I am using KLEE for symbolic execution of large programs, but due to the program's complexity, KLEE explores very few paths. To optimize path coverage, I want to modify the KLEE source code to add a maximum call depth limit and perform concrete execution for call instructions that exceed this depth, instead of continuing with symbolic execution. Since I am unfamiliar with KLEE's codebase, could you provide guidance on how to implement this functionality in KLEE?
Thank you for any hints or suggestions!
_______________________________________________ klee-dev mailing list [email protected] https://mailman.ic.ac.uk/mailman/listinfo/klee-dev
