Experiments in concolic testing with Klee
Parsing JSON strings (
Testing noninterference, quickly (
A port of an experiment in random testing for noninterference properties of a small family of abstract machines. (In ICFP 2013, also on arxiv).
Scripts will assume that the root of this directory contains a
A typical sequence of commands to get to a working setup:
mkdir klee/ ln -s /path/to/klee/include klee/include ln -s /path/to/klee/build/bin klee/bin ln -s /path/to/klee/build/lib klee/lib
We work with
clang-5.0. The programs are probably simple enough to run on
older versions though.
Running the examples
In each directory,
make kleeto launch Klee:
TIMEOUT=Nto set a time limit of N seconds (default:
NOLIMITto disable timeouts.
OUTPUT_ALL_STATESto output all test cases generated by Klee (by default, we ask Klee to avoid recording test cases that do not discover new parts of the program).
make replaybuilds an executable (
$NAME.replay) to replay test cases.
LD_LIBRARY_PATH, and set
LD_LIBRARY_PATH=../klee/lib KTEST_FILE=klee-last/test000001.ktest ./noninterf.replay
A shorter way to do that is with
make replay TEST_FILE=klee-last/test000001.ktest.
make coverage KLEE_OUT=klee-out-$Ncollects coverage information in
klee-out-$Ncorresponds to a directory created by
These examples have various buggy versions.
Makefile in each directory for corresponding options.
For example, in
aeson-cbits, this enables the
make DEST_TOO_SMALL=true klee
makejust builds the program for Klee (implied by
make cppjust preprocesses the files (for sanity checks).
To use STP, Klee docs remind you to apply this. (In some environments, STP may segfault without it.)
ulimit -s unlimited