Getting Started with Symbolic Execution
Reference: https://zhuanlan.zhihu.com/p/26927127
Given a result, solve for the corresponding program input.
Classic symbolic execution and dynamic symbolic execution
Reference: https://p1kk.github.io/2021/04/04/others/%E7%AC%A6%E5%8F%B7%E6%89%A7%E8%A1%8C&%E6%B1%A1 %E7%82%B9%E5%88%86%E6%9E%90/
Classic symbolic execution : Use symbolic values as program inputs and use symbolic expressions to represent the values of associated program variables.
Dynamic symbolic execution (concrete and symbolic, concolic): Use specific values as input to simulate the execution of program code.
During the development of symbolic execution, a method called dynamic symbolic execution appeared.
Its input values are represented differently compared to traditional static symbolic execution.
The advantage of dynamic symbolic execution is that all variables in the simulation execution process are specific values , and it is not necessary to use complex data structures to express symbolic values, which can reduce the cost of simulation execution.