[klee-dev] Calling runFunctionAsMain more than once

[Shikhar Singh]

Hi All,

I have a use case where I need to call* interpreter->runFunctionAsMain(mainFn,
pArgc, pArgv, pEnvp); *more than once from *main* in main.cpp.
The first call to runFunctionAsMain works fine. However, the second run
generates a out of bounds access error in *klee_init_env.c*. I am unable to
figure
out the reason for this and was hoping to get some insights.

I am working off *d2fbdf7 *and have the following patch.

--- a/tools/klee/main.cpp
+++ b/tools/klee/main.cpp
@@ -56,6 +56,7 @@
 #include <iomanip>
 #include <iterator>
 #include <sstream>
+#include <iostream>


 using namespace llvm;
@@ -1420,6 +1421,8 @@ int main(int argc, char **argv, char **envp) {
       }
     }
     interpreter->runFunctionAsMain(mainFn, pArgc, pArgv, pEnvp);
+    std::cout << "One more run\n";
+    interpreter->runFunctionAsMain(mainFn, pArgc, pArgv, pEnvp);

     while (!seeds.empty()) {
       kTest_free(seeds.back());

*Sample program to demonstrate the issue - *

#include <klee/klee.h>
int run(unsigned int buf_size) {
  if(run > 3) {
    return 7;
  } else {
    return 10;
  }
}

int main(int argc, char* argv[]) {
  int a;
  klee_make_symbolic(&a, sizeof(a), "a");
  return run(a);
}

Klee command - *klee --libc=uclibc --posix-runtime main.bc 32*

Error - KLEE: ERROR:
/home/shelly/klee_vanilla/klee/runtime/POSIX/klee_init_env.c:54: memory
error: out of bound pointer

I would be happy to provide any additional information.
-- 
Live Long & Prosper
-------------- next part --------------
HTML attachment scrubbed and removed