Enhancing symbolic execution with veritesting

Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, David Brumley
2016 Communications of the ACM  
We present MergePoint, a new binary-only symbolic execution system for large-scale testing of commodity off-the-shelf (COTS) software. MergePoint introduces veritesting, a new technique that employs static symbolic execution to amplify the effect of dynamic symbolic execution. Veritesting allows MergePoint to find twice as many bugs, explore orders of magnitude more paths, and achieve higher code coverage than previous dynamic symbolic execution systems. MergePoint is currently running daily on
more » ... ly running daily on a 100 node cluster analyzing 33,248 Linux binaries; has generated more than 15 billion SMT queries, 200 million test cases, 2,347,420 crashes, and found 11,687 bugs in 4,379 distinct applications.
doi:10.1145/2927924 fatcat:uxzvuhiwpnacxmhj2jch5mpf7y