[klee-dev] How to implement the lazy memory allocation in KLEE?
buka
sei_wk at 126.com
Tue May 9 09:37:08 BST 2017
Dear all,
In klee, the memory should be allocated before its running. E.g., if we have a pointer p, then its initialization code could be
int p_instance;
klee_make_symbolic(&p_instance,sizeof(int),'p');
where int*p=&p_instance;
or,
int*p=malloc(sizeof(int));
klee_make_symbolic(p,sizeof(int),'p');
This causes the problem that we cannot deal with the complex, pointer-rich data such as a chained list in klee. E.g., the following
is a node structure. While running klee, its pointer next cannot be allocated automatically.
struct point{
int x;
struct point*next;
};
In the paper "Under-Constrained Symbolic Execution: Correctness Checking for Real Code, 24th USENIX Security Symposium 2015",
it introduced the UC-KLEE which can handle such situation and mentioned a technique named "Lazy initialization" (see section 2.1).
I want to know where can I get the release version of UC-KLEE? Or, how to implement this technique in klee?
Thanks a lot.
-Buka
【网易自营|30天无忧退货】德国Birkenstock制造商“经典软木凉拖”限时仅69.9元>>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the klee-dev
mailing list