[klee-dev] How to use KLEE to get the stack information of each test case?
Frank Busse
f.busse at imperial.ac.uk
Wed Dec 8 11:01:57 GMT 2021
Hi,
On Tue, 2 Nov 2021 21:12:47 +0800
rongze xv <xxurongze at gmail.com> wrote:
> I would like to ask: Is it possible to get the stack trace or the
> execution path of each test case (similar to the stack information in
> the xx.ptr.err file) during the process of generating test cases in
> KLEE? (If I need to modify the code, which part should I start with?)
KLEE has --write-paths and --write-sym-paths flags to write path
information but I've never used those and they are afaik unmaintained.
Another possibility is to replay the test case and log the instructions.
If you want to write stack information for early terminated paths, you
just need to adapt Executor::terminateStateEarly() and include some code
from Executor::terminateStateOnError() for the trace dump.
In case you decide to add your own tracking to an execution state, you
obviously have to modify the branch instructions and then dump the
information either in one of the terminate...() functions or in
processTestCase() (klee/main.cpp).
Kind regards,
Frank
More information about the klee-dev
mailing list