am wondering if it can run in parallel?(say, multi-threaded on multicore or even GPU)?

debugging static-analysis symbolic-computation klee

asked Dec 09 '15 at 17:01

JackWM

10,085
22
65
92

vote

1 answer

KLEE: Unexpected error about inline assembly

I was playing around with KLEE recently. I followed the document "Building KLEE (LLVM 3.4)" and successfully ran all the examples in the tutorial. However, when running my own program using KLEE: $ klee -load=/usr/lib/x86_64-linux-gnu/libssl.so…

linux assembly openssl uclibc klee

asked Nov 14 '15 at 15:42

h1994st

vote

1 answer

How to resolve the KLEE installation error? Related to "subprocess.py"

I am installing KLEE with the following instructions from http://klee.github.io/getting-started/ I have come to the Step 04: ./configure --make-llvm-lib However, when I run the command, the following error shows up: INFO:Disabling assertions …

python klee

asked Jun 05 '15 at 14:13

user4978349

vote

1 answer

Klee with stp vs. Klee with other sat solver

Klee uses STP as its constraint solver, but theoretically it is possible to change its solver. STP does not allow floating point operations. If we decide to replace STP with another constraint solver, say z3, would klee be able to generate floating…

llvm klee

asked May 11 '15 at 23:25

Madrugada

1,261
8
24
44

vote

1 answer

How to run klee with jdk?

I am new to KLEE, I want to run klee tool in java can you please tell me is it possible to run KLEE in java ? it yes, please show me some tutorials.

java klee

asked Jan 02 '15 at 10:06

Balayesu Chilakalapudi

1,386
3
19
43

vote

1 answer

no working LLVM bitcode compiler

I need to build KLEE on my Ubuntu 12.04. I followed KLEE website's instructions step by step. I had LLVM 2.9 built. But when I need to install klee-uclibc, and in the process of configuring, it complained that it failed to find a working LLVM…

llvm klee

asked Nov 26 '14 at 14:14

Wei Wen

Prev 1

3 4 5 Next