Application of Dynamic Symbolic Execution in Hybrid Fuzzing of Binary Code for Baikal-M and RISC-V 64 Architectures

Hybrid fuzzing and dynamic symbolic execution have become a vital part of the secure software development lifecycle. Currently, the proportion of code being developed for ARM and RISC-V architectures is constantly increasing, making the task of their effective analysis a top priority. This work is dedicated to solving this task by developing methods for dynamic symbolic execution and hybrid fuzzing for modern RISC architectures – «Baikal-M» (ARM/AArch64) and RISC-V 64. Based on modeling symbolic semantics of machine instructions the developed approaches are integrated into the Sydr tool within the Sydr-Fuzz framework and aim to enhance the efficiency of hybrid fuzzing. Key results include algorithms for processing indirect branches with accurate target addresses determination and RISC-V integer instruction set support in open-source symbolic framework Triton that provides the community with a ready-made foundation for creating dynamic analysis tools.

1. ГОСТ Р 58412-2019: Защита информации. Разработка безопасного программного обеспечения. Угрозы безопасности информации при разработке программного обеспечения. –– Национальный стандарт РФ, 2019.

2. Serebryany, K. Continuous Fuzzing with libFuzzer and AddressSanitizer [Текст] / Kosta Serebryany // 2016 IEEE Cybersecurity Development (SecDev) / IEEE. 2016, с. 157.

3. Fioraldi, A. AFL++: Combining Incremental Steps of Fuzzing Research [Текст] / A. Fioraldi, D. Maier, H. Eißfeldt, M. Heuse // 14th USENIX Workshop on Offensive Technologies (WOOT 20). 2020, с. 10.

4. Molnar, D. Automated whitebox fuzz testing [Текст] / D. Molnar, P. Godefroid, M. Levin // Network and Distributed System Security Symposium, NDSS. 2008, с. 416-426.

5. FuzzBench (Google). DSE+Fuzzing Experiment Report. 2021. [Электронный ресурс]. –– URL: https://www.fuzzbench.com/reports/experimental/2021-07-03-symbolic/index.html (доступ 23.09.2025).

6. Yun I. QSYM: A practical concolic execution engine tailored for hybrid fuzzing [Текст] / I. Yun [и др.] // 27th USENIX Security Symposium (USENIX Security 18). 2018, с. 745-761.

7. Vishnyakov, A. Sydr: Cutting edge dynamic symbolic execution [Текст] / A. Vishnyakov [и др.] // 2020 Ivannikov ISPRAS Open Conference (ISPRAS). IEEE. 2020, с. 46-54.

8. David, R. From source code to crash test-cases through software testing automation [Текст] / Robin David, Jonathan Salwan, Justin Bourroux // CESAR 2021: Automation in Cybersecurity. 2021.

9. Cadar C. Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. [Текст] / C. Cadar, D. Dunbar, D. R. Engler [и др.] // OSDI. Т. 8. 2008, с. 209-224.

10. Poeplau, S. SymQEMU: Compilation-based symbolic execution for binaries. [Текст] / S. Poeplau, A. Francillon // NDSS. 2021.

11. Kutz D.Towards Symbolic Pointers Reasoning in Dynamic Symbolic Execution [Текст] / D. Kuts // 2021 Ivannikov Memorial Workshop (IVMEM). IEEE. 2021, с. 42-49.

12. Vishnyakov A. Symbolic Security Predicates: Hunt Program Weaknesses [Текст] / A. Vishnyakov [и др.] // 2021 Ivannikov Ispras Open Conference (ISPRAS). IEEE. 2021, с. 76-85.

13. Saudel, F. Triton: A Dynamic Symbolic Execution Framework [Текст] / Florent Saudel, Jonathan Salwan // Symposium sur la s ́ecurit ́e des technologies de l’information et des communications. SSTIC. 2015, с. 31-54.

14. Vishnyakov, A. Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle [Текст]/ A. Vishnyakov, D. Kuts, V. Logunova, D. Parygina, E. Kobrin, G. Savidov, A. Fedotov // 2022 Ivannikov ISPRAS Open Conference (ISPRAS). IEEE, 2022, с. 111-123.