[klee-dev] Bugs found by KLEE (or symbolic execution in general)

Sean Heelan seanheelan at gmail.com
Sun Dec 4 22:56:35 GMT 2016


Hi all,

I'm investigating the impact of some modifications to KLEE and would like
to tell whether or not those modifications negatively impact KLEEs bug
finding ability on real world code. Is there a list somewhere of bugs that
have either been found by KLEE, or that could have been found by KLEE? I
can of course use the issues in coreutils and busybox from the OSDI 2008
paper, but more targets would also be great.

Failing a list, and KLEE-specific results, if anyone on the list has bugs
they've managed to find (or refind) with KLEE or any sym. exec. tool that
would also be very useful!

Cheers,
Sean
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the klee-dev mailing list