I'm using Rust with KLEE and kept getting out-of-bounds error in memcpy of compiler_builtins.
Turns out that compiler_builtins' memcpy copies word by word, and cause out-of-bound if the object size is not a multiple of the size of
Relevant compiler_builtins code:
Does Rust assume the allocator implementation aligns the size of the object to size of
NVM. It seems it reads out-of-bound as the comments say, but do not perform out-of-bound write.
I'll have to align up size before calling malloc.
I ended up forcing klee to use it's own version of memcpy.
I could've also changed klee to allocate size aligned up to usize (for global/stack/heap objects), but then I could miss off-by-one errors.
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.