计算机工程与应用 ›› 2023, Vol. 59 ›› Issue (8): 56-72.DOI: 10.3778/j.issn.1002-8331.2209-0359

• 热点与综述 • 上一篇    下一篇

符号执行技术及应用研究综述

吴皓,周世龙,史东辉,李强   

  1. 1.安徽建筑大学 电子与信息工程学院,合肥 230601
    2.国防科技大学 电子对抗学院,合肥 230037
  • 出版日期:2023-04-15 发布日期:2023-04-15

Review of Symbolic Execution Technology and Applications

WU Hao, ZHOU Shilong, SHI Donghui, LI Qiang   

  1. 1.School of Electronic and Information Engineering, Anhui Jianzhu University, Hefei 230601, China
    2.School of Electronic Countermeasures, National University of Defense Technology, Hefei 230037, China
  • Online:2023-04-15 Published:2023-04-15

摘要: 符号执行是一种程序分析技术,通过收集程序路径上约束条件并利用约束求解器生成高覆盖率的测试用例,能发现深层次程序错误的优势。梳理了符号执行概念和发展历程,从符号执行系统核心设计切入,对符号执行技术的中间语言、路径搜索和约束求解进行分类阐述。调研现有研究工作进展,选取应用最突出的安全漏洞方面,从漏洞利用与漏洞检测上系统地分析符号执行技术应用细节。依据符号执行技术特点选取一些研究成果整理分析,探讨符号执行技术面临的局限与解决方案,并展望了未来趋势。

关键词: 符号执行, 符号执行系统, 约束求解, 漏洞利用, 漏洞检测

Abstract: Symbolic execution is a program analysis technique that has the advantage of finding deep program errors by collecting constraints on program paths and generating high-coverage test cases using constraint solvers. First, the concept and development history of symbolic execution are sorted out, and the intermediate language, path search and constraint solving of symbolic execution techniques are categorized and explained from the core design of symbolic execution system. Then, it investigates the progress of existing research work, selects the most prominent security vulnerabilities, and systematically analyzes the details of the application of symbolic execution technology in terms of vulnerability exploitation and vulnerability detection. Finally, some research results are selected and analyzed according to the characteristics of symbolic execution technology, and the limitations and solutions faced by symbolic execution technology are discussed, and the future trends are foreseen.

Key words: symbolic execution, symbolic execution system, constraint solving, exploit generation, vulnerability detection