ccadar
commented
2 months ago @Deep-Cold how do you run KLEE? Have you enabled support for C++? Note the "calling external" message in the output.
Open Deep-Cold opened 2 months ago
ccadar
commented
2 months ago @Deep-Cold how do you run KLEE? Have you enabled support for C++? Note the "calling external" message in the output.
Deep-Cold
commented
2 months ago Thanks @ccadar, we actually installed KLEE with C++ support enabled. But the calling external message still exists referencing to std::nothrow. Is there any other additional options in running commands we need to enable?
The compiling and execution commands we used are below:
clang++ -emit-llvm -c -g tmp.cpp -o tmp.bc -I ./klee/include
klee tmp.bc@Deep-Cold I can't reproduce this behaviour, can you try the latest version of KLEE?
Deep-Cold
commented
2 months ago @ccadar I change my klee version
KLEE 3.2-pre (https://klee-se.org/)
Build mode: RelWithDebInfo (Asserts: ON)
Build revision: 4a4d75cc1331beae7f7f81b5fbc34caccfa0fa7b
Ubuntu LLVM version 13.0.1
Optimized build.
Default target: x86_64-pc-linux-gnu
Host CPU: goldmontThe issue still exist. Maybe I pasted the wrong original code. The issue appears on the code below.
#include <new>
#include "klee/klee.h"
int main()
{
auto ptr = new (std::nothrow) uint8_t[256]();
return 0;
}And the result is:
KLEE: Using STP solver backend
KLEE: SAT solver: CryptoMiniSat
KLEE: Deterministic allocator: Using quarantine queue size 8
KLEE: Deterministic allocator: globals (start-address=0x7f09897fc000 size=10 GiB)
KLEE: Deterministic allocator: constants (start-address=0x7f07097fc000 size=10 GiB)
KLEE: Deterministic allocator: heap (start-address=0x7e07097fc000 size=1024 GiB)
KLEE: Deterministic allocator: stack (start-address=0x7de7097fc000 size=128 GiB)
KLEE: WARNING: undefined reference to variable: _ZSt7nothrow
KLEE: WARNING: undefined reference to function: _ZnamRKSt9nothrow_t
KLEE: WARNING ONCE: calling external: _ZnamRKSt9nothrow_t(256, 139679475154944) at tmp.cpp:6 16
KLEE: ERROR: runtime/Freestanding/memset.c:15: memory error: out of bound pointer
KLEE: NOTE: now ignoring this error at this location
KLEE: done: total instructions = 36
KLEE: done: completed paths = 0
KLEE: done: partially completed paths = 1
KLEE: done: generated tests = 1
When running the test program below, KLEE will generate a single path with the ERROR. If the similar sentence appears in a complex program, KLEE will also generate a single path, which is not a normal behavior.
And the issue will disappear if I delete either (std::nothrow) or the initialization parentheses.
The running log will become the texts below.
If I delete (std::nothrow):
The log will become:
The current version of KLEE I used is 3.0 with LLVM version 13.0.1