search

moralismercatus / crete

Open source concolic testing tool for binaries
1 stars 1 forks source link

crete_make_symbolic only present once in IR/bitcode despite two calls from code #90

Closed moralismercatus closed 9 years ago

moralismercatus commented 9 years ago

For this test:

int harness(int argc, char* argv[])
{
    (void)argc;
    (void)argv;

    size_t size;
    char buf[3];

    crete_make_concolic(&size, sizeof(size), "size");
    crete_make_concolic(buf, sizeof(buf), "buf");

    crete_assume(size <= 3); // Assume size is always less than or equal to 3.

    if(size == 0)
      return 0;
    else if(size == 1)
      printf("arg 1: %c\n", buf[0]);
    else if(size == 2)
      printf("arg 2: %c\n", buf[1]);
    else
      printf("arg n: %c\n", buf[2]);
    return 0;
}

Check the dumped IR or LLVM. It's only got one call to crete_make_symbolic. It should have two calls.

moralismercatus commented 9 years ago

This is an invalid ticket. Lapse of reason. What's happening is that the TB is being called twice, but, of course, is only dumped once. I feel like I've made this mistake before...