[klee-dev] identify multiple executions of the same branch instruction
Qiao Kang
qiaokang1213 at gmail.com
Sat Jul 27 18:40:55 BST 2019
Hi,
I'm hacking KLEE to run a program that has an N-iteration loop and an
if-else branch inside the loop. The if-else branch will be hit for multiple
times. I'm trying to capture each branch instruction and identify if it is
executing this particular if-else branch, i.e., this particular line of
code.
For instance:
// N is constant
loop N times:
if (cond):
// do something, might change cond
else
// do something else, might change cond
Along the execution, this if-else branch will be hit multiple times. How do
I capture all executions of this branch and identify them that they are all
from this if-else branch, but not other code? A simple use case would be to
count how many times this if-else branch was hit along the execution.
I now can hijack all branch instructions in Executor::executeInstruction,
it has a switch case called "Instruction::Br". I can also extract the
corresponding path constraint (i.e., cond). However, I don't know how to
identify which if-else branch they are executing. Note that this cond is
subject to change, so I cannot simply use this cond as the key to classfity
them. One the other hand, the line of code would be an appropriate key. Can
we extract code line information?
Any advice will be greatly appreciated!
Thanks,
Qiao
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the klee-dev
mailing list