Vitaly Chipounov

No, this issue is only about the CPU emulation engine (libs2e.so). The QEMU client will still remain at 3.0. I am currently working on the TCG part, it's about 40%...

TCG upgrade is complete and merged. Remains libcpu.

Current version has better reference counting (using boost smart pointers).

Hi! Documenting the whole thing is a several months full time job :) Could you perhaps break down the issue into smaller bits, e.g., listing the parts by order of...

There are some hints here: http://s2e.systems/docs/src/ProfilingS2E.html You could also recompile S2E with a malloc library that supports profiling. There should be a few out there. 30MB of symbolic data is...

This is a very good issue, reopening it.

Some ideas: - Check how many memory pages are duplicated across states => could justify implementing deduplication - Check heap fragmentation (could explain why memory usage doesn't seem to go...

This may not be relevant anymore, as we use a native helper app to extract debug info in json format (see `addrs2lines` in `libvmi`).

Hi! Thanks for the report. - Regarding path explosion with strings, unfortunately, this is not avoidable. S2E does not support symbolic strings as a first class construct. It only supports...

Regarding silent concretization, a stack trace would help. I don't know about the gdb crash however, it will require investigating. It may be gone once this is merged: https://github.com/S2E/klee/pull/11