├── LICENSE ├── README.md └── ubuntu.sh /LICENSE: -------------------------------------------------------------------------------- 1 | CC0 1.0 Universal 2 | 3 | Statement of Purpose 4 | 5 | The laws of most jurisdictions throughout the world automatically confer 6 | exclusive Copyright and Related Rights (defined below) upon the creator and 7 | subsequent owner(s) (each and all, an "owner") of an original work of 8 | authorship and/or a database (each, a "Work"). 9 | 10 | Certain owners wish to permanently relinquish those rights to a Work for the 11 | purpose of contributing to a commons of creative, cultural and scientific 12 | works ("Commons") that the public can reliably and without fear of later 13 | claims of infringement build upon, modify, incorporate in other works, reuse 14 | and redistribute as freely as possible in any form whatsoever and for any 15 | purposes, including without limitation commercial purposes. These owners may 16 | contribute to the Commons to promote the ideal of a free culture and the 17 | further production of creative, cultural and scientific works, or to gain 18 | reputation or greater distribution for their Work in part through the use and 19 | efforts of others. 20 | 21 | For these and/or other purposes and motivations, and without any expectation 22 | of additional consideration or compensation, the person associating CC0 with a 23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright 24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work 25 | and publicly distribute the Work under its terms, with knowledge of his or her 26 | Copyright and Related Rights in the Work and the meaning and intended legal 27 | effect of CC0 on those rights. 28 | 29 | 1. Copyright and Related Rights. A Work made available under CC0 may be 30 | protected by copyright and related or neighboring rights ("Copyright and 31 | Related Rights"). Copyright and Related Rights include, but are not limited 32 | to, the following: 33 | 34 | i. the right to reproduce, adapt, distribute, perform, display, communicate, 35 | and translate a Work; 36 | 37 | ii. moral rights retained by the original author(s) and/or performer(s); 38 | 39 | iii. publicity and privacy rights pertaining to a person's image or likeness 40 | depicted in a Work; 41 | 42 | iv. rights protecting against unfair competition in regards to a Work, 43 | subject to the limitations in paragraph 4(a), below; 44 | 45 | v. rights protecting the extraction, dissemination, use and reuse of data in 46 | a Work; 47 | 48 | vi. database rights (such as those arising under Directive 96/9/EC of the 49 | European Parliament and of the Council of 11 March 1996 on the legal 50 | protection of databases, and under any national implementation thereof, 51 | including any amended or successor version of such directive); and 52 | 53 | vii. other similar, equivalent or corresponding rights throughout the world 54 | based on applicable law or treaty, and any national implementations thereof. 55 | 56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of, 57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and 58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright 59 | and Related Rights and associated claims and causes of action, whether now 60 | known or unknown (including existing as well as future claims and causes of 61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum 62 | duration provided by applicable law or treaty (including future time 63 | extensions), (iii) in any current or future medium and for any number of 64 | copies, and (iv) for any purpose whatsoever, including without limitation 65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes 66 | the Waiver for the benefit of each member of the public at large and to the 67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver 68 | shall not be subject to revocation, rescission, cancellation, termination, or 69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work 70 | by the public as contemplated by Affirmer's express Statement of Purpose. 71 | 72 | 3. Public License Fallback. Should any part of the Waiver for any reason be 73 | judged legally invalid or ineffective under applicable law, then the Waiver 74 | shall be preserved to the maximum extent permitted taking into account 75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver 76 | is so judged Affirmer hereby grants to each affected person a royalty-free, 77 | non transferable, non sublicensable, non exclusive, irrevocable and 78 | unconditional license to exercise Affirmer's Copyright and Related Rights in 79 | the Work (i) in all territories worldwide, (ii) for the maximum duration 80 | provided by applicable law or treaty (including future time extensions), (iii) 81 | in any current or future medium and for any number of copies, and (iv) for any 82 | purpose whatsoever, including without limitation commercial, advertising or 83 | promotional purposes (the "License"). The License shall be deemed effective as 84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the 85 | License for any reason be judged legally invalid or ineffective under 86 | applicable law, such partial invalidity or ineffectiveness shall not 87 | invalidate the remainder of the License, and in such case Affirmer hereby 88 | affirms that he or she will not (i) exercise any of his or her remaining 89 | Copyright and Related Rights in the Work or (ii) assert any associated claims 90 | and causes of action with respect to the Work, in either case contrary to 91 | Affirmer's express Statement of Purpose. 92 | 93 | 4. Limitations and Disclaimers. 94 | 95 | a. No trademark or patent rights held by Affirmer are waived, abandoned, 96 | surrendered, licensed or otherwise affected by this document. 97 | 98 | b. Affirmer offers the Work as-is and makes no representations or warranties 99 | of any kind concerning the Work, express, implied, statutory or otherwise, 100 | including without limitation warranties of title, merchantability, fitness 101 | for a particular purpose, non infringement, or the absence of latent or 102 | other defects, accuracy, or the present or absence of errors, whether or not 103 | discoverable, all to the greatest extent permissible under applicable law. 104 | 105 | c. Affirmer disclaims responsibility for clearing rights of other persons 106 | that may apply to the Work or any use thereof, including without limitation 107 | any person's Copyright and Related Rights in the Work. Further, Affirmer 108 | disclaims responsibility for obtaining any necessary consents, permissions 109 | or other rights required for any use of the Work. 110 | 111 | d. Affirmer understands and acknowledges that Creative Commons is not a 112 | party to this document and has no duty or obligation with respect to this 113 | CC0 or use of the Work. 114 | 115 | For more information, please see 116 | 117 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # How to build KLEE 2 | 3 | This is a repository for all my notes about the installation of [KLEE](https://klee.github.io/). This README.md contains a step by step manual for building KLEE with all its dependencies. Additionally, I wrote a small script for ubuntu, that automatically executes all the commands listed here. If you build KLEE for the first time, I strongly recommend executing the commands manually, but if you end up doing it again, just save your time with the script. 4 | 5 | ---------- 6 | 7 | # Manual build step by step 8 | 9 | ## Introduction 10 | 11 | There are a ton of installation instructions for [KLEE](https://klee.github.io/) out there in the web. This is yet another manual, but it tries to be a little different. First of all, it is not Ubuntu specific. It works on Ubuntu, but it also works on other distros like Arch Linux. Furthermore, this setup do not use the sudo command or any kind of installation. You get a pure local build directory full of all the necessary tools and nothing else. Thereby, you can have multiple klee versions and setups on the same machine. In order to uninstall these tools, simply remove the directory, where they have been built in. 12 | 13 | ### The resulting directory structure: 14 | ``` 15 | build 16 | ├── klee 17 | ├── klee-uclibc 18 | ├── llvm 19 | ├── minisat 20 | ├── stp 21 | └── z3 22 | ``` 23 | 24 | I prefer having my self-compiled binaries in a build-folder inside my home directory, but you are free to place it wherever you want. Just create an empty directory anywhere in your system, remember its path and name, and execute all the following commands inside this directory. 25 | 26 | ### storage-usage 27 | 28 | The whole files, that are needed during the build process, needs at least 2 GB of storage. This manual uses version control systems (git, svn) to download the source files. Thereby each file is stored twice: in the version control and in the checkout-folder. The version control is not really useful or necessary for non-developers of these tools, so this manual removes these files with commands like `rm -rf {.git,.svn}`. You can leave this commands out, but remember, that this will likely double the amount of storage to at least 4 GB in total. 29 | 30 | 31 | ## Usefull Links: 32 | 33 | * [The official (but buggy) installation manual](https://klee.github.io/build-llvm34/) 34 | * [Build LLVM on your own](http://www.llvm.org/docs/GettingStarted.html#getting-started-quickly-a-summary) 35 | * [The old official installation manual](https://llvm.org/svn/llvm-project/klee/trunk/www/GetStarted.html?p=156062) 36 | * [More recent user installation for Ubuntu 14.04 LTS](http://blog.opensecurityresearch.com/2014/07/klee-on-ubuntu-1404-lts-64bit.html) 37 | * [STP installation manual with build options](https://github.com/stp/stp/blob/master/INSTALL.md) 38 | * [metaSMT-Support for KLEE](http://srg.doc.ic.ac.uk/projects/klee-multisolver/getting-started.html) 39 | 40 | 41 | ## Step 0: Install required tools for the build 42 | 43 | ### Ubuntu (16.04) 44 | ``` 45 | sudo apt-get install bc bison build-essential cmake curl flex git libboost-all-dev libcap-dev libncurses5-dev python-minimal python-pip subversion unzip zlib1g-dev 46 | ``` 47 | ### Arch Linux 48 | ``` 49 | sudo pacman -S bc bison boost cmake curl flex gcc git libcap ncurses python python2 python2-pip subversion zlib 50 | ``` 51 | 52 | 53 | ## Step 1: LLVM 54 | 55 | ### Checkout sourcecode of the core and relevant projects 56 | ``` 57 | svn co https://llvm.org/svn/llvm-project/llvm/tags/RELEASE_342/final llvm 58 | svn co https://llvm.org/svn/llvm-project/cfe/tags/RELEASE_342/final llvm/tools/clang 59 | svn co https://llvm.org/svn/llvm-project/compiler-rt/tags/RELEASE_342/final llvm/projects/compiler-rt 60 | svn co https://llvm.org/svn/llvm-project/libcxx/tags/RELEASE_342/final llvm/projects/libcxx 61 | svn co https://llvm.org/svn/llvm-project/test-suite/tags/RELEASE_342/final/ llvm/projects/test-suite 62 | 63 | rm -rf llvm/.svn 64 | rm -rf llvm/tools/clang/.svn 65 | rm -rf llvm/projects/compiler-rt/.svn 66 | rm -rf llvm/projects/libcxx/.svn 67 | rm -rf llvm/projects/test-suite/.svn 68 | ``` 69 | 70 | ### Build the binaries 71 | 72 | The llvm-testsuite, that is used later for `make check-all` needs a python2. Maybe the default on your system is python3. So you have to add the `--with-python`-option with your path to a python2 executable. 73 | 74 | ``` 75 | cd llvm 76 | ./configure --enable-optimized --disable-assertions --enable-targets=host --with-python="/usr/bin/python2" 77 | make -j `nproc` 78 | 79 | make -j `nproc` check-all 80 | cd .. 81 | ``` 82 | 83 | ## Step 2: Minisat 84 | 85 | ``` 86 | git clone --depth 1 https://github.com/stp/minisat.git 87 | # Commit ID: 3db58943b6ffe855d3b8c9a959300d9a148ab554 (very old - from Jun 22, 2015) 88 | rm -rf minisat/.git 89 | 90 | cd minisat 91 | make 92 | cd .. 93 | ``` 94 | 95 | 96 | ## Step 3: STP 97 | 98 | ``` 99 | git clone --depth 1 --branch stp-2.2.0 https://github.com/stp/stp.git 100 | rm -rf stp/.git 101 | 102 | cd stp 103 | mkdir build 104 | cd build 105 | cmake \ 106 | -DBUILD_STATIC_BIN=ON \ 107 | -DBUILD_SHARED_LIBS:BOOL=OFF \ 108 | -DENABLE_PYTHON_INTERFACE:BOOL=OFF \ 109 | -DMINISAT_INCLUDE_DIR="../../minisat/" \ 110 | -DMINISAT_LIBRARY="../../minisat/build/release/lib/libminisat.a" \ 111 | -DCMAKE_BUILD_TYPE="Release" \ 112 | -DTUNE_NATIVE:BOOL=ON .. 113 | make -j `nproc` 114 | cd ../.. 115 | ``` 116 | 117 | ## Step 4: uclibc and the POSIX environment model 118 | ``` 119 | git clone --depth 1 --branch klee_uclibc_v1.0.0 https://github.com/klee/klee-uclibc.git 120 | rm -rf klee-uclibc/.git 121 | 122 | cd klee-uclibc 123 | ./configure \ 124 | --make-llvm-lib \ 125 | --with-llvm-config="../llvm/Release/bin/llvm-config" \ 126 | --with-cc="../llvm/Release/bin/clang" 127 | make -j `nproc` 128 | cd .. 129 | ``` 130 | 131 | ## Step 5: Z3 132 | ``` 133 | git clone --depth 1 --branch z3-4.5.0 https://github.com/Z3Prover/z3.git 134 | rm -rf z3/.git 135 | 136 | cd z3 137 | python scripts/mk_make.py 138 | cd build 139 | make -j `nproc` 140 | 141 | # partialy copied from make install target 142 | mkdir -p ./include 143 | mkdir -p ./lib 144 | cp ../src/api/z3.h ./include/z3.h 145 | cp ../src/api/z3_v1.h ./include/z3_v1.h 146 | cp ../src/api/z3_macros.h ./include/z3_macros.h 147 | cp ../src/api/z3_api.h ./include/z3_api.h 148 | cp ../src/api/z3_ast_containers.h ./include/z3_ast_containers.h 149 | cp ../src/api/z3_algebraic.h ./include/z3_algebraic.h 150 | cp ../src/api/z3_polynomial.h ./include/z3_polynomial.h 151 | cp ../src/api/z3_rcf.h ./include/z3_rcf.h 152 | cp ../src/api/z3_fixedpoint.h ./include/z3_fixedpoint.h 153 | cp ../src/api/z3_optimization.h ./include/z3_optimization.h 154 | cp ../src/api/z3_interp.h ./include/z3_interp.h 155 | cp ../src/api/z3_fpa.h ./include/z3_fpa.h 156 | cp libz3.so ./lib/libz3.so 157 | cp ../src/api/c++/z3++.h ./include/z3++.h 158 | 159 | cd ../.. 160 | ``` 161 | 162 | ## Step 6: KLEE 163 | 164 | This is the only step in this manual, where we need the absolute path in the commands. The trick with the custom shell variable should solve it correctly. Nevertheless, if the configure command fails, try it again with explicit paths. 165 | 166 | ``` 167 | git clone --depth 1 --branch v1.3.0 https://github.com/klee/klee.git 168 | rm -rf klee/.git 169 | 170 | BUILDDIR=`pwd` 171 | cd klee 172 | ./configure \ 173 | LDFLAGS="-L$BUILDDIR/minisat/build/release/lib/" \ 174 | --with-llvm=$BUILDDIR/llvm/ \ 175 | --with-llvmcc=$BUILDDIR/llvm/Release/bin/clang \ 176 | --with-llvmcxx=$BUILDDIR/llvm/Release/bin/clang++ \ 177 | --with-stp=$BUILDDIR/stp/build/ \ 178 | --with-uclibc=$BUILDDIR/klee-uclibc \ 179 | --with-z3=$BUILDDIR/z3/build/ \ 180 | --enable-cxx11 \ 181 | --enable-posix-runtime 182 | 183 | make -j `nproc` ENABLE_OPTIMIZED=1 184 | 185 | # Copy Z3 libraries to a place, where klee can find them 186 | cp ../z3/build/lib/libz3.so ./Release+Asserts/lib/ 187 | 188 | make -j `nproc` check 189 | cd .. 190 | ``` 191 | 192 | A small note: I have tried this setup on several systems and this last check has never finished without errors. I am not absolutely sure, if this is normal or not. From my experience around 4 up to 9 failing test cases seems to be normal, if everything seems to work. 193 | 194 | ## Step 7: Link some executables 195 | 196 | This step is completely optional, but if you have to execute the generated programs again and again, it is helpful to have smaller shortcuts for them. For this purpose all modern shells offers some way of creating `alias`-commands. 197 | 198 | Put these lines at the end of your `~/.bashrc` (if using bash) or `~/.zshrc` (if using zsh). If you don't use a build-directory in your home folder, just replace the paths corresponding to your directory structure. To separate the self-build versions from the system ones, I add the prefix "my" to the alias commands, but you can name them what ever you want. 199 | 200 | ``` 201 | alias myklee="~/build/klee/Release+Asserts/bin/klee" 202 | alias myktest-tool="~/build/klee/Release+Asserts/bin/ktest-tool" 203 | alias myclang="~/build/llvm/Release/bin/clang" 204 | alias mylli="~/build/llvm/Release/bin/lli" 205 | alias myllvm-dis="~/build/llvm/Release/bin/llvm-dis" 206 | ``` 207 | 208 | These are definitely not all the binaries created by this manual, but at least the most common ones. Nevertheless, I assume you see the pattern and of course you can add, whatever you find helpful. 209 | 210 | ## Solutions for common errors 211 | 212 | ### During the ./configure command of KLEE 213 | 214 | ``` 215 | checking for vc_setInterfaceFlags in -lstp... no 216 | Could not link with libstp 217 | checking for vc_setInterfaceFlags in -lstp... no 218 | configure: error: Unable to link with libstp. Check config.log to see what went wrong 219 | ``` 220 | and in the corresponding config.log 221 | ``` 222 | configure:5121: checking for vc_setInterfaceFlags in -lstp 223 | configure:5146: g++ -o conftest -g -O2 conftest.cpp -lstp -L.../stp/build/lib -lminisat >&5 224 | .../stp/build/lib/libstp.a(RunTimes.cpp.o): In function `RunTimes::getDifference[abi:cxx11]()': 225 | .../stp/build/../lib/AST/RunTimes.cpp:118: undefined reference to `Minisat::memUsed()' 226 | ... 227 | ``` 228 | 229 | In other words, the compiler cannot find a lot of minisat functions. This problem is caused by the shared library for minisat, that must be added and must be found during the compilation process. Make sure, that you are giving the correct path to minisat in the LDFLAGS. See step 6 for details. 230 | 231 | ### During runs of KLEE 232 | 233 | ``` 234 | .../bin/klee: error while loading shared libraries: libz3.so: cannot open shared object file: No such file or directory 235 | ``` 236 | 237 | KLEE cannot find the libz3.so library of Z3. The easiest solution is to directly copy the library to the lib directory of KLEE. See step 6 for details. 238 | 239 | ---------- 240 | 241 | ``` 242 | error while loading shared libraries: libkleeRuntest.so.1.0: cannot open shared object file: No such file or directory 243 | ``` 244 | Somehow, KLEE searches a specific version of its shared library and its Makefile just generates a generic one. To solve this error, just create a symbolic link to the generic library as the specific version required. 245 | ``` 246 | ln -s ~/build/klee/Release+Asserts/lib/libkleeRuntest.so ~/build/klee/Release+Asserts/lib/libkleeRuntest.so.1.0 247 | ``` 248 | -------------------------------------------------------------------------------- /ubuntu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ######################################## 4 | # Read the command line argument 5 | ######################################## 6 | 7 | if [ "$#" -ne "1" ]; then 8 | echo "ERROR: No target directory was given!" 9 | echo "usage: $0 /path/to/empty/dir" 10 | exit 1 11 | fi 12 | 13 | README="$(dirname "$(realpath "$0")")/README.md" 14 | BUILDDIR="$(realpath "$1")" 15 | 16 | if [ ! -d "$BUILDDIR" ] || [ ! -z "$(ls -A "$BUILDDIR")" ]; then 17 | echo "ERROR: Installation needs an empty directory as a target!" 18 | echo "usage: $0 /path/to/empty/dir" 19 | exit 1 20 | fi 21 | 22 | cd "$BUILDDIR" || exit 23 | 24 | ######################################## 25 | # STEP 0: Check for all dependencies 26 | ######################################## 27 | 28 | required=" 29 | bc 30 | bison 31 | build-essential 32 | cmake 33 | curl 34 | flex 35 | git 36 | libboost-all-dev 37 | libcap-dev 38 | libncurses5-dev 39 | python-minimal 40 | python-pip 41 | subversion 42 | unzip 43 | zlib1g-dev 44 | " 45 | 46 | if lsb_release -a 2>> /dev/null | grep -q "Ubuntu"; then 47 | # if we are on Ubuntu 48 | 49 | error=0 50 | 51 | for pkg in $required 52 | # for all required packages 53 | do 54 | # Check, if this package is installed 55 | if ! dpkg -l "$pkg" >> /dev/null 2>&1; then 56 | echo "Error: $pkg is not installed" 57 | error=1 58 | fi 59 | done 60 | 61 | if [ $error -eq 1 ]; then 62 | echo "STOP: Not all dependencies installed" 63 | exit 1 64 | fi 65 | fi 66 | 67 | # This extracts all commands from the README.md and executes them 68 | eval "$( \ 69 | # Extract all relevant build steps -> Step 1 until 6, excluding 7 70 | sed -n '/## Step 1: LLVM/,/## Step 7: Link some executables/p' "$README" | \ 71 | # Extract all marked code snippets 72 | sed -n '/```/,/```/p' | grep -v '```' | \ 73 | # Remove comments and the automatic assignment of BUILDDIR and empty lines 74 | grep -v '^#' | grep -v '^BUILDDIR=' | awk 'NF > 0' \ 75 | )" 76 | 77 | echo "" 78 | echo "Congratulations. $BUILDDIR is initialized completely" 79 | --------------------------------------------------------------------------------