SymFit: Making the Common (Concrete) Case Fast for Binary-Code Concolic Execution
Zhenxiao Qi
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
In the realm of software security and vulnerability research, **concolic execution** (a hybrid of concrete and symbolic execution) stands as a powerful technique for path exploration and bug finding. This talk, presented by Zhenxiao Qi from UC Riverside at USENIX Security '24, introduces **SymFit**, a novel approach designed to significantly enhance the efficiency of binary-code concolic execution. SymFit addresses critical performance bottlenecks in existing tools, particularly when analyzing **binary-only software** such as proprietary applications, stripped dependencies, or firmware, where source code is unavailable.
AI review
This research presents a highly effective approach to address critical performance bottlenecks in binary-code concolic execution. SymFit's intelligent optimizations for concrete execution paths, shadow memory management, and symbolic state handling lead to significant speedups, making a powerful vulnerability discovery technique far more practical for real-world binary analysis and crash deduplication.