Abstract: This paper designs and implements an approach of Fuzzing test based on symbolic execution. The path constraints are collected and generated through code instrumentation during the application execution, and new path constraints are generated with a search algorithm and solved, which constructs new inputs that can steer the application to follow alternative execution paths. An improved taint analysis mechanism is presented to optimize the path constraints. This approach improves the code coverage and the vulnerabilities exploiting efficiency.

Key words: Fuzzing test, code instrumentation, symbolic execution, taint analysis

摘要： 设计并实现一种基于符号化执行的Fuzzing测试方法。通过代码插装，在程序执行过程中收集路径约束条件，依据一定的路径遍历算法生成新路径约束条件并进行求解，构造可以引导程序向新路径执行的输入测试数据。提出一种改进的污点分析机制，对路径约束条件进行简化，提高了代码覆盖率和漏洞检测的效率。

关键词: Fuzzing测试, 代码插装, 符号化执行, 污点分析

CLC Number: 

• TP311