Hybrid testing

[Google Scholar]

Notes: Driller verifier, QSYM, SymCC, SAVIOR, DigFuzz fuzzer, Fuzz testing, AFL fuzzer, symbolic execution, concolic execution

A form of fuzz testing that combines (usually coverage-guided) fuzzing using tools like AFL fuzzer with symbolic execution (usually concolic execution) to get through branches that are hard to fuzz.

Fuzz testing, Mayhem

  • SAVIOR: Towards bug-driven hybrid testing [chen:sp:2020]
  • Hybrid concolic testing [majumdar:icse:2007]
  • Systematic comparison of symbolic execution systems: Intermediate representation and its generation [poeplau:acsac:2019]
  • Symbolic execution with SymCC: Don't interpret, compile! [poeplau:usenix:2020]
  • Driller: Augmenting fuzzing through selective symbolic execution [stephens:ndss:2016]
  • QSYM: A practical concolic execution engine tailored for hybrid fuzzing [yun:usenix:2018]
  • Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing [zhao:ndss:2019]