Abstract
This paper describes a new approach for dynamic code analysis. It combines dynamic symbolic execution and static code analysis with fuzzing to increase efficiency of each component. During fuzzing we recover indirect function calls and pass that information to the static analysis engine. This improves static path detection in the control flow graph of a program. Detected paths are used in dynamic symbolic execution to construct inputs which will cover new paths during execution. These inputs are used by the fuzzing tool to improve test-case generation and increase code coverage. The proposed approach can be used for classic fuzzing when the main goal is achieving high code coverage. As well it can be used for targeted analysis of paths and code fragments in the program. In this case the fuzzing tool accepts a set of programs addresses with potential defects and passes them to the static analysis engine. The engine constructs all paths connecting program entry point to the given addresses. Finally, dynamic symbolic execution is used to construct the set of inputs, which will cover these paths. Experimental results have shown that the proposed method can effectively detect different program defects.
Highlights
Dynamic program analysis has proven to be one of the most effective bugs finding techniques
In this paper we propose an approach for combining fuzzing, dynamic symbolic execution and static code analysis for program defects detection
3.1 Results of fuzzing integrated with Dynamic symbolic execution (DSE)
Summary
Dynamic program analysis has proven to be one of the most effective bugs finding techniques. Dynamic symbolic execution (DSE) tools incorporate various techniques and improvements of basic symbolic execution to allow one to solve various practical program analysis tasks They are widely used to perform automatic execution tree traversal by generating concrete input data. These data sets are used as test suites for defect detection and various coverage-related analyses for the target program. In this paper we propose an approach for combining fuzzing, dynamic symbolic execution and static code analysis for program defects detection. Classic fuzzing is performed until coverage stops to increase for some time (controlled by user) This typically means that there are certain fragments of code which are completely inaccessible during execution (i.e. dead code) or can only be reached with an input data set with internal dependencies that are too complex for the semi-random input mutation algorithms. In order to generate these input data sets we employ dynamic symbolic execution guided by static analysis
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
