UC Riverside

Concolic execution is a powerful program analysis technique for systematically exploring execution paths. Compared to random-mutation-based fuzzing, concolic execution is especially good at exploring code paths guarded by complex and tight branch predicates. However, the existing concolic executors face severe scalability issues when processing real-world programs - they impose a significant performance overhead and consume a large amount of extra memory. Those issues prevent concolic execution from being adopted widely in practice. Motivated by this, we propose a study to characterize and mitigate the bottlenecks in the concolic execution systematically. Concretely, we propose 1). a time and space-efficient constraints collector based on a high-optimized dynamic data-flow analysis framework 2). an efficient and scalable path-constraints fuzzer that can find feasible inputs at a high speed. The preliminary evaluation results show that these two techniques can enable much faster concolic execution with a much smaller memory footprint.