There is a newer version of the record available.

Published June 29, 2023 | Version 1.0.0
Software Open

Guiding Symbolic Execution with A-star

  • 1. Serma Safety & Security, Université de Bordeaux
  • 2. Université de Bordeaux, Bordeaux INP
  • 3. Université de Bordeaux, CNRS
  • 4. Serma Safety & Security

Description

Symbolic execution is widely used to detect vulnerabilities in software. The idea is to symbolically execute the program in order to find an executable path to a target instruction. For the analysis to be fully accurate, it must be performed on the binary code, which makes the well-known issue of state explosion even more critical. In this paper, we introduce a novel exploration strategy for symbolic execution aiming to limit the number of explored paths. Our strategy is inspired from the A* algorithm and steered towards least explored parts of the program. We compare our approach, using the Binsec tool, to three other classical strategies: Depth-First (DFS), Breadth-First (BFS) and Non-Uniform Random (NURS). Our experiments on real-size programs show that our approach is relevant.

Notes

This is a companion docker made available to support experimental claims of the paper "Guiding Symbolic Execution with A-star".

Files

artifact_guiding_symbolic_execution_with_astar_sefm_2023.zip

Files (889.8 MB)