|
|
|
|
|
|
by pag
2580 days ago
|
|
|
There are a number of lifters. The McSema repo has a table detailing the features of most of them. Glad that DeepState had an impact on you :-D We continue to evolve DeepState, both in the direction of better fuzzing, and better test case reduction. Remill is instruction granularity, and so all it requires is raw bytes. McSema uses Remill in conjunction with a disassembly frontend (IDA Pro, Binary Ninja, or Dyninst). If you have source code you can likely be more precise/efficient. Sometimes you may have access to source but not the ability to change/influence the build. I think there's a lot of room for improvement with KLEE. If I were to write an LLVM symbolic executor from scratch then I think I would do some things differently. |
|
|
Do you have something written somewhere on how you would do different from KLEE ?