Abstract
Automatic detection of bugs in programs is an extremely important direction of current research and development in the field of program reliability and security assurance. Earlier studies covered, methods for program analysis that combine the dynamic symbolic execution, randomized testing, and static analysis. In this paper, a formal model for detecting bugs using the symbolic execution of programs and its implementation for detecting the buffer bounds violation is presented. A formal model of the program symbolic execution is described, and a theorem on detecting a bug on the basis of the violation of the operation domain is formulated and proved. An implementation of the buffer bounds violation analyzer in the process of symbolic program execution is described, and the application of the implemented prototype for analyzing a set of programs in Debian Linux is presented. The experiments confirm the actionability of the proposed method.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
REFERENCES
Miller, B.P., Fredriksen, L., and So, B., An empirical study of the reliability of UNIX utilities, Comm. ACM, 2009, vol. 33, no. 12, pp. 32–44.
Zalewski, M., Symbolic execution in vuln research. https://lcamtuf.blogspot.com/2015/02/symbolic-execution-in-vuln-research.html
Boyer, R.S., Elspas, B., and Levitt, K.N., SELECT – a formal system for testing and debugging programs by symbolic execution, Proc. of the International Conference on Reliable software, 1975, pp. 234–245.
Gerasimov, A. Yu. and Kruglov, L.V., Input data generation for reaching specific function in program by iterative dynamic analysis method, Trudy ISP RAN, 2016, vol. 28, no. 5, pp. 159–174.
Gerasimov, A. Yu. Kruglov, L.V., Ermakov, M.K., and Vartanov, S.P., An approach to determining reachability of program flaws detected by static analysis using dynamic symbolic execution of programs, Trudy ISP RAN, 2017, vol. 29, no. 5, pp. 111–134.
Godefroid, P., Levin, M.Y., and Molnar, D., SAGE: Whitebox fuzzing for security testing, Comm. ACM, 2012, vol. 55, no. 3, pp. 40–44.
CWE-476: NULL Pointer Dereference. https://cwe.mitre.org/data/definitions/476.html
CWE-121: Stack-based Buffer Overflow. https://cwe.mitre.org/data/definitions/121.html
CWE-122: Heap-based Buffer Overflow. https://cwe.mitre.org/data/definitions/122.html
CWE-123: Write-what-where Condition. https://cwe.mitre.org/data/definitions/123.html
CWE-125: Out-of-bounds Read. https://cwe.mitre.org/data/definitions/125.html
CWE-787: Out-of-bounds Write. https://cwe.mitre.org/data/definitions/787.html
Gerasimov, A., Vartanov, S., Ermakov, M., Kruglov, L., Kutz, D., Novikov, A., and Asryan, S., Anxiety: A dynamic symbolic execution framework, Proc. of the 2017 Ivannikov ISP RAS Open Conference, 2017, pp. 16–21.
Fedotov, A.N., Kaushan, V.V., Gaissaryan, S.S., and Kurmangaleev Sh.F., Building security predicates for some types of vulnerabilities, Trudy ISP RAN, 2017, vol. 29, no. 6, pp. 151–162.
Bruening, D, Garnett, T., and Amarasinghe, S., An infrastructure for adaptive dynamic optimization, Proc. of the International Symposium on Code Generation and Optimization, 2003, pp. 265–275.
Funding
The work was supported by the Russian Foundation for Basic Research, project no. 17-07-00702.
Author information
Authors and Affiliations
Corresponding authors
Additional information
Translated by A. Klimontovich
Rights and permissions
About this article
Cite this article
Gerasimov, A.Y., Kuts, D.O. & Novikov, A.A. A Formal Model for Detecting Bugs by Symbolic Execution of Programs. Program Comput Soft 46, 731–736 (2020). https://doi.org/10.1134/S0361768820080046
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1134/S0361768820080046