Execution sometimes arrives at s2e::S2EExecutor::updateStates when no more states to execute exist. Normally, the execution should have terminated at s2e::S2EExecutor::selectNonSpeculativeState before. This seems to be a race condition between the thread executing the main loop, and the timer callback picking the next symbolic state to run.
#0 0x00007ffff59d5c37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff59d9028 in __GI_abort () at abort.c:89
#2 0x00007ffff59cebf6 in __assert_fail_base (fmt=0x7ffff5b1f3b8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=assertion@entry=0x555556e59082 "(!states.empty() || !addedStates.empty()) && \"No more states to schedule\"",
file=file@entry=0x555556e58006 "/home/vagrant/projects/news2e/qemu/s2e/S2EExecutor.cpp", line=line@entry=1906,
function=function@entry=0x555556e590cc "void s2e::S2EExecutor::updateStates(klee::ExecutionState *)") at assert.c:92
#3 0x00007ffff59ceca2 in __GI___assert_fail (assertion=0x555556e59082 "(!states.empty() || !addedStates.empty()) && \"No more states to schedule\"",
file=0x555556e58006 "/home/vagrant/projects/news2e/qemu/s2e/S2EExecutor.cpp", line=1906, function=0x555556e590cc "void s2e::S2EExecutor::updateStates(klee::ExecutionState *)") at assert.c:101
#4 0x00005555559faaa2 in s2e::S2EExecutor::updateStates (this=0x555559cba840, current=0x555559530930) at /home/vagrant/projects/news2e/qemu/s2e/S2EExecutor.cpp:1906
#5 0x00005555559ff716 in S2EExecutor_ExecuteTranslationBlock (self=0x555559cba840, cpu=0x5555592e8590, tb=0x7ffff19461f0) at /home/vagrant/projects/news2e/qemu/s2e/S2EExecutor.cpp:2950
#6 0x00005555557b0227 in cpu_arm_exec (cpu=0x5555592e8590) at /home/vagrant/projects/news2e/qemu/cpu-exec.c:547
#7 0x00005555557eace9 in tcg_cpu_exec (cpu=0x5555592e8590) at /home/vagrant/projects/news2e/qemu/cpus.c:1570
#8 0x00005555557ea9c6 in tcg_exec_all () at /home/vagrant/projects/news2e/qemu/cpus.c:1603
#9 0x00005555557ea8a0 in qemu_tcg_cpu_thread_fn (arg=0x5555592e8590) at /home/vagrant/projects/news2e/qemu/cpus.c:1203
#10 0x00007ffff68e0184 in start_thread (arg=0x7ffff1945700) at pthread_create.c:312
11 0x00007ffff5a9937d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
Execution sometimes arrives at s2e::S2EExecutor::updateStates when no more states to execute exist. Normally, the execution should have terminated at s2e::S2EExecutor::selectNonSpeculativeState before. This seems to be a race condition between the thread executing the main loop, and the timer callback picking the next symbolic state to run.
11 0x00007ffff5a9937d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111