Skip to Main Content
Dynamic test generation approach is becoming increasingly popular to find security vulnerabilities in software. However, existing such approaches and tools have bad system performance because they perform slow symbolic execution on all instructions. This paper presents a new dynamic test generation technique and a tool, Hunter that implements this technique. Unlike other such techniques, Hunter combines concrete and symbolic execution by executing the input-independent instructions concretely at full speed and performing symbolic execution only on direct or indirect input-dependent instructions, thus greatly accelerating the overall system performance. We have implemented our Hunter and used it to automatically find the bugs in the benchmarks and applications with known bugs. At the same time, we also compared it with a typical dynamic test generation tool, SAGE, by testing the same application with the same bug. Our results indicate that our Hunter can improve the system performance greatly; and Hunter can effectively find bugs located deep within large applications.