This website requires JavaScript.

Strong Optimistic Solving for Dynamic Symbolic Execution

Darya ParyginaAlexey VishnyakovAndrey Fedotov
Sep 2022
摘要
Dynamic symbolic execution (DSE) is an effective method for automated programtesting and bug detection. It is increasing the code coverage by the complexbranches exploration during hybrid fuzzing. DSE tools invert the branches alongsome execution path and help fuzzer examine previously unavailable programparts. DSE often faces over- and underconstraint problems. The first one leadsto significant analysis complication while the second one causes inaccuratesymbolic execution. We propose strong optimistic solving method that eliminates irrelevant pathpredicate constraints for target branch inversion. We eliminate such symbolicconstraints that the target branch is not control dependent on. Moreover, weseparately handle symbolic branches that have nested control transferinstructions that pass control beyond the parent branch scope, e.g. return,goto, break, etc. We implement the proposed method in our dynamic symbolicexecution tool Sydr. We evaluate the strong optimistic strategy, the optimistic strategy thatcontains only the last constraint negation, and their combination. The resultsshow that the strategies combination helps increase either the code coverage orthe average number of correctly inverted branches per one minute. It is optimalto apply both strategies together in contrast with other configurations.
展开全部
图表提取

暂无人提供速读十问回答

论文十问由沈向洋博士提出,鼓励大家带着这十个问题去阅读论文,用有用的信息构建认知模型。写出自己的十问回答,还有机会在当前页面展示哦。

Q1论文试图解决什么问题?
Q2这是否是一个新的问题?
Q3这篇文章要验证一个什么科学假设?
0
被引用
笔记
问答