Graduate School and Research Center in Digital Sciences

Symbolic execution with SymCC: Don't interpret, compile!

Poeplau, Sebastian; Francillon, Aurélien

USENIX Security 2020, 29th USENIX Security Symposium, 12-14 August 2020, Boston, MA, USA (Virtual Conference)

A major impediment to practical symbolic execution is speed, especially when compared to near-native speed solutions like fuzz testing. We propose a compilation-based approach to symbolic execution that performs better than state-of-the-art implementations by orders of magnitude.We present SYMCC, an LLVM-based C and C++ compiler that builds concolic execution right into the binary. It can be used by software developers as a drop-in replacement for clang and clang++, and we show how to add support for other languages with little effort. In comparison with KLEE, SYMCC is faster by up to three orders of magnitude and an average factor of 12. It also outperforms QSYM, a system that recently showed great performance improvements over other implementations, by up to two orders of magnitude and an average factor of 10. Using it on real-world software, we found that our approach consistently achieves higher coverage, and we discovered two vulnerabilities in the heavily tested OpenJPEG project, which have been confirmed by the project maintainers and assigned CVE identifiers.

Document Hal Bibtex

Title:Symbolic execution with SymCC: Don't interpret, compile!
Type:Conference
Language:English
City:Boston
Country:UNITED STATES
Date:
Department:Digital Security
Eurecom ref:6293
Copyright: Copyright Usenix. Personal use of this material is permitted. The definitive version of this paper was published in USENIX Security 2020, 29th USENIX Security Symposium, 12-14 August 2020, Boston, MA, USA (Virtual Conference) and is available at :
Bibtex: @inproceedings{EURECOM+6293, year = {2020}, title = {{S}ymbolic execution with {S}ym{CC}: {D}on't interpret, compile!}, author = {{P}oeplau, {S}ebastian and {F}rancillon, {A}ur{\'e}lien}, booktitle = {{USENIX} {S}ecurity 2020, 29th {USENIX} {S}ecurity {S}ymposium, 12-14 {A}ugust 2020, {B}oston, {MA}, {USA} ({V}irtual {C}onference)}, address = {{B}oston, {UNITED} {STATES}}, month = {08}, url = {http://www.eurecom.fr/publication/6293} }
See also: