Questions tagged [klee]

KLEE: Unassisted and Automatic Generation of High-Coverage, is a symbolic virtual machine built on top of the LLVM compiler infrastructure

KLEE is a symbolic execution tool, capable of automatically generating tests that achieve high coverage on a diverse set of complex and environmentally-intensive programs, KLEE could also be used as a bug finding too.

Home page

KLEE publication

57 questions

votes

2 answers

Limits of Klee (the LLVM program analysis tool)

http://klee.llvm.org/ is a program analysis tool that works by symbolic execution and constraint solving, finding possible inputs that will cause a program to crash, and outputting these as test cases. It's an extremely impressive piece of…

asked Apr 21 '11 at 10:11

rwallace

26,045
30
102
195

votes

1 answer

How to force gcov to extract data, even when program is aborted

I'm using a test-generating tool called KLEE, that creates lots of tests for my C99-Code. Afterwards I run the tests and check line coverage with gcov. Gcov seems to update coverage data at the end of the run upon successful completion. However,…

c gcov klee

asked Jul 14 '11 at 20:47

Henning

votes

0 answers

klee .bca files missing

I followed http://klee.llvm.org/GetStarted.html when installing Klee over my LLVM 2.9 (as required), meaning : Install dependencies DONE export C_INCLUDE_PATH=/usr/include/i386-linux-gnu/ DONE export CPLUS_INCLUDE_PATH/usr/include/i386-linux-gnu/…

llvm klee

asked Jan 31 '13 at 21:04

user2022455

votes

0 answers

Using KLEE to derive call-graph(s) from test case(s)

Each generated test amounts to a path, and I'm interested in obtaining information on the functions called along each path, and from there obtain a call graph as the union of paths for all test. This should render a subset of the complete…

llvm call-graph klee

asked Dec 05 '18 at 15:49

user3434838

votes

0 answers

How to translate intrinsics to a legacy architecture?

I want to run klee on a performance optimized code, that uses various instruction set extensions, like sse2, sse4.1. Unfortunately llvm-3.4 interpreter does not support them: LLVM ERROR: Code generator does not support intrinsic function…

clang llvm intrinsics llvm-clang klee

asked Mar 06 '15 at 13:50

Necto

2,454
1
17
40

votes

1 answer

KLEE WARNINGS and no inputs generated

I am new in KLEE. I had installed klee, followed the instructions correctly. if i run program from tutorial: int get_sign(int x) { if (x == 0) return 0; if (x < 0) return -1; else return 1; } int main() { int a; klee_make_symbolic(&a,…

c llvm llvm-gcc klee

asked Mar 03 '13 at 17:58

Urmas Repinski

votes

3 answers

KLEE for C++ code that uses pthreads

I am a beginner trying to use KLEE. I am using the KLEE self contained package to on a C++ program that uses pthreads. I have generated a .o file and used KLEE with the following option klee --libc=uclibc --posix-runtime test.o But i see i get…

llvm klee

asked Jan 07 '13 at 16:56

Dimurali

votes

0 answers

How to find path conditions in KLEE? Ideally, how to find path conditions of longest/shortest paths

I am in my dock container exploring the toy "get_sign.c" program that KLEE comes with. I want to explore the different paths of the symbolic calculation executed when I do: clang -I ../../include -emit-llvm -c -g get_sign.c I can see the values the…

symbolic-math klee

asked Jan 06 '19 at 21:01

Mike

votes

0 answers

Main Function not Found in the Bitcode file generated by compiling haskell with LLVM

I want to run klee on the .bc file generated by compiling haskell file with ghc frontend and llvm backend. I have following code in my haskell hello.hs file: main = putStrLn "Hello World!" I compile hello.hs with ghc using following command ghc…

haskell llvm ghc llvm-ir klee

asked Oct 02 '17 at 03:45

user7235699

votes

0 answers

LLVM: How to use LoopInfoPass and ScalarEvolutionPass in CallGraphSCC-Pass?

I want to use LoopInfoPass in the runOnSCC() method of a pass derived from CallGraphSCC-Pass. More specifically, I want to judge whether a basicblock is in a loop or not in the runOnSCC() method. So, the code should be like: LoopInfo &lf =…

llvm static-analysis klee

asked Aug 11 '15 at 07:08

Justme0

votes

0 answers

How does KLEE model memory?

http://www.doc.ic.ac.uk/~dsl11/klee-doxygen/overview.html I'm trying to model memory for binaries and so I would like to see how KLEE handles it. However, I am having trouble understanding the explanation from the overview. Can I get an easier…

symbolic-computation klee

asked May 04 '14 at 19:08

drum

4,403
6
45
76

votes

1 answer

Error while running cloud9 "error: ld terminated with signal 11"

I am trying to run the cloud9 application on ubuntu. However make command is giving me error llvm[2]: Linking Release+Asserts executable klee (without symbols) collect2: error: ld terminated with signal 11 [Segmentation fault], core dumped make[2]:…

llvm cloud9-ide binutils klee

asked Mar 31 '14 at 18:21

user2805242

votes

1 answer

run using KLEE error

I am new to Klee, so I started to make the tutorials. If for compilation I use: llvm-gcc --emit-llvm -c -g get_sign.c and then I try to run using klee get_sign.o I get the error : KLEE: ERROR: error loading program 'get_sign.o': Invalid…

klee

asked Jan 22 '13 at 13:11

Alex

votes

1 answer

klee with loops strange behaviour with similar code

I have a question about how is working KLEE (symbolic execution tool) in case of loops with symbolic parameters: int loop(int data) { int i, result=0; for (i=0;i

llvm-gcc klee symbolic-computation

asked Oct 17 '12 at 12:25

user1753101

vote

0 answers

LLVM interate over the content of a structure accessed through pointer in KLEE code

I am quite new to LLVM and KLEE and I am trying to understand whether it is possible to access the content of a structure that is referred to by a pointer. The code I am working on is quite long and complicated, but the problem is the following: In…

c++ struct llvm klee

asked Nov 07 '20 at 04:45

fabCic

2 3 4 Next