-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collecting constraints of real-world program #62
Comments
Hi, That looks like perfectly possible to extract constraints along the execution of the program (I imagine SYMCC_LOG_FILE should log that), and yes the libc will need to be instrumented if you want to propagate the symbolic execution to that layer. I assume that the problem with scaling mentioned in #23 is mainly because of manual work to add wrappers. |
Hi, I wonder if it is doable to use SymCC to collect real-world program's path constraints? Supposing we have a CVE and the corresponding poc, we want to collect the constraints along the execution trace.
I know the libc interaction will be a serious problem, and I have also noticed this: #23, so what if I add all the necessary libc wrappers, may I manage to collect the complete constraints then?
For adding libc wrappers approach, the developed of SymCC has said like this:
What the meaning of scale? Just time-consuming? If it can collect the constraints successfully, time-cost won't be a serious problem. (For example, the automatic exploit generation guys don't care about the speed much)
The text was updated successfully, but these errors were encountered: