Skip to main content
SpringerLink
Log in
Book cover

International Conference on Algorithms and Architectures for Parallel Processing

ICA3PP 2014: Algorithms and Architectures for Parallel Processing pp 150–163Cite as

Conpy: Concolic Execution Engine for Python Applications

  • Conference paper

  • 2692 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8631))

Abstract

Concolic execution has become a promising technique for program analysis in recent years, whereas it rarely applies to Python applications. In this work, we propose a concolic execution engine for Python applications named Conpy. Conpy is easy to deploy since it is written in pure Python and it is not dependent on any third-party tools. Conpy is also easy to use. Anyone with basic knowledge of Python and concolic execution can quickly get start with Conpy. Besides, Conpy works in low level and produces human-readable reports which facilitate subsequent analysis. We then make an elaborate performance testing on Conpy. Results show that the overhead of Conpy is acceptable, that is to say, less than one order of magnitude in most cases.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. King, J.C.: Symbolic execution and program testing. J. ACM 19(7), 385–394 (1976)

    MATH  Google Scholar 

  2. Godefroid, P., Levin, M., Molnar, D.: Automated whitebox fuzz testing. In: NDSS, pp. 151–166 (2008)

    Google Scholar 

  3. Tillmann, N., de Halleux, J.: Pex-white box test generation for.NET. In: Beckert, B., Hähnle, R. (eds.) TAP 2008. LNCS, vol. 4966, pp. 134–153. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  4. Cadar, C., Dunbar, D., Engler, D.: Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, pp. 209–224 (2008)

    Google Scholar 

  5. Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. ACM Sigplan Notices 40(6), 213–223 (2005)

    Article  Google Scholar 

  6. Sen, K., Marinov, D., Agha, G.: CUTE: A concolic unit testing engine for C. In: ESEC/FSE, pp. 263–272 (2005)

    Google Scholar 

  7. Fuzzgrind: An automatic fuzzing tool, http://esec-lab.sogeti.com/dotclear/index.php?pages/Fuzzgrind

  8. Molnar, D.A., Wagner, D.: Catchconv: symbolic execution and run-time type inference for integer conversion errors. Tech. Rep. UC Berkeley EECS, 2007–23 (2007)

    Google Scholar 

  9. Chipounov, V., Kuznetsov, V., Candea, G.: S2E: A platform for in-vivo multi-path analysis of software systems. Sigarch Comput. Archit. News 39(1), 265–278 (2011)

    Article  Google Scholar 

  10. Xu, R.G., Godefroid, P., Majumdar, R.: Testing for buffer overflows with length abstraction. In: ISSTA, pp. 27–37 (2008)

    Google Scholar 

  11. Wang, T.L., Wei, T., Gu, G.F., Zou, W.: TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection. In: S&P, pp. 497–512 (2010)

    Google Scholar 

  12. Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Burnim, J., Sen, K.: Heuristics for scalable dynamic test generation. In: ASE, pp. 443–446 (2008)

    Google Scholar 

  14. Khurshid, S., Păsăreanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Chen, T., Zhang, X.S., Zhu, C., Ji, X.L., Guo, S.Z., Wu, Y.: Design and implementation of a dynamic symbolic execution tool for windows executables. J. Softw-Evol. Proc. 25(12), 1249–1272 (2013)

    Article  Google Scholar 

  16. Chen, T., Zhang, X.S., Xiao, X., Wu, Y., Xu, C.X., Zhao, H.T.: SEVE: Symbolic execution based vulnerability exploring system. COMPEL. 32(2), 620–637 (2013)

    Article  Google Scholar 

  17. Python (programming language), http://en.wikipedia.org/wiki/Python_programming_language

  18. Chen, T., Zhang, X.S., Guo, S.Z., Li, H.Y., Wu, Y.: State of the art: dynamic symbolic execution for automated test generation. Future Gener. Comp. Sy. 29(7), 1758–1773 (2013)

    Article  Google Scholar 

  19. Brumley, D., Hartwig, C., Liang, Z.K., Newsome, J., Poosankam, P., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Botnet Detection, pp. 65–88 (2008)

    Google Scholar 

  20. Brumley, D., Hartwig, C., Kang, M.G., Liang, Z.K., Newsome, J., Poosankam, P., Song, D.: BitScope: automatically dissecting malicious binaries. Tech. Rep. CMU-CS-07-133 (2007)

    Google Scholar 

  21. Dive into python, everything is an object, http://www.diveintopython.net/getting_to_know_python/everything_is_an_object.html

Download references

Author information

Authors and Affiliations

  1. School of Computer Science & Engineering, University of Electronic Science and Technology of China, Chengdu, 611731, China

    Ting Chen, Xiao-song Zhang, Rui-dong Chen & Bo Yang

  2. No.30 Research Institute, China Electronics Technology Group Corporation (CETC), Chengdu, 618841, China

    Yang Bai

Authors
  1. Ting Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiao-song Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rui-dong Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bo Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yang Bai
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Illinois Institute of Technology, 60616-3793, Chicago, IL, USA

    Xian-he Sun

  2. School of Computer Science and Technology, Dalian Maritime University, 1 Linghai Road, 116026, Dalian, China

    Wenyu Qu

  3. SEECS, University of Ottawa, 8, King Edward Ave, K1N 6N5, Ottawa, ON, Canada

    Ivan Stojmenovic

  4. Deakin University, 221 Burwood Highway, 3125, Burwood, VIC, Australia

    Wanlei Zhou

  5. Dalian Maritime University, NO.1 Linhai Road Dailian, 116026, China

    Zhiyang Li

  6. BeiHang University, XueYuan Road No.37, HaiDian District, Beijing, China

    Hua Guo

  7. University of Bradford, BD7 1DP, Bradford, West Yorkshire, United Kingdom

    Geyong Min

  8. Dalian Maritime University, NO.1 Linhai Road Dailian, China, 116026

    Tingting Yang

  9. Computer Network Information Center, Chinese Academy of Sciences, 100190, Beijing, China

    Yulei Wu

  10. Shandong University, 27 Shanda Nanlu, 250100, Jinan City, Shandong Province, China

    Lei Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Chen, T., Zhang, Xs., Chen, Rd., Yang, B., Bai, Y. (2014). Conpy: Concolic Execution Engine for Python Applications. In: Sun, Xh., et al. Algorithms and Architectures for Parallel Processing. ICA3PP 2014. Lecture Notes in Computer Science, vol 8631. Springer, Cham. https://doi.org/10.1007/978-3-319-11194-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11194-0_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11193-3

  • Online ISBN: 978-3-319-11194-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation