[klee-dev] Why KLEE still symbolic executing program after reaching max-fork?
XIE Xuan
lebron716 at outlook.com
Mon May 25 18:06:24 BST 2020
More specifically, in Executor.cpp function fork() line 941(https://github.com/klee/klee/blob/fc50ab32349a4cc61980ba5b97bfa7c3961ce964/lib/Core/Executor.cpp#L941) KLEE will always check the satisfiability at first, then KLEE check whether reach max fork limit until line 975(https://github.com/klee/klee/blob/fc50ab32349a4cc61980ba5b97bfa7c3961ce964/lib/Core/Executor.cpp#L975) That is the point I don’t understand.
Thanks for any help!
From: <klee-dev-bounces at imperial.ac.uk> on behalf of XIE Xuan <lebron716 at outlook.com>
Date: Monday, May 25, 2020 at 11:32 AM
To: "klee-dev at imperial.ac.uk" <klee-dev at imperial.ac.uk>
Subject: [klee-dev] Why KLEE still symbolic executing program after reaching max-fork?
Hi all,
I am reading KLEE’s source code and find that if I set “-max-fork=n” when KLEE reach its fork limit n, it will still symbolic executing the program. In my understanding, when KLEE stops forking, there is no need to invoke SMT solver to check which branch is reachable or not, therefore it is also unnecessary to symbolic executing the program in order to set up more constraints. Thus I would like to know why KLEE not concretely running the program after reaching fork limit?
Thanks!
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the klee-dev
mailing list