Litcius/Paper detail

Combining static analysis error traces with dynamic symbolic execution (experience paper)

Frank Busse, Pritam Gharat, Cristian Cadar, Alastair F. Donaldson

202212 citationsDOI

Abstract

This paper reports on our experience implementing a technique for sifting through static analysis reports using dynamic symbolic execution. Our insight is that if a static analysis tool produces a partial trace through the program under analysis, annotated with conditions that the analyser believes are important for the bug to trigger, then a dynamic symbolic execution tool may be able to exploit the trace by (a) guiding the search heuristically so that paths that follow the trace most closely are prioritised for exploration, and (b) pruning the search using the conditions associated with each step of the trace. This may allow the bug to be quickly confirmed using dynamic symbolic execution, if it turns out to be a true positive, yielding an input that triggers the bug.

Topics & Concepts

TRACE (psycholinguistics)Symbolic executionComputer scienceStatic analysisAnalyserSymbolic data analysisExploitConcolic testingProgramming languageThe SymbolicProgram analysisPruningTheoretical computer scienceParallel computingSoftwareComputer securityPsychologyLinguisticsBiologyChemistryAgronomyChromatographyPhilosophyPsychoanalysisSoftware Testing and Debugging TechniquesAdvanced Malware Detection TechniquesSoftware Reliability and Analysis Research
Combining static analysis error traces with dynamic symbolic execution (experience paper) | Litcius