An exploit, such as a control flow exploit, may allow an attacker to perform harm to a computer. Typically, an attacker will manually review the code of a software program, identify a vulnerability, or bug, and attempt to exploit that vulnerability. If the vulnerability is exploitable, the attacker may seize control of the software, and any computing device running the software, until the exploit is discovered and removed, and the vulnerability is fixed. Alternatively, the attacker's exploit may steal sensitive information, or launch unauthorized commands, or cause other malice.
Manual, or somewhat automated, techniques can be suitable for attackers when seeking vulnerabilities, as they only need to find one exploitable bug to be successful in compromising a computing system. However, computer security professionals cannot rely on a manual review of software alone, as they would ideally like to identify and fix any and all exploitable bugs in software before certifying that software as secure. Otherwise, that software could be compromised.
Symbolic execution (or, symbolic evaluation), refers to analyzing programs by tracking symbolic values. A computer security professional may utilize and/or perform symbolic execution on a program in order to detect vulnerabilities in the program, because the symbolic execution is capable of reasoning about all inputs that take the same paths through a program, which may identify the vulnerabilities in the program, among other things. Existing symbolic execution frameworks include Bouncer, BitFuzz, BitTurner, FuzzBall, McVeto, SAGE, and S2E, CUTE, BitBlaze, KLEE, and others.