RUS  ENG
Full version
JOURNALS // Proceedings of the Institute for System Programming of the RAS // Archive

Proceedings of ISP RAS, 2018 Volume 30, Issue 6, Pages 25–38 (Mi tisp375)

This article is cited in 5 papers

Combining dynamic symbolic execution, code static analysis and fuzzing

A. Yu. Gerasimova, S. S. Sargsyanb, S. F. Kurmangaleeva, J. A. Hakobyanb, S. A. Asryanb, M. K. Ermakova

a Ivannikov Institute for System Programming
b Yerevan State University, System Programming Laboratory

Abstract: This paper describes a new approach for dynamic code analysis. It combines dynamic symbolic execution and static code analysis with fuzzing to increase efficiency of each component. During fuzzing we recover indirect function calls and pass that information to the static analysis engine. This improves static path detection in the control flow graph of a program. Detected paths are used in dynamic symbolic execution to construct inputs which will cover new paths during execution. These inputs are used by the fuzzing tool to improve test-case generation and increase code coverage. The proposed approach can be used for classic fuzzing when the main goal is achieving high code coverage. As well it can be used for targeted analysis of paths and code fragments in the program. In this case the fuzzing tool accepts a set of programs addresses with potential defects and passes them to the static analysis engine. The engine constructs all paths connecting program entry point to the given addresses. Finally, dynamic symbolic execution is used to construct the set of inputs, which will cover these paths. Experimental results have shown that the proposed method can effectively detect different program defects.

Keywords: fuzzing, directed fuzzing, static analysis, path detection, dynamic symbolic execution.

Language: English

DOI: 10.15514/ISPRAS-2018-30(6)-2



Bibliographic databases:


© Steklov Math. Inst. of RAS, 2024