Abstract:

Dynamic symbolic execution is a software vulnerability detection method emerging in recent years, which can automatically generate test cases for different execution paths of the target program, so it can obtain high test code coverage. However, there are so many execution paths of a program, and most of them are unrelated to vulnerabilities, and those paths containing dangerous function calls are more likely to lead to vulnerabilities. We propose a guided dynamic symbolic execution method based on static analysis, and implement a tool prototype named SAGDSE. This method firstly identifies the program instructions that call dangerous functions via static analysis, and then collects the constraints of dangerous paths during the dynamic symbolic execution process when encountering these instructions. Finally it generates test cases that go through these dangerous paths by solving the constraints. These test cases are more likely to trigger program vulnerabilities. Experimental results verify the effectiveness of the proposed method.

Key words: