Go to DBLP homepageA Practical Concolic Execution Technique for Large Scale Software Systems
Abstract: The state explosion problem faced by concolic execution is significantly serious when detecting program bugs especially in large scale software systems. To mitigate the issue, we propose a practical concolic execution approach to detect vulnerabilities in this paper. First, we identify the correlation between symbolic memory and control flow by statically analyzing the software under test, and distinguish the critical symbolic memory and ordinary symbolic memory according to the above correlation. Then, we design different strategies for two kinds of symbolic memory in order to generate state when performing concolic execution of the target software. We present these ideas in a prototype system, Pracolic, and evaluate it with four file systems in Linux, i.e., ext4, XFS, Btrfs, and ReiserFS. Experimental results show that Pracolic can effectively mitigate the problem of state explosion in concolic execution, and outperform S2E, a state-of-the-art analysis system, on state reduction and code coverage for large scale software systems.
Loading