Directed Dynamic Symbolic Execution for Static Analysis Warnings Confirmation

Currently, there is no doubt among experts in the field of program certification and quality assurance that automated program analysis methods should be used to find bugs that lead to program security vulnerabilities. The national standard for the secure software development requires the use of source code static analysis tools as one of the measures of software quality assurance at the development stage and the application of dynamic analysis and fuzz-testing of the source code at the qualification testing stage. Fundamental limitations of automated program analysis and testing methods make it impossible to carry out simultaneously exhaustive and precise analysis of programs for errors. Thereof, researches are nowadays carried out aimed at reducing the effect of fundamental limitations on the quality and productivity of automated software error detection methods. This paper discusses an approach that combines methods of source code static analysis and dynamic symbolic execution in order to increase the program error detection efficiency.