Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/XMUsuny/symbolic-execution-papers

Recent symbolic execution papers and tools.
https://github.com/XMUsuny/symbolic-execution-papers

Last synced: 3 months ago
JSON representation

Recent symbolic execution papers and tools.

Awesome Lists containing this project

README 

        
# Symbolic Execution Papers



This repository is for collecting and grouping the symbolic execution papers and opensource tools in recent years.



## Table of Contents



* [Summary](#Summary)

* [Path Explosion](#Path-Explosion)

* [Memory Model](#Memory-Model) 

* [Constraint Solving](#Constraint-Solving) 

* [Environment Interaction](#Environment-Interaction)

* [Hybrid Fuzzing](#Hybrid-Fuzzing)

* [Engine](#Engine)

* [Others](#Others) 



## Summary



* 1976 Symbolic Execution and Program Testing



* 2010 All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)



* 2013 Symbolic Execution for Software Testing: Three Decades Later



* 2016 On the Techniques We Create, the Tools We Build, and Their Misalignments: A Study of KLEE



* 2018 A Survey of Symbolic Execution Techniques



## Path Explosion



* 2011 Directed Incremental Symbolic Execution



* 2015 Under-Constrained Symbolic Execution Correctness Checking for Real Code



* 2018 Chopped Symbolic Execution ([chopper](https://github.com/davidtr1037/chopper))



* 2018 Automatically Generating Search Heuristics for Concolic Testing ([ParaDySE](https://github.com/kupl/ParaDySE))



* 2019 Concolic Testing with Adaptively Changing Search Heuristics ([Chameleon](https://github.com/kupl/Chameleon))



* 2020 Efficient Multiplex Symbolic Execution with Adaptive Search Strategy



* 2020 Making Symbolic Execution Promising by Learning Aggressive State-Pruning Strategy ([HOMI](https://github.com/kupl/HOMI_public)) 



* 2020 Analyzing System Software Components using API Model Guided Symbolic Execution



* 2021 SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning ([SyML](https://github.com/ucsb-seclab/syml))



* 2021 Learning to Explore Paths for Symbolic Execution ([LEARCH](https://github.com/eth-sri/learch))



* 2021 Metrinome: Path Complexity Predicts Symbolic Execution Path Explosion ([Metrinome](https://github.com/hmc-alpaqa/metrinome))



* 2021 TracerX: Dynamic Symbolic Execution with Interpolation ([TraceX](https://github.com/tracer-x/tracer-x.github.io))



* 2022 Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths



* 2022 Combining Static Analysis Error Traces with Dynamic Symbolic Execution ([KLEE-sa](https://srg.doc.ic.ac.uk/projects/klee-sa/artifact.html))



* 2024 Concrete Constraint Guided Symbolic Execution ([cgs](https://github.com/XMUsuny/cgs))



* 2024 Marco: A Stochastic and Asynchronous Concolic Explorer



## Constraint Solving



* 2019 Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints



* 2019 Enhancing Symbolic Execution by Machine Learning Based Solver Selection ([PCC](https://github.com/csienslab-PCC/PathConstraintClassifier))



* 2019 Constraints in Dynamic Symbolic Execution: Bitvectors or Integers? ([Data](https://srg.doc.ic.ac.uk/projects/klee-z3-int-vs-bv/artifact.html))



* 2019 Just Fuzz It Solving Floating-Point Constraints using Coverage-Guided Fuzzing ([JFS](https://github.com/mc-imperial/jfs))



* 2020 Pending Constraints in Symbolic Execution for Better Exploration and Seeding ([Pending](https://srg.doc.ic.ac.uk/projects/pending-constraints/artifact.html))



* 2020 Multiplex Symbolic Execution Exploring Multiple Paths by Solving Once



* 2021 Type and Interval Aware Array Constraint Solving for Symbolic Execution



* 2021 Synthesize Solving Strategy for Symbolic Execution



* 2021 Boosting Symbolic Execution via Constraint Solving Time Prediction ([SMTimer](https://github.com/Artisan-Lab/SMTimer))



* 2021 Address-Aware Query Caching for Symbolic Execution ([KLEE-aaqc](https://github.com/davidtr1037/klee-aaqc))



* 2022 Satisfiability Modulo Fuzzing: A Synergistic Combination of SMT Solving and Fuzzing



* 2023 Intelligent Constraint Classification for Symbolic Execution



* 2023 Speeding up SMT Solving via Compiler Optimization



## Memory Model



* 2017 Rethinking pointer reasoning in symbolic execution ([MEMSIGHT](https://github.com/season-lab/memsight))



* 2019 Fine-grain Memory Object Representation in Symbolic Execution 



* 2019 A Segmented Memory Model for Symbolic Execution



* 2020 Relocatable addressing model for symbolic execution ([KLEE-ram](https://www.tau.ac.il/~davivtra/projects/ram/))



* 2020 Past-Sensitive Pointer Analysis for Symbolic Execution ([KLEE-pspa](https://github.com/davidtr1037/klee-pspa))



* 2021 A Bounded Symbolic-Size Model for Symbolic Execution ([KLEE-symsize](https://github.com/davidtr1037/klee-symsize))



* 2022 A Deterministic Memory Allocator for Dynamic Symbolic Execution



* 2023 KDAlloc: The KLEE Deterministic Allocator ([KDAlloc](https://github.com/srg-imperial/kdalloc-issta-2023))



## Environment Interaction



* 2018 Avatar2: A Multi-target Orchestration Platform ([Avatar2](https://github.com/avatartwo/avatar2))



* 2020 SYMBION: Interleaving Symbolic with Concrete Execution ([SYMBION](https://github.com/angr/angr))



* 2020 Mousse: A System for Selective Symbolic Execution of Programs with Untamed ([Mousse](https://github.com/trusslab/mousse))



* 2020 Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation ([Laelaps](https://github.com/dongmu/Laelaps))



* 2021 Automatic Firmware Emulation through Invalidity-guided Knowledge Inference ([uEmu](https://github.com/MCUSec/uEmu))



* 2021 Jetset: Targeted Firmware Rehosting for Embedded Systems ([Jetset](https://github.com/aerosec/jetset/))



* 2022 Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing ([Fuzzware](https://github.com/fuzzware-fuzzer/fuzzware))



## Hybrid Fuzzing



* 2016 Driller: Augmenting Fuzzing Through Selective Symbolic Execution ([Driller](https://github.com/shellphish/driller))



* 2019 Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing ([Intriguer](https://github.com/seclab-yonsei/intriguer))



* 2019 Matryoshka: Fuzzing Deeply Nested Branches



* 2019 Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing ([DigFuzz](https://github.com/shouc/digfuzz))



* 2019 Grey-box Concolic Testing on Binary Code ([Eclipser](https://github.com/SoftSec-KAIST/Eclipser))



* 2020 PANGOLIN: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction



* 2020 SAVIOR: Towards Bug-Driven Hybrid Testing ([SAVIOR](https://github.com/evanmak/savior-source))



* 2021 Fuzzing Symbolic Expressions ([FUZZY-SAT](https://season-lab.github.io/fuzzolic/))



* 2021 LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating



* 2022 JIGSAW: Efficient and Scalable Path Constraints Fuzzing ([JIGSAW](https://github.com/R-Fuzz/jigsaw))



* 2022 CONFETTI: Amplifying Concolic Guidance for Fuzzers ([CONFETTI](https://github.com/neu-se/CONFETTI))



* 2022 Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle ([Sydr-Fuzz](https://sydr-fuzz.github.io/))



* 2023 Evaluating and Improving Hybrid Fuzzing ([CoFuzz](https://github.com/Tricker-z/CoFuzz))



* 2023 Triereme: Speeding up hybrid fuzzing through efficient query scheduling ([Triereme](https://github.com/vusec/triereme))



## Engine



* 2008 KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs ([KLEE](https://github.com/klee/klee))



* 2011 S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems ([S2E](https://github.com/S2E/s2e))



* 2016 (State of) The Art of War: Offensive Techniques in Binary Analysis ([Angr](https://github.com/angr/angr))



* 2018 QSYM: A Practical Concolic Execution Engine ([QSYM](https://github.com/sslab-gatech/qsym))



* 2020 Symbolic execution with SymCC: Don't interpret, compile! ([SymCC](https://github.com/eurecom-s3/symcc))



* 2021 SymQEMU: Compilation-based symbolic execution for binaries ([SymQEMU](https://github.com/eurecom-s3/symqemu))



* 2021 On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution



* 2022 SymFusion: Hybrid Instrumentation for Concolic Execution ([SymFusion](https://season-lab.github.io/SymFusion/))



* 2022 SIFT: A Tool for Property Directed Symbolic Execution of Multithreaded Software ([SIFT](https://github.com/sysrel/SIFT))



* 2022 SolSEE: A Source-Level Symbolic Execution Engine for Solidity([SolSEE](https://sites.google.com/view/solsee/))



* 2022 SYMBEXCEL: Automated Analysis and Understanding of Malicious Excel 4.0 Macros ([SYMBEXCEL](https://github.com/ucsb-seclab/symbexcel))



* 2023 GenSym: Compiling Parallel Symbolic Execution with Continuations ([GenSym](https://github.com/Generative-Program-Analysis/GenSym))



* 2023 KRover: A Symbolic Execution Engine for Dynamic Kernel Analysis

  

## Others



* 2019 Computing Summaries of String Loops in C for Better Testing and Refacto ([KLEE-loops](https://srg.doc.ic.ac.uk/projects/loop-summaries/artifact.html))



* 2019 Systematic Comparison of Symbolic Execution Systems: Intermediate Representation and its Generation ([Data](https://www.s3.eurecom.fr/tools/symbolic_execution/ir_study.html))



* 2019 Deferred Concretization in Symbolic Execution via Fuzzing



* 2020 Running Symbolic Execution Forever ([MoKLEE](https://srg.doc.ic.ac.uk/projects/moklee/artifact.html))



* 2021 TASE: Reducing Latency of Symbolic Execution with Transactional Memory



* 2022 SymTuner: Maximizing the Power of Symbolic Execution by Adaptively Tuning External Parameters ([SymTuner](https://github.com/skkusal/symtuner))



* 2022 SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis ([SYMSAN](https://github.com/R-Fuzz/symsan))



* 2022 Characterizing and Improving Bug-Finders with Synthetic Bugs



* 2022 Can symbolic execution be a productivity multiplier for human bug-finders?



* 2022 Symbolic Execution for Randomized Programs