enzet / symbolic-execution

History of symbolic execution (as well as SAT/SMT solving, fuzzing, and taint data tracking)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Timelines

  • Symbolic execution timeline highlights some major tools and ideas of pure symbolic execution, dynamic symbolic execution (concolic) as well as related ideas of model checking, SAT/SMT solving, black-box fuzzing, taint data tracking, and other dynamic analysis techniques.
  • Solving timeline highlights major SAT and SMT techniques and solvers (including solvers not related to symbolic execution).

There is also temporary timeline of some tools not displayed in the diagrams above.

Symbolic execution

⚠️ PNG preview could be outdated. See symbolic-execution.svg for the latest version.

Preview

SAT and SMT solving

⚠️ PNG preview could be outdated. See solving.svg for the latest version.

Preview

Building PNG or PDF

Please, install fonts for correct SVG display:

Use Inkscape to build PNG or PDF. Example for symbolic-execution diagram:

  • PNG: inkscape diagram/symbolic-execution.svg --export-png diagram/symbolic-execution.png --export-dpi 150,
  • PDF: inkscape diagram/symbolic-execution.svg --export-pdf diagram/symbolic-execution.pdf.

Design

We use colors from GitHub Linguist for input languages.

Contribution

Feel free to suggest changes or add new information. If your change is minor (like typo), you can just edit source code of symbolic-execution.svg. If change is major, you are encouraged to either create new issue, or edit symbolic-execution.svg (Inkscape editor is strongly recommended due to source code issues).

Before commiting

Please, use SVGO for diagram optimization before commiting (to get more clean diff):

svgo diagram/symbolic-execution.svg \
    --pretty \
    --enable=sortAttrs \
    --disable=removeEditorsNSData \
    --disable=cleanupIDs \
    --indent=2

Tools structure

File tools.yml contains tools YAML description. E.g.:

DART:
  since: 2005
  input: C
  uses: lp_solve
  based: CIL
  description: random testing and direct execution

About

History of symbolic execution (as well as SAT/SMT solving, fuzzing, and taint data tracking)

License:Creative Commons Attribution Share Alike 4.0 International


Languages

Language:Kotlin 96.6%Language:JavaScript 3.4%