Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts
Thu 14 Nov 2019 15:00 - 15:10 at Cortez 1 - Program Analysis Chair(s): Coen De Roover
An effective way to maximize code coverage in software tests is through dynamic symbolic execution, a technique that uses constraint solving to systematically explore a program’s state space. We introduce an open-source dynamic symbolic execution framework called Manticore for analyzing binaries and Ethereum smart contracts. Manticore’s flexible architecture allows it to support both traditional and exotic execution environments, and its API allows users to customize their analysis. Here, we discuss Manticore’s architecture and demonstrate the capabilities we have used to find bugs and verify the correctness of code for our commercial clients.
Wed 13 Nov
10:00 - 10:40 Demonstration | TsmartGP: A Tool for Finding Memory Defects with Pointer Analysis Yuexing WangTsinghua University, Guang ChenTsinghua University, Min ZhouTsinghua University, Ming GuTsinghua University, Jiaguang SunTsinghua University | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | BuRRiTo: A Framework to Extract, Specify, Verify and Analyze Business Rules Pavan ChittimalliTCS Research, Kritika AnandTCS Research, Shrishti PradhanTCS Research, Sayandeep MitraTCS Research, Chandan PrakashTCS Research, Rohit ShereTCS Research, Ravindra NaikTCS Research, TRDDC, India | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | Lancer: Your Code Tell Me What You Need Shufan ZhouSchool of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Beijun ShenSchool of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Hao ZhongShanghai Jiao Tong University | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | TestCov: Robust Test-Suite Execution and Coverage Measurement Pre-print Media Attached File Attached | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | Prema: A Tool for Precise Requirements Editing, Modeling and Analysis Yihao HuangEast China Normal University, Jincao FengEast China Normal University, Hanyue ZhengEast China Normal University, Jiayi ZhuEast China Normal University, Shang WangEast China Normal University, Siyuan JiangEastern Michigan University, Weikai MiaoShanghai Key Lab for Trustworthy Computing, School of Computer Science and Software Engineering, East China Normal University, Geguang PuEast China Normal University&Shanghai Trusted Industrial Control Platform Co., Ltd | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | XRaSE: Towards Virtually Tangible Software using Augmented Reality Rohit MehraAccenture Labs, India, Vibhu Saujanya SharmaAccenture Labs, Vikrant KaulgudAccenture Labs, India, Sanjay PodderAccenture | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | MuSC: A Tool for Mutation Testing of Ethereum Smart Contract Zixin LiNanjing University, Haoran WuState Key Laboratory for Novel Software Technology, Nanjing University, Jiehui XuNanjing University, Xingya WangState Key Laboratory for Novel Software Technology, Nanjing University, Lingming ZhangThe University of Texas at Dallas, Zhenyu ChenNanjing University | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | VeriSmart 2.0: Swarm-Based Bug-Finding for Multi-Threaded Programs with Lazy-CSeq Bernd FischerStellenbosch University, Salvatore La TorreUniversità degli Studi di Salerno, Gennaro ParlatoUniversity of Molise | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | DeepMutation++: a Mutation Testing Framework for Deep Learning Systems Qiang HuKyushu University, Japan, Lei MaKyushu University, Xiaofei XieNanyang Technological University, Bing YuKyushu University, Japan, Yang LiuNanyang Technological University, Singapore, Jianjun ZhaoKyushu University | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts Mark MossbergTrail of Bits, Felipe ManzanoTrail of Bits, Eric HennenfentTrail of Bits, Alex GroceTrail of Bits, Gustavo GriecoTrail of Bits, Josselin FeistTrail of Bits, Trent BrunsonTrail of Bits, Artem DinaburgTrail of Bits Media Attached | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | ConVul: An Effective Tool for Detecting Concurrency Vulnerabilities Ruijie MengUniversity of Chinese Academy of Sciences, Biyun ZhuUniversity of Chinese Academy of Sciences, Hao YunUniversity of Chinese Academy of Sciences, Haicheng LiUniversity of Chinese Academy of Sciences, Yan CaiInstitute of Software, Chinese Academy of Sciences, Zijiang YangWestern Michigan University | |||||||||||||||||||||||||||||||||||||||||
10:00 - 10:40 Demonstration | mCUTE: A Model-level Concolic Unit Testing Engine for UML State Machines Reza AhmadiQueen's University, Karim JahedQueen's University, Juergen DingelQueen's University, Kingston, Ontario |