What’s wrong with this code?

最新推荐文章于 2021-03-19 19:57:00 发布
最新推荐文章于 2021-03-19 19:57:00 发布
阅读量294 收藏
点赞数
分类专栏: llvm-blog 文章标签: llvm clang
原文链接:http://blog.llvm.org
版权

Wednesday, April 7, 2010

What’s wrong with this code?

A user on IRC sent me this interesting KLEE example today, which I thought was cute enough I should post it.

If you aren’t familiar with it, KLEE is a tool for symbolic execution of LLVM code. It is way too complicated to explain here, but for the purposes of this example all you need to know is that it tries to explore all possible paths through a program.

In this case, the user was actually talking to me because he thought there was a bug in KLEE, because it was only finding one path through the code. Here is the example:

$ cat t.c
#include "klee/klee.h"

int f0(int x) {
if (x * x == 1000)
return 1;
else
return 0;
}

int main() {
return f0(klee_int("x"));
}

The idea here is that klee_int("x") creates a new symbolic variable, which can be anything (well, any possible int).

The user was expecting that there would be two possible paths through this program, one returning 1 and one returning 0. But KLEE only finds one:

$ clang -I ~/public/klee/include -flto -c t.c
$ ~/public/klee.obj.64/Debug/bin/klee t.o
KLEE: output directory = "klee-out-5"

KLEE: done: total instructions = 24
KLEE: done: completed paths = 1
KLEE: done: generated tests = 1

Upon showing the example to me, I was also confused for a moment. However, since I happen to trust KLEE, I knew to look for a problem in the test case! And of course, the square root of 1000 isn’t an integer, so there is no way this code can return 1. If we change the 1000 to 100, KLEE finds two paths as we would expect:

$ cat t.c
#include "klee/klee.h"

int f0(int x) {
if (x * x == 100)
return 1;
else
return 0;
}

int main() {
return f0(klee_int("x"));
}
$ clang -I ~/public/klee/include -flto -c t.c
$ ~/public/klee.obj.64/Debug/bin/klee t.o
KLEE: output directory = "klee-out-6"

KLEE: done: total instructions = 31
KLEE: done: completed paths = 2
KLEE: done: generated tests = 2

This example shows exactly what KLEE was designed for – reasoning about code (or math) is hard, and it is great to let a machine do it for you!

Posted by Daniel Dunbar at 11:49 AM

Labels: KLEE

「已注销」
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Begin to Code with Python
01-08
Test and debug your code with “What can go wrong” sections Understand the social aspects of professional development, and build career-ready skills from the start Whether you’re a total beginner or...
Clean Code
12-28
And you will be challenged to think about what’s right about that code, and what’s wrong with it. More importantly, you will be challenged to reassess your professional values and your commitment ...
What's Wrong With Hue Oozie Editor?
Laurence的技术博客
07-23 5681
First, let’s make the topic clear: Comparing with providing raw Oozie workflow/coordinator xml file, what’s disadvantages to create workflow/coordinator with Hue Oozie Editor? ( The Hue Oozie Editor ve
What is cloud computing?
u011868279的博客
03-19 1504
What is cloud computing? Have you ever wondered what cloud computing is? It's the delivery of computing services over the internet, which is otherwise known as the cloud. These services include servers, storage, databases, networking, software, analytics,
What Makes a Good Developer Culture?
简陋的小草屋
03-15 1878
There’s a lot of talk these days about what makes a good “culture”, whether you’re an engineer, a software developer, or a chef. It’s all about finding a work environment that not only is conducive to
Making Wrong Code Look Wrong
directdraw的专栏
03-23 1014
Making Wrong Code Look Wrong by Joel Spolsky Wednesday, May 11, 2005 Way back in September 1983, I started my first real job, working at Oranim, a big bread factory in Israel that made someth
让错误代码更明显-Making Wrong Code Look Wrong
Hello Mingo
12-11 1804
前言 这篇文章是在《游戏引擎架构》这本书的推荐里看到的,看完以后觉得作者的观点和我平时的想法非常接近,所以决定翻译一下。我看到了网上有这篇文章的纯中文版本,但是是机翻的。在这里你将看到的是我花费了大把时间,一句话一句话翻译过来的版本。为了方便读者理解,我将原文也拷贝了过来,如果我哪里翻译的不准确,或者让你迷糊的,可以直接看原文。 这篇文章的要讲的内容并不复杂,但是写的确实很啰嗦,或许是为了让读...
What went wrong: Execution failed for task ':compileArmv7DebugJavaWithJavac'. 问题解决办法
I_LV_XJ的博客
03-10 4956
考虑到ionic开发的app的性能问题,我们在项目打包的时候集成了crosswalk插件,集成指令如下: ionic plugin add cordova-plugin-crosswalk-webview 集成的时候出现了下面的提示: Unmet project requirements for latest version of cordova-plugin-crosswalk-webvi
Android FAILURE: Build failed with an exception.
qq_657172627的博客
09-10 2055
build 报错如下: FAILURE: Build failed with an exception. * What went wrong: Could not resolve all files for configuration ':commonlibrary:debugCompileClasspath'. > Could not resolve com.umeng.umsdk:analytics:8.0.2. Required by: project :commo...
Mysql-error code汇总
热门推荐
文学超的博客
07-03 5万+
OS error code 1: Operation not permitted OS error code 2: No such file or directory OS error code 3: No such process OS error code 4: Interrupted system call OS error code 5: In
SEH exception with code 0xc0000005 error
jfkidear的专栏
04-10 8809
EXPECT_CALL of googlemock leads to “unknown file:error: SEH exception with code 0xc0000005 thrown in the test body” [closed] up vote1down votefavorite I am
Don't Waste Time on Code Reviews
高效软件开发
09-09 4122
Less than half of development teams do code reviews and the other half are probably not getting as much out of code reviews as they should.Here’s how to not waste time on code reviews.Keep it SimpleMa
SQL and Relational Theory: How to Write Accurate SQL Code
03-07
Nulls in the database cause wrong answers. Why? What you can do about it?How can image relations help you formulate complex SQL queries?SQL supports "quantified comparisons," but they're better ...
Learn Microservices with Spring Boot 2017
12-18
It’s not a surprise; this software architecture style has a lot of advantages, like flexibility and ease of scale. Mapping them into small teams in an organization also gives you a lot of efficiency...
大学生挑战杯-喜树根器官培养和抗癌物质喜树碱生成的研究.rar
07-26
大学生挑战杯-喜树根器官培养和抗癌物质喜树碱生成的研究.rar
b278视频及游戏管理平台-springboot+vue.zip(可运行源码+sql文件+)
07-26
视频及游戏管理平台是一个很好的项目,结合了后端(Spring Boot)和前端(Vue.js)技术,实现了前后端分离。 视频及游戏管理平台是一个很好的项目,结合了后端(Spring Boot)和前端(Vue.js)技术,实现了前后端分离。 视频及游戏管理平台是一个很好的项目,结合了后端(Spring Boot)和前端(Vue.js)技术,实现了前后端分离。 视频及游戏管理平台是一个很好的项目,结合了后端(Spring Boot)和前端(Vue.js)技术,实现了前后端分离。 视频及游戏管理平台是一个很好的项目,结合了后端(Spring Boot)和前端(Vue.js)技术,实现了前后端分离。 视频及游戏管理平台是一个很好的项目,结合了后端(Spring Boot)和前端(Vue.js)技术,实现了前后端分离。
大模型应用-为Ollma开发的简单的HTML网页UI应用-附项目源码-优质项目实战.zip
最新发布
07-26
大模型应用_为Ollma开发的简单的HTML网页UI应用_附项目源码_优质项目实战
基于JAVA局域网监听软件的设计与开发(源代码+论文).rar
07-26
基于JAVA局域网监听软件的设计与开发(源代码+论文).rar
Job for rabbitmq-server.service failed because the control process exited with error code.
04-27
Look for any error messages or stack traces that might indicate what went wrong. Another thing to check is whether all the required dependencies are installed and running. For example, RabbitMQ ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值