What’s wrong with this code?

最新推荐文章于 2025-04-22 15:20:48 发布
转载 最新推荐文章于 2025-04-22 15:20:48 发布 · 368 阅读 · 0 ·
CC 4.0 BY-SA版权
原文链接:http://blog.llvm.org
文章标签:

#llvm #clang

本文通过一个有趣的KLEE示例,探讨了符号执行工具如何在程序路径探索中工作。KLEE是一个复杂的工具,用于探索LLVM代码的所有可能路径。文章详细分析了一个案例,解释了为何KLEE仅找到一条路径,并展示了当条件更改为可行整数时,KLEE能正确识别两条路径。

Wednesday, April 7, 2010

What’s wrong with this code?

A user on IRC sent me this interesting KLEE example today, which I thought was cute enough I should post it.

If you aren’t familiar with it, KLEE is a tool for symbolic execution of LLVM code. It is way too complicated to explain here, but for the purposes of this example all you need to know is that it tries to explore all possible paths through a program.

In this case, the user was actually talking to me because he thought there was a bug in KLEE, because it was only finding one path through the code. Here is the example:

$ cat t.c
#include "klee/klee.h"

int f0(int x) {
if (x * x == 1000)
return 1;
else
return 0;
}

int main() {
return f0(klee_int("x"));
}

The idea here is that klee_int("x") creates a new symbolic variable, which can be anything (well, any possible int).

The user was expecting that there would be two possible paths through this program, one returning 1 and one returning 0. But KLEE only finds one:

$ clang -I ~/public/klee/include -flto -c t.c
$ ~/public/klee.obj.64/Debug/bin/klee t.o
KLEE: output directory = "klee-out-5"

KLEE: done: total instructions = 24
KLEE: done: completed paths = 1
KLEE: done: generated tests = 1

Upon showing the example to me, I was also confused for a moment. However, since I happen to trust KLEE, I knew to look for a problem in the test case! And of course, the square root of 1000 isn’t an integer, so there is no way this code can return 1. If we change the 1000 to 100, KLEE finds two paths as we would expect:

$ cat t.c
#include "klee/klee.h"

int f0(int x) {
if (x * x == 100)
return 1;
else
return 0;
}

int main() {
return f0(klee_int("x"));
}
$ clang -I ~/public/klee/include -flto -c t.c
$ ~/public/klee.obj.64/Debug/bin/klee t.o
KLEE: output directory = "klee-out-6"

KLEE: done: total instructions = 31
KLEE: done: completed paths = 2
KLEE: done: generated tests = 2

This example shows exactly what KLEE was designed for – reasoning about code (or math) is hard, and it is great to let a machine do it for you!

Posted by Daniel Dunbar at 11:49 AM

Labels: KLEE

What's Wrong With Hue Oozie Editor?
Laurence的技术博客
07-23 5846
First, let’s make the topic clear: Comparing with providing raw Oozie workflow/coordinator xml file, what’s disadvantages to create workflow/coordinator with Hue Oozie Editor? ( The Hue Oozie Editor ve
What is cloud computing?
u011868279的博客
03-19 2121
What is cloud computing? Have you ever wondered what cloud computing is? It's the delivery of computing services over the internet, which is otherwise known as the cloud. These services include servers, storage, databases, networking, software, analytics,
What Makes a Good Developer Culture?
简陋的小草屋
03-15 2144
There’s a lot of talk these days about what makes a good “culture”, whether you’re an engineer, a software developer, or a chef. It’s all about finding a work environment that not only is conducive to
让错误代码更明显-Making Wrong Code Look Wrong
Hello Mingo
12-11 2322
前言 这篇文章是在《游戏引擎架构》这本书的推荐里看到的,看完以后觉得作者的观点和我平时的想法非常接近,所以决定翻译一下。我看到了网上有这篇文章的纯中文版本,但是是机翻的。在这里你将看到的是我花费了大把时间,一句话一句话翻译过来的版本。为了方便读者理解,我将原文也拷贝了过来,如果我哪里翻译的不准确,或者让你迷糊的,可以直接看原文。 这篇文章的要讲的内容并不复杂,但是写的确实很啰嗦,或许是为了让读...
Making Wrong Code Look Wrong
directdraw的专栏
03-23 1141
Making Wrong Code Look Wrong by Joel Spolsky Wednesday, May 11, 2005 Way back in September 1983, I started my first real job, working at Oranim, a big bread factory in Israel that made someth
What went wrong: Execution failed for task ':compileArmv7DebugJavaWithJavac'. 问题解决办法
I_LV_XJ的博客
03-10 5231
考虑到ionic开发的app的性能问题,我们在项目打包的时候集成了crosswalk插件,集成指令如下: ionic plugin add cordova-plugin-crosswalk-webview 集成的时候出现了下面的提示: Unmet project requirements for latest version of cordova-plugin-crosswalk-webvi
【LLM+Code】Claude Code Agent 0.2.9 版本Prompt&Tools最细致解读
AI蜗牛车
04-22 2275
是anthropic团队开发的一个code agent bash工具。
Mysql-error code汇总
热门推荐
文学超的博客
07-03 5万+
OS error code 1: Operation not permitted OS error code 2: No such file or directory OS error code 3: No such process OS error code 4: Interrupted system call OS error code 5: In
Android FAILURE: Build failed with an exception.
qq_657172627的博客
09-10 2225
build 报错如下: FAILURE: Build failed with an exception. * What went wrong: Could not resolve all files for configuration ':commonlibrary:debugCompileClasspath'. > Could not resolve com.umeng.umsdk:analytics:8.0.2. Required by: project :commo...
SEH exception with code 0xc0000005 error
jfkidear的专栏
04-10 8974
EXPECT_CALL of googlemock leads to “unknown file:error: SEH exception with code 0xc0000005 thrown in the test body” [closed] up vote1down votefavorite I am
Begin to Code with Python
01-08
Test and debug your code withWhat can go wrong” sections Understand the social aspects of professional development, and build career-ready skills from the start Whether you’re a total beginner or...
FAILURE: Build failed with an exception. * What went wrong: Could not resolve all dependencies for configuration 'classpath'. > Could not resolve project :gradle-plugin:settings-plugin. Required by: unspecified:unspecified:unspecified > Dependency requires at least JVM runtime version 11. This build uses a Java 8 JVM. * Try: > Run this build using a Java 11 or newer JVM. > Run with --stacktrace option to get the stack trace. > Run with --info or --debug option to get more log output. > Run with --scan to get full insights. > Get more help at https://help.gradle.org. BUILD FAILED in 2s error Failed to install the app. Command failed with exit code 1: gradlew.bat app:installDebug -PreactNativeDevServerPort=8081 FAILURE: Build failed with an exception. * What went wrong: Could not resolve all dependencies for configuration 'classpath'. > Could not resolve project :gradle-plugin:settings-plugin. Required by: unspecified:unspecified:unspecified > Dependency requires at least JVM runtime version 11. This build uses a Java 8 JVM. * Try: > Run this build using a Java 11 or newer JVM. > Run with --stacktrace option to get the stack trace. > Run with --info or --debug option to get more log output. > Run with --scan to get full insights. > Get more help at https://help.gradle.org. BUILD FAILED in 2s.
04-02
好的,我现在需要帮助用户解决Gradle构建失败的问题,具体是依赖项未解析和JVM版本不兼容。用户想从Java 8升级到Java 11。首先,我得理清楚这两个问题的解决步骤。 首先,关于依赖项未解析的问题。...
【AI人工智能】用于代码生成的大型语言模型 Large Language Models for Code Generation
AI天才研究院
06-09 1万+
大型语言模型通常采用Transformer等注意力机制架构,能够有效捕获输入序列中长程依赖关系。具体而言,编码器将输入序列映射为上下文表示,解码器则根据上下文和已生成的部分序列预测下一个token。代码生成任务中的输入序列可以是自然语言的问题描述、函数签名、测试用例等形式。模型通过学习大量的代码-自然语言语料对,建立两者之间的映射关系。在生成阶段,给定输入序列,解码器基于学习到的知识逐步推理和生成目标代码。
Flutter assets will be downloaded from https://storage.flutter-io.cn. Make sure you trust this source! FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':audio_session:compileReleaseKotlin'. > Inconsistent JVM-target compatibility detected for tasks 'compileReleaseJavaWithJavac' (11) and 'compileReleaseKotlin' (17). Consider using JVM Toolchain: https://kotl.in/gradle/jvm/toolchain Learn more about JVM-target validation: https://kotl.in/gradle/jvm/target-validation * Try: > Run with --stacktrace option to get the stack trace. > Run with --info or --debug option to get more log output. > Run with --scan to get full insights. > Get more help at https://help.gradle.org. BUILD FAILED in 46s Running Gradle task 'assembleRelease'... 47.0s Gradle task assembleRelease failed with exit code 1
07-13
### 解决Flutter构建过程中JVM版本不兼容导致的编译错误 当出现错误信息 `Inconsistent JVM-target compatibility detected for tasks 'compileReleaseJavaWithJavac' (11) and 'compileReleaseKotlin' (17)` 时,...
OneRec是一个专注于多源信息融合与知识集成的开源推荐算法库_它旨在打破数据孤岛并极大扩充推荐系统的外部世界知识_通过可插拔的模块化设计整合行为数据_包括多信号与长短期用户行为序.zip
12-04
OneRec是一个专注于多源信息融合与知识集成的开源推荐算法库_它旨在打破数据孤岛并极大扩充推荐系统的外部世界知识_通过可插拔的模块化设计整合行为数据_包括多信号与长短期用户行为序.zip
这是一个旨在构建一个开放协作结构化持续进生的社区驱动型知识库与代码资源集合中心的项目它通过GitHub平台汇聚来自全球开发者学习者及技术爱好者的多元化智慧结晶涵盖从入门.zip
12-04
这是一个旨在构建一个开放协作结构化持续进生的社区驱动型知识库与代码资源集合中心的项目它通过GitHub平台汇聚来自全球开发者学习者及技术爱好者的多元化智慧结晶涵盖从入门.zip
峰值密度聚类matlab代码-Clustering-based-density-peaks.zip
最新发布
12-04
峰值密度聚类matlab代码-Clustering--based--density--peaks.zip
(47页PPT)南京地铁集团大数据在城轨行业的应用.pptx
12-04
(47页PPT)南京地铁集团大数据在城轨行业的应用.pptx
基于Create-React-App脚手架构建的现代化React单页面应用开发入门项目_该项目详细展示了如何使用官方推荐的Create-React-App工具链快速初始化开发测.zip
12-04
基于Create-React-App脚手架构建的现代化React单页面应用开发入门项目_该项目详细展示了如何使用官方推荐的Create-React-App工具链快速初始化开发测.zip
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值