KLEE:关于内联汇编的意外错误
KLEE: Unexpected error about inline assembly
最近在玩KLEE。我遵循文档“Building KLEE (LLVM 3.4)”并成功运行教程中的所有示例。
但是,当 运行 我自己的程序使用 KLEE 时:
$ klee -load=/usr/lib/x86_64-linux-gnu/libssl.so --libc=uclibc --posix-runtime -emit-all-errors -allow-external-sym-calls klee_client.bc
发生了一些错误。 (请参阅以下控制台输出)
KLEE: NOTE: Using klee-uclibc : /home/testuser/Downloads/klee/Release+Asserts/lib/klee-uclibc.bca
KLEE: NOTE: Using model: /home/testuser/Downloads/klee/Release+Asserts/lib/libkleeRuntimePOSIX.bca
KLEE: output directory is "/home/testuser/Downloads/klee_test/klee-out-3"
KLEE: WARNING ONCE: function "__libc_connect" has inline asm
KLEE: WARNING ONCE: function "setsockopt" has inline asm
KLEE: WARNING ONCE: function "shutdown" has inline asm
KLEE: WARNING ONCE: function "socket" has inline asm
KLEE: WARNING ONCE: function "__libc_recvfrom" has inline asm
KLEE: WARNING ONCE: function "__libc_sendto" has inline asm
KLEE: WARNING: undefined reference to function: ERR_clear_error
KLEE: WARNING: undefined reference to function: ERR_error_string
KLEE: WARNING: undefined reference to function: ERR_get_error
KLEE: WARNING: undefined reference to function: OPENSSL_config
KLEE: WARNING: undefined reference to function: SSL_CTX_ctrl
KLEE: WARNING: undefined reference to function: SSL_CTX_free
KLEE: WARNING: undefined reference to function: SSL_CTX_new
KLEE: WARNING: undefined reference to function: SSL_CTX_set_next_proto_select_cb
KLEE: WARNING: undefined reference to function: SSL_connect
KLEE: WARNING: undefined reference to function: SSL_free
KLEE: WARNING: undefined reference to function: SSL_get_error
KLEE: WARNING: undefined reference to function: SSL_library_init
KLEE: WARNING: undefined reference to function: SSL_load_error_strings
KLEE: WARNING: undefined reference to function: SSL_new
KLEE: WARNING: undefined reference to function: SSL_read
KLEE: WARNING: undefined reference to function: SSL_set_fd
KLEE: WARNING: undefined reference to function: SSL_shutdown
KLEE: WARNING: undefined reference to function: SSL_write
KLEE: WARNING: undefined reference to function: SSLv23_client_method
KLEE: WARNING: undefined reference to function: klee_posix_prefer_cex
...
KLEE: WARNING ONCE: calling external: syscall(16, 0, 21505, 40876048)
KLEE: WARNING ONCE: calling __user_main with extra arguments.
KLEE: WARNING ONCE: __syscall_rt_sigaction: silently ignoring
KLEE: WARNING ONCE: calling external: OPENSSL_config(0)
KLEE: WARNING ONCE: calling external: SSL_load_error_strings()
KLEE: WARNING ONCE: calling external: SSL_library_init()
KLEE: WARNING ONCE: calling external: printf(35435072, 46338336)
KLEE: ERROR: /home/testuser/Downloads/klee-uclibc/libc/inet/socketcalls.c:362: inline assembly is unsupported
KLEE: done: total instructions = 99493
KLEE: done: completed paths = 1
KLEE: done: generated tests = 1
我很好奇为什么会出现与uclibc相关的错误?因为我是按照KLEE文档说的编译的,在编译前"configure" uclibc时,我没有找到任何禁用汇编代码(例如no-asm)的选项。
此外,我还注意到有很多关于"undefined reference to function: ..."的警告。我应该将相应的库编译为 llvm 位码而不是使用现有的共享对象吗?
谢谢!
对于 Q1:基本上,KLEE 文档教育用户将 uClibc 编译成 LLVM IR 的存档。 uClibc 中的很多函数都包含内联汇编(甚至直接用汇编开发)。这些程序集不会被编译到 LLVM IR 中,而是会在 IR 中保持不变。在执行来自 ucLibc 的函数的 IR 之前,KLEE 将检查 IR 中是否包含任何程序集。如果是这样,您将看到警告 "function XXX has inline asm"。没有禁用程序集的选项。要摆脱这些程序集,您必须找到一种方法将它们转换为 LLVM IR。
对于Q2:您需要将KLEE进程和待测程序分开(如您的klee_client.bc)。当您将现有的共享对象加载到 KLEE 时,您实际上是 link 将库加载到 KLEE 进程,而不是要测试的程序。要link带库的待测程序,需要将库编译成IR,然后link通过修改KLEE中的main函数(或使用 KLEE 内置的一些选项,我不清楚)。当待测程序被 KLEE 加载并使用指定的库 link 时,KLEE 将检查是否存在每个所需的函数(由某些指令调用)。如果没有,您将看到警告。在你的情况下,你基本上没有link 待测程序带有LibSSL 的LLVM IR。
最近在玩KLEE。我遵循文档“Building KLEE (LLVM 3.4)”并成功运行教程中的所有示例。
但是,当 运行 我自己的程序使用 KLEE 时:
$ klee -load=/usr/lib/x86_64-linux-gnu/libssl.so --libc=uclibc --posix-runtime -emit-all-errors -allow-external-sym-calls klee_client.bc
发生了一些错误。 (请参阅以下控制台输出)
KLEE: NOTE: Using klee-uclibc : /home/testuser/Downloads/klee/Release+Asserts/lib/klee-uclibc.bca
KLEE: NOTE: Using model: /home/testuser/Downloads/klee/Release+Asserts/lib/libkleeRuntimePOSIX.bca
KLEE: output directory is "/home/testuser/Downloads/klee_test/klee-out-3"
KLEE: WARNING ONCE: function "__libc_connect" has inline asm
KLEE: WARNING ONCE: function "setsockopt" has inline asm
KLEE: WARNING ONCE: function "shutdown" has inline asm
KLEE: WARNING ONCE: function "socket" has inline asm
KLEE: WARNING ONCE: function "__libc_recvfrom" has inline asm
KLEE: WARNING ONCE: function "__libc_sendto" has inline asm
KLEE: WARNING: undefined reference to function: ERR_clear_error
KLEE: WARNING: undefined reference to function: ERR_error_string
KLEE: WARNING: undefined reference to function: ERR_get_error
KLEE: WARNING: undefined reference to function: OPENSSL_config
KLEE: WARNING: undefined reference to function: SSL_CTX_ctrl
KLEE: WARNING: undefined reference to function: SSL_CTX_free
KLEE: WARNING: undefined reference to function: SSL_CTX_new
KLEE: WARNING: undefined reference to function: SSL_CTX_set_next_proto_select_cb
KLEE: WARNING: undefined reference to function: SSL_connect
KLEE: WARNING: undefined reference to function: SSL_free
KLEE: WARNING: undefined reference to function: SSL_get_error
KLEE: WARNING: undefined reference to function: SSL_library_init
KLEE: WARNING: undefined reference to function: SSL_load_error_strings
KLEE: WARNING: undefined reference to function: SSL_new
KLEE: WARNING: undefined reference to function: SSL_read
KLEE: WARNING: undefined reference to function: SSL_set_fd
KLEE: WARNING: undefined reference to function: SSL_shutdown
KLEE: WARNING: undefined reference to function: SSL_write
KLEE: WARNING: undefined reference to function: SSLv23_client_method
KLEE: WARNING: undefined reference to function: klee_posix_prefer_cex
...
KLEE: WARNING ONCE: calling external: syscall(16, 0, 21505, 40876048)
KLEE: WARNING ONCE: calling __user_main with extra arguments.
KLEE: WARNING ONCE: __syscall_rt_sigaction: silently ignoring
KLEE: WARNING ONCE: calling external: OPENSSL_config(0)
KLEE: WARNING ONCE: calling external: SSL_load_error_strings()
KLEE: WARNING ONCE: calling external: SSL_library_init()
KLEE: WARNING ONCE: calling external: printf(35435072, 46338336)
KLEE: ERROR: /home/testuser/Downloads/klee-uclibc/libc/inet/socketcalls.c:362: inline assembly is unsupported
KLEE: done: total instructions = 99493
KLEE: done: completed paths = 1
KLEE: done: generated tests = 1
我很好奇为什么会出现与uclibc相关的错误?因为我是按照KLEE文档说的编译的,在编译前"configure" uclibc时,我没有找到任何禁用汇编代码(例如no-asm)的选项。
此外,我还注意到有很多关于"undefined reference to function: ..."的警告。我应该将相应的库编译为 llvm 位码而不是使用现有的共享对象吗?
谢谢!
对于 Q1:基本上,KLEE 文档教育用户将 uClibc 编译成 LLVM IR 的存档。 uClibc 中的很多函数都包含内联汇编(甚至直接用汇编开发)。这些程序集不会被编译到 LLVM IR 中,而是会在 IR 中保持不变。在执行来自 ucLibc 的函数的 IR 之前,KLEE 将检查 IR 中是否包含任何程序集。如果是这样,您将看到警告 "function XXX has inline asm"。没有禁用程序集的选项。要摆脱这些程序集,您必须找到一种方法将它们转换为 LLVM IR。
对于Q2:您需要将KLEE进程和待测程序分开(如您的klee_client.bc)。当您将现有的共享对象加载到 KLEE 时,您实际上是 link 将库加载到 KLEE 进程,而不是要测试的程序。要link带库的待测程序,需要将库编译成IR,然后link通过修改KLEE中的main函数(或使用 KLEE 内置的一些选项,我不清楚)。当待测程序被 KLEE 加载并使用指定的库 link 时,KLEE 将检查是否存在每个所需的函数(由某些指令调用)。如果没有,您将看到警告。在你的情况下,你基本上没有link 待测程序带有LibSSL 的LLVM IR。