[klee-dev] One question about external dispatcher

Qiuping Yi yiqiuping at gmail.com
Mon Jan 30 15:21:12 GMT 2017


Thanks. You are right. I solved the problem.


Best regards,

Qiuping Yi
Parasol Laboratory
Department of Computer Science and Engineering
Texas A&M University
College Station
TX 77843

On Sat, Jan 28, 2017 at 4:12 AM, Dan Liew <dan at su-root.co.uk> wrote:

> On 27 January 2017 at 04:18, Qiuping Yi <yiqiuping at gmail.com> wrote:
> > Dear all,
> >
> > I encountered a strange problem when testing the next code snippet:
> >
> > 1 if (pw = getpwuid(getuid()) == NULL)
> > 2   return ;
> >
> > 3 .. = pw->pw_dir;
>
> Please use the correct mailing list (klee-dev at imperial.ac.uk) instead
> of the old klee-dev at keeda.stanford.edu mailing list.
>
> It would be better if you provided a small complete example. Like this.
>
> ```
> #include <assert.h>
> #include <pwd.h>
> #include <sys/types.h>
> #include <stdio.h>
> #include <unistd.h>
>
> int main(int arc, char** argv) {
>   struct passwd* pw;
>   uid_t uid = getuid();
>   printf("uid is %d\n", uid);
>   if (pw = getpwuid(getuid()) == NULL) {
>     printf("Failed\n");
>     return 1;
>   }
>   assert(pw && "pw cannot be NULL");
>
>   char* pw_dir = pw->pw_dir;
>   printf("pw_dir: %s\n", pw_dir);
>   return 0;
> }
> ```
>
> Your code is wrong.
>
> if (pw = getpwuid(getuid()) == NULL)
>
> is doing this
>
> if ( pw = ( getpwuid(getuid()) == NULL )
>
> so a pointer is returned by `getpwuid()` and then we compare with NULL
> which is false so then `pw` gets assigned the value zero.
>
> However once I fix your code to
>
> if ((pw = getpwuid(getuid())) == NULL) {
>
> then I can reproduce the problem if I just run `klee program.bc`
>
> I suspect it's to do with the fact `getpwuid()` returns a pointer to
> "real memory" which does not point to anything in KLEE's own model of
> the memory (i.e. the address space of the program under).
>
> To fix this you need not call `getpwuid()` as an external function but
> instead call it from klee-uclibc so that it can be symbolically
> executed.
>
> If you run
>
> ```
> klee -libc=uclibc program.bc
> ```
>
> no out of bounds access is reported.
>
> HTH,
> Dan.
>
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the klee-dev mailing list