Skip to main content

Conpy: Concolic Execution Engine for Python Applications

  • Conference paper
Algorithms and Architectures for Parallel Processing (ICA3PP 2014)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8631))

  • 2699 Accesses

Abstract

Concolic execution has become a promising technique for program analysis in recent years, whereas it rarely applies to Python applications. In this work, we propose a concolic execution engine for Python applications named Conpy. Conpy is easy to deploy since it is written in pure Python and it is not dependent on any third-party tools. Conpy is also easy to use. Anyone with basic knowledge of Python and concolic execution can quickly get start with Conpy. Besides, Conpy works in low level and produces human-readable reports which facilitate subsequent analysis. We then make an elaborate performance testing on Conpy. Results show that the overhead of Conpy is acceptable, that is to say, less than one order of magnitude in most cases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. King, J.C.: Symbolic execution and program testing. J. ACM 19(7), 385–394 (1976)

    MATH  Google Scholar 

  2. Godefroid, P., Levin, M., Molnar, D.: Automated whitebox fuzz testing. In: NDSS, pp. 151–166 (2008)

    Google Scholar 

  3. Tillmann, N., de Halleux, J.: Pex-white box test generation for.NET. In: Beckert, B., Hähnle, R. (eds.) TAP 2008. LNCS, vol. 4966, pp. 134–153. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  4. Cadar, C., Dunbar, D., Engler, D.: Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, pp. 209–224 (2008)

    Google Scholar 

  5. Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. ACM Sigplan Notices 40(6), 213–223 (2005)

    Article  Google Scholar 

  6. Sen, K., Marinov, D., Agha, G.: CUTE: A concolic unit testing engine for C. In: ESEC/FSE, pp. 263–272 (2005)

    Google Scholar 

  7. Fuzzgrind: An automatic fuzzing tool, http://esec-lab.sogeti.com/dotclear/index.php?pages/Fuzzgrind

  8. Molnar, D.A., Wagner, D.: Catchconv: symbolic execution and run-time type inference for integer conversion errors. Tech. Rep. UC Berkeley EECS, 2007–23 (2007)

    Google Scholar 

  9. Chipounov, V., Kuznetsov, V., Candea, G.: S2E: A platform for in-vivo multi-path analysis of software systems. Sigarch Comput. Archit. News 39(1), 265–278 (2011)

    Article  Google Scholar 

  10. Xu, R.G., Godefroid, P., Majumdar, R.: Testing for buffer overflows with length abstraction. In: ISSTA, pp. 27–37 (2008)

    Google Scholar 

  11. Wang, T.L., Wei, T., Gu, G.F., Zou, W.: TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection. In: S&P, pp. 497–512 (2010)

    Google Scholar 

  12. Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Burnim, J., Sen, K.: Heuristics for scalable dynamic test generation. In: ASE, pp. 443–446 (2008)

    Google Scholar 

  14. Khurshid, S., Păsăreanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Chen, T., Zhang, X.S., Zhu, C., Ji, X.L., Guo, S.Z., Wu, Y.: Design and implementation of a dynamic symbolic execution tool for windows executables. J. Softw-Evol. Proc. 25(12), 1249–1272 (2013)

    Article  Google Scholar 

  16. Chen, T., Zhang, X.S., Xiao, X., Wu, Y., Xu, C.X., Zhao, H.T.: SEVE: Symbolic execution based vulnerability exploring system. COMPEL. 32(2), 620–637 (2013)

    Article  Google Scholar 

  17. Python (programming language), http://en.wikipedia.org/wiki/Python_programming_language

  18. Chen, T., Zhang, X.S., Guo, S.Z., Li, H.Y., Wu, Y.: State of the art: dynamic symbolic execution for automated test generation. Future Gener. Comp. Sy. 29(7), 1758–1773 (2013)

    Article  Google Scholar 

  19. Brumley, D., Hartwig, C., Liang, Z.K., Newsome, J., Poosankam, P., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Botnet Detection, pp. 65–88 (2008)

    Google Scholar 

  20. Brumley, D., Hartwig, C., Kang, M.G., Liang, Z.K., Newsome, J., Poosankam, P., Song, D.: BitScope: automatically dissecting malicious binaries. Tech. Rep. CMU-CS-07-133 (2007)

    Google Scholar 

  21. Dive into python, everything is an object, http://www.diveintopython.net/getting_to_know_python/everything_is_an_object.html

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Chen, T., Zhang, Xs., Chen, Rd., Yang, B., Bai, Y. (2014). Conpy: Concolic Execution Engine for Python Applications. In: Sun, Xh., et al. Algorithms and Architectures for Parallel Processing. ICA3PP 2014. Lecture Notes in Computer Science, vol 8631. Springer, Cham. https://doi.org/10.1007/978-3-319-11194-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11194-0_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11193-3

  • Online ISBN: 978-3-319-11194-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics