research-article

Learning to Explore Paths for Symbolic Execution

Authors:

Gishor Sivanrupan,

Martin VechevAuthors Info & Claims

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Pages 2526 - 2540

https://doi.org/10.1145/3460120.3484813

Published: 13 November 2021 Publication History

Abstract

Symbolic execution is a powerful technique that can generate tests steering program execution into desired paths. However, the scalability of symbolic execution is often limited by path explosion, i.e., the number of symbolic states representing the paths under exploration quickly explodes as execution goes on. Therefore, the effectiveness of symbolic execution engines hinges on the ability to select and explore the right symbolic states.

In this work, we propose a novel learning-based strategy, called Learch, able to effectively select promising states for symbolic execution to tackle the path explosion problem. Learch directly estimates the contribution of each state towards the goal of maximizing coverage within a time budget, as opposed to relying on manually crafted heuristics based on simple statistics as a crude proxy for the objective. Moreover, Learch leverages existing heuristics in training data generation and feature extraction, and can thus benefit from any new expert-designed heuristics. We instantiated Learch in KLEE, a widely adopted symbolic execution engine. We evaluated Learch on a diverse set of programs, showing that Learch is practically effective: it covers more code and detects more security violations than existing manual heuristics, as well as combinations of those heuristics. We also show that using tests generated by Learch as initial fuzzing seeds enables the popular fuzzer AFL to find more paths and security violations.

References

[1]

2021. American fuzzy lop. https://lcamtuf.coredump.cx/afl/

[2]

2021. Gcov (Using the GNU Compiler Collection (GCC)). https://gcc.gnu.org/onlinedocs/gcc/Gcov.html

[3]

2021. Google Fuzzer Test Suite. https://github.com/google/fuzzer-test-suite

[4]

2021. UndefinedBehaviorSanitizer - Clang 6 documentation. https://releases.llvm.org/6.0.0/tools/clang/docs/UndefinedBehaviorSanitizer.html

[5]

Dennis Andriesse, Asia Slowinska, and Herbert Bos. 2017. Compiler-Agnostic Function Detection in Binaries. In EuroS&P 2017. https://doi.org/10.1109/EuroSP.2017.11

[6]

Shay Artzi, Adam Kiezun, Julian Dolby, Frank Tip, Danny Dig, Amit M. Paradkar, and Michael D. Ernst. 2008. Finding Bugs in Dynamic Web Applications. In ISSTA 2008. https://doi.org/10.1145/1390630.1390662

Digital Library

[7]

Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with Input-to-State Correspondence. In NDSS 2019. https://www.ndss-symposium.org/ndss-paper/redqueen-fuzzing-with-input-to-state-correspondence/

[8]

Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, and David Brumley. 2014. Enhancing Symbolic Execution with Veritesting. In ICSE 2014. https://doi.org/10.1145/2568225.2568293

Digital Library

[9]

Mislav Balunovic, Pavol Bielik, and Martin Vechev. 2018. Learning to Solve SMT Formulas. In NeurIPS 2018. https://proceedings.neurips.cc/paper/2018/hash/68331ff0427b551b68e911eebe35233b-Abstract.html

[10]

Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, and David Brumley. 2014. BYTEWEIGHT: Learning to Recognize Functions in Binary Code. In USENIX Security 2014. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/bao

[11]

Tim Blazytko, Cornelius Aschermann, Moritz Schlö gel, Ali Abbasi, Sergej Schumilo, Simon Wö rner, and Thorsten Holz. 2019. GRIMOIRE: Synthesizing Structure while Fuzzing. In USENIX Security 2019. https://www.usenix.org/conference/usenixsecurity19/presentation/blazytko

[12]

Marcel Bö hme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury. 2017. Directed Greybox Fuzzing. In CCS 2017. https://doi.org/10.1145/3133956.3134020

Digital Library

[13]

Peter Boonstoppel, Cristian Cadar, and Dawson R. Engler. 2008. RWset: Attacking Path Explosion in Constraint-Based Test Generation. In TACAS 2008. https://doi.org/10.1007/978--3--540--78800--3_27

[14]

Suhabe Bugrara and Dawson R. Engler. 2013. Redundant State Detection for Dynamic Symbolic Execution. In USENIX ATC 2013. https://www.usenix.org/conference/atc13/technical-sessions/presentation/bugrara

[15]

Frank Busse, Martin Nowack, and Cristian Cadar. 2020. Running Symbolic Execution Forever. In ISSTA 2020. https://doi.org/10.1145/3395363.3397360

Digital Library

[16]

Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In OSDI 2008. http://www.usenix.org/events/osdi08/tech/full_papers/cadar/cadar.pdf

Digital Library

[17]

Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, and Dawson R. Engler. 2006. EXE: automatically generating inputs of death. In CCS 2006. https://doi.org/10.1145/1180405.1180445

Digital Library

[18]

Cristian Cadar and Koushik Sen. 2013. Symbolic Execution for Software Testing: Three Decades Later. Communications of ACM, Vol. 56, 2 (2013), 82--90. https://doi.org/10.1145/2408776.2408795

Digital Library

[19]

Sooyoung Cha, Seongjoon Hong, Junhee Lee, and Hakjoo Oh. 2018. Automatically Generating Search Heuristics for Concolic Testing. In ICSE 2018. https://doi.org/10.1145/3180155.3180166

Digital Library

[20]

Sooyoung Cha and Hakjoo Oh. 2019. Concolic Testing with Adaptively Changing Search Heuristics. In FSE 2019. https://doi.org/10.1145/3338906.3338964

Digital Library

[21]

Sooyoung Cha and Hakjoo Oh. 2020. Making Symbolic Execution Promising by Learning Aggressive State-pruning Strategy. In ESEC/FSE 2020. https://doi.org/10.1145/3368089.3409755

Digital Library

[22]

Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert, and David Brumley. 2012. Unleashing Mayhem on Binary Code. In S&P 2012. https://doi.org/10.1109/SP.2012.31

Digital Library

[23]

Sze Yiu Chau, Omar Chowdhury, Md. Endadul Hoque, Huangyi Ge, Aniket Kate, Cristina Nita-Rotaru, and Ninghui Li. 2017. SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations. In S&P 2017. https://doi.org/10.1109/SP.2017.40

[24]

Sze Yiu Chau, Moosa Yahyazadeh, Omar Chowdhury, Aniket Kate, and Ninghui Li. 2019. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification. In NDSS 2019. https://www.ndss-symposium.org/ndss-paper/analyzing-semantic-correctness-with-symbolic-execution-a-case-study-on-pkcs1-v1--5-signature-verification/

[25]

Junjie Chen, Wenxiang Hu, Lingming Zhang, Dan Hao, Sarfraz Khurshid, and Lu Zhang. 2018. Learning to Accelerate Symbolic Execution via Code Transformation. In ECOOP 2018. https://doi.org/10.4230/LIPIcs.ECOOP.2018.6

[26]

Peng Chen and Hao Chen. 2018. Angora: Efficient Fuzzing by Principled Search. In S&P 2018. https://doi.org/10.1109/SP.2018.00046

[27]

Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. 2020. SAVIOR: Towards Bug-Driven Hybrid Testing. In S&P 2020. https://doi.org/10.1109/SP40000.2020.00002

[28]

Leonardo Mendoncc a de Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In TACAS 2008. https://doi.org/10.1007/978--3--540--78800--3_24

[29]

Julian Fietkau, Bhargava Shastry, and Jean-Pierre Seifert. 2017. KleeFL - Seeding Fuzzers With Symbolic Execution. In Posters presented at USENIX Security 2017. https://github.com/julieeen/kleefl/raw/master/USENIX2017poster.pdf

[30]

Shuitao Gan, Chao Zhang, Peng Chen, Bodong Zhao, Xiaojun Qin, Dong Wu, and Zuoning Chen. 2020. GREYONE: Data Flow Sensitive Fuzzing. In USENIX Security 2020. https://www.usenix.org/conference/usenixsecurity20/presentation/gan

[31]

Shuitao Gan, Chao Zhang, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, and Zuoning Chen. 2018. CollAFL: Path Sensitive Fuzzing. In S&P 2018. https://doi.org/10.1109/SP.2018.00040

[32]

Vijay Ganesh and David L. Dill. 2007. A Decision Procedure for Bit-Vectors and Arrays. In CAV 2007. https://doi.org/10.1007/978--3--540--73368--3_52

[33]

Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005. DART: Directed Automated Random Testing. In PLDI 2005. https://doi.org/10.1145/1065010.1065036

Digital Library

[34]

Patrice Godefroid, Michael Y. Levin, and David A. Molnar. 2008. Automated Whitebox Fuzz Testing. In NDSS 2008. https://www.ndss-symposium.org/ndss2008/automated-whitebox-fuzz-testing/

[35]

Patrice Godefroid, Hila Peleg, and Rishabh Singh. 2017. Learn&Fuzz: Machine Learning for Input Fuzzing. In ASE 2017. https://doi.org/10.1109/ASE.2017.8115618

[36]

Shengjian Guo, Meng Wu, and Chao Wang. 2018. Adversarial Symbolic Execution for Detecting Concurrency-related Cache Timing Leaks. In FSE 2018,. https://doi.org/10.1145/3236024.3236028

Digital Library

[37]

Jingxuan He, Mislav Balunovic, Nodar Ambroladze, Petar Tsankov, and Martin Vechev. 2019. Learning to Fuzz from Symbolic Execution with Application to Smart Contracts. In CCS 2019. https://doi.org/10.1145/3319535.3363230

Digital Library

[38]

Jingxuan He, Pesho Ivanov, Petar Tsankov, Veselin Raychev, and Martin Vechev. 2018. Debin: Predicting Debug Information in Stripped Binaries. In CCS 2018. https://doi.org/10.1145/3243734.3243866

Digital Library

[39]

Adrian Herrera, Hendra Gunadi, Shane Magrath, Michael Norrish, Mathias Payer, and Antony L. Hosking. 2021. Seed selection for successful fuzzing. In ISSTA 2021. https://doi.org/10.1145/3460319.3464795

Digital Library

[40]

Christian Holler, Kim Herzig, and Andreas Zeller. 2012. Fuzzing with Code Fragments. In USENIX Security 2012. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/holler

[41]

Heqing Huang, Peisen Yao, Rongxin Wu, Qingkai Shi, and Charles Zhang. 2020. Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction. In S&P 2020. https://doi.org/10.1109/SP40000.2020.00063

[42]

Jinho Jung, Hong Hu, David Solodukhin, Daniel Pagan, Kyu Hyung Lee, and Taesoo Kim. 2019. Fuzzification: Anti-Fuzzing Techniques. In USENIX Security 2019. https://www.usenix.org/conference/usenixsecurity19/presentation/jung

[43]

Timotej Kapus, Frank Busse, and Cristian Cadar. 2020. Pending Constraints in Symbolic Execution for Better Exploration and Seeding. In ASE 2020. https://ieeexplore.ieee.org/document/9286054

[44]

James C. King. 1976. Symbolic Execution and Program Testing. Communications of ACM, Vol. 19, 7 (1976), 385--394. https://doi.org/10.1145/360248.360252

Digital Library

[45]

George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. 2018. Evaluating Fuzz Testing. In CCS 2018. https://doi.org/10.1145/3243734.3243804

Digital Library

[46]

Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. 2012. Efficient State Merging in Symbolic Execution. In PLDI 2012. https://doi.org/10.1145/2254064.2254088

Digital Library

[47]

Vu Le, Mehrdad Afshari, and Zhendong Su. 2014. Compiler Validation via Equivalence Modulo Inputs. In PLDI 2014. https://doi.org/10.1145/2594291.2594334

Digital Library

[48]

You Li, Zhendong Su, Linzhang Wang, and Xuandong Li. 2013. Steering Symbolic Execution to Less Traveled Paths. In OOPSLA 2013. https://doi.org/10.1145/2509136.2509553

Digital Library

[49]

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making Smart Contracts Smarter. In CCS 2016. https://doi.org/10.1145/2976749.2978309

Digital Library

[50]

Kin-Keung Ma, Yit Phang Khoo, Jeffrey S. Foster, and Michael Hicks. 2011. Directed Symbolic Execution. In SAS 2011. https://doi.org/10.1007/978--3--642--23702--7_11

[51]

Sebastian Ö sterlund, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2020. ParmeSan: Sanitizer-guided Greybox Fuzzing. In USENIX Security 2020. https://www.usenix.org/conference/usenixsecurity20/presentation/osterlund

[52]

Corina S. Pasareanu and Neha Rungta. 2010. Symbolic PathFinder: symbolic execution of Java bytecode. In ASE 2010. https://doi.org/10.1145/1858996.1859035

Digital Library

[53]

Luis Pedrosa, Ari Fogel, Nupur Kothari, Ramesh Govindan, Ratul Mahajan, and Todd D. Millstein. 2015. Analyzing Protocol Implementations for Interoperability. In NSDI 2015. https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/pedrosa

[54]

Hui Peng, Yan Shoshitaishvili, and Mathias Payer. 2018. T-Fuzz: Fuzzing by Program Transformation. In S&P 2018. https://doi.org/10.1109/SP.2018.00056

[55]

Anton Permenev, Dimitar Dimitrov, Petar Tsankov, Dana Drachsler-Cohen, and Martin Vechev. 2020. VerX: Safety Verification of Smart Contracts. In S&P 2020. https://doi.org/10.1109/SP40000.2020.00024

[56]

Suzette Person, Guowei Yang, Neha Rungta, and Sarfraz Khurshid. 2011. Directed Incremental Symbolic Execution. In PLDI 2011. https://doi.org/10.1145/1993498.1993558

Digital Library

[57]

Sebastian Poeplau and Auré lien Francillon. 2020. Symbolic Execution with SymCC: Don't Interpret, Compile!. In USENIX Security 2020. https://www.usenix.org/conference/usenixsecurity20/presentation/poeplau

[58]

Sebastian Poeplau and Auré lien Francillon. 2021. SymQEMU: Compilation-based Symbolic Execution for Binaries. In NDSS 2021. https://www.ndss-symposium.org/ndss-paper/symqemu-compilation-based-symbolic-execution-for-binaries/

[59]

David A. Ramos and Dawson R. Engler. 2015. Under-Constrained Symbolic Execution: Correctness Checking for Real Code. In USENIX Security 2015. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/ramos

[60]

Matthew G. Schultz, Eleazar Eskin, Erez Zadok, and Salvatore J. Stolfo. 2001. Data Mining Methods for Detection of New Malicious Executables. In S&P 2001. https://doi.org/10.1109/SECPRI.2001.924286

[61]

Daniel Selsam, Matthew Lamm, Benedikt Bü nz, Percy Liang, Leonardo de Moura, and David L. Dill. 2019. Learning a SAT Solver from Single-Bit Supervision. In ICLR 2019. https://openreview.net/forum?id=HJMC_iA5tm

[62]

Koushik Sen, Darko Marinov, and Gul Agha. 2005. CUTE: a Concolic Unit Testing Engine for C. In FSE 2005. https://doi.org/10.1145/1081706.1081750

Digital Library

[63]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In USENIX ATC 2012. https://www.usenix.org/conference/atc12/technical-sessions/presentation/serebryany

Digital Library

[64]

Dongdong She, Yizheng Chen, Abhishek Shah, Baishakhi Ray, and Suman Jana. 2020. Neutaint: Efficient Dynamic Taint Analysis with Neural Networks. In S&P 2020. https://doi.org/10.1109/SP40000.2020.00022

[65]

Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, and Suman Jana. 2019. NEUZZ: Efficient Fuzzing with Neural Program Smoothing. In S&P 2019. https://doi.org/10.1109/SP.2019.00052

[66]

Shiqi Shen, Shweta Shinde, Soundarya Ramesh, Abhik Roychoudhury, and Prateek Saxena. 2019. Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints. In NDSS 2019. https://www.ndss-symposium.org/ndss-paper/neuro-symbolic-execution-augmenting-symbolic-execution-with-neural-constraints/

[67]

Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. 2015. Recognizing Functions in Binaries with Neural Networks. In USENIX Security 2015. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/shin

[68]

Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Krü gel, and Giovanni Vigna. 2016. SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis. In S&P 2016. https://doi.org/10.1109/SP.2016.17

[69]

Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In NDSS 2016. http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/driller-augmenting-fuzzing-through-selective-symbolic-execution.pdf

[70]

David Trabish, Andrea Mattavelli, Noam Rinetzky, and Cristian Cadar. 2018. Chopped Symbolic Execution. In ICSE 2018. https://doi.org/10.1145/3180155.3180251

Digital Library

[71]

Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu. 2017. Skyfire: Data-Driven Seed Generation for Fuzzing. In S&P 2017. https://doi.org/10.1109/SP.2017.23

[72]

Jinghan Wang, Chengyu Song, and Heng Yin. 2021. Reinforcement Learning-based Hierarchical Seed for Greybox Fuzzing. In NDSS 2021. https://www.ndss-symposium.org/ndss-paper/reinforcement-learning-based-hierarchical-seed-scheduling-for-greybox-fuzzing/

[73]

Jie Wu, Chengyu Zhang, and Geguang Pu. 2020. Reinforcement Learning Guided Symbolic Execution. In SANER 2020. https://doi.org/10.1109/SANER48275.2020.9054815

[74]

Tao Xie, Nikolai Tillmann, Jonathan de Halleux, and Wolfram Schulte. 2009. Fitness-guided path exploration in dynamic symbolic execution. In DSN 2009. https://doi.org/10.1109/DSN.2009.5270315

[75]

Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In USENIX Security 2018. https://www.usenix.org/conference/usenixsecurity18/presentation/yun

[76]

Rui Zhang, Calvin Deutschbein, Peng Huang, and Cynthia Sturton. 2018. End-to-End Automated Exploit Generation for Validating the Security of Processor Designs. In MICRO 2018. https://doi.org/10.1109/MICRO.2018.00071

Digital Library

[77]

Yufeng Zhang, Zhenbang Chen, Ziqi Shuai, Tianqi Zhang, Kenli Li, and Ji Wang. 2020. Multiplex Symbolic Execution: Exploring Multiple Paths by Solving Once. In ASE 2020. https://doi.org/10.1145/3324884.3416645

Digital Library

Cited By

He LZhang DZhu DZhang JWang Rliu J(2024)Path Exploration Strategy for Symbolic Execution based on Multi-strategy Active LearningProceedings of the 15th Asia-Pacific Symposium on Internetware10.1145/3671016.3671403(165-168)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1145/3671016.3671403
Yoon JCha S(2024)FeatMaker: Automated Feature Engineering for Search Strategy of Symbolic ExecutionProceedings of the ACM on Software Engineering10.1145/36608151:FSE(2447-2468)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660815
Yi QYu YYang G(2024)Compatible Branch Coverage Driven Symbolic Execution for Efficient Bug FindingProceedings of the ACM on Programming Languages10.1145/36564438:PLDI(1633-1655)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656443
Show More Cited By

Index Terms

Learning to Explore Paths for Symbolic Execution
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Symbolic execution and program testing

This paper describes the symbolic execution of programs. Instead of supplying the normal inputs to a program (e.g. numbers) one supplies symbols representing arbitrary values. The execution proceeds as in a normal execution except that values may be ...
Badger: complexity analysis with fuzzing and symbolic execution
ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

Hybrid testing approaches that involve fuzz testing and symbolic execution have shown promising results in achieving high code coverage, uncovering subtle errors and vulnerabilities in a variety of software applications. In this paper we describe Badger ...
Improving function coverage with munch: a hybrid fuzzing and directed symbolic execution approach
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

November 2021

3558 pages

ISBN:9781450384544

DOI:10.1145/3460120

General Chairs:
Yongdae Kim
KAIST, Republic of Korea
,
Jong Kim
POSTECH, Republic of Korea
,
Program Chairs:
Giovanni Vigna
University of California, Santa Barbara / VMware, USA
,
Elaine Shi
Carnegie Mellon University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '21

Sponsor:

SIGSAC

CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security

November 15 - 19, 2021

Virtual Event, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
1,127
Total Downloads

Downloads (Last 12 months)363
Downloads (Last 6 weeks)42

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

He LZhang DZhu DZhang JWang Rliu J(2024)Path Exploration Strategy for Symbolic Execution based on Multi-strategy Active LearningProceedings of the 15th Asia-Pacific Symposium on Internetware10.1145/3671016.3671403(165-168)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1145/3671016.3671403
Yoon JCha S(2024)FeatMaker: Automated Feature Engineering for Search Strategy of Symbolic ExecutionProceedings of the ACM on Software Engineering10.1145/36608151:FSE(2447-2468)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660815
Yi QYu YYang G(2024)Compatible Branch Coverage Driven Symbolic Execution for Efficient Bug FindingProceedings of the ACM on Programming Languages10.1145/36564438:PLDI(1633-1655)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656443
Wang HTang ZTan SWang JLiu YFang HXia CWang ZRoychoudhury APaiva AAbreu RStorey M(2024)Combining Structured Static Code Information and Dynamic Symbolic Traces for Software Vulnerability PredictionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639212(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639212
Sun YYang GLv SLi ZSun LRoychoudhury APaiva AAbreu RStorey M(2024)Concrete Constraint Guided Symbolic ExecutionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639078(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639078
Hu JDuan YYin HRoychoudhury APaiva AAbreu RStorey M(2024)Marco: A Stochastic Asynchronous Concolic ExplorerProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623301(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623301
Tu HJiang LHong JDing XJiang H(2024)Concretely Mapped Symbolic Memory Locations for Memory Error DetectionIEEE Transactions on Software Engineering10.1109/TSE.2024.3395412(1-21)Online publication date: 2024
https://doi.org/10.1109/TSE.2024.3395412
Hu QDing YLiu CLi KLi KZomaya A(2024) CBANA: A Lightweight, Efficient, and Flexible C ache B ehavior Ana lysis Framework IEEE Transactions on Computers10.1109/TC.2024.341674773:9(2262-2274)Online publication date: Sep-2024
https://doi.org/10.1109/TC.2024.3416747
Yang MLie DPapernot N(2024)Exploring Strategies for Guiding Symbolic Analysis with Machine Learning Prediction2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00073(659-669)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00073
Xu JXu JChen TMa X(2024)Symbolic Execution with Test Cases Generated by Large Language Models2024 IEEE 24th International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS62785.2024.00031(228-237)Online publication date: 1-Jul-2024
https://doi.org/10.1109/QRS62785.2024.00031
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents