Analyzing real-world software is challenging due to complexity of the software frameworks or APIs they depend on. In this paper, we present a tool, PROMPT, that facilitates the analysis of software components using API model guided symbolic execution. PROMPT has a specification component, PROSE, that lets users define an API model, which consists of a set of data constraints and life-cycle rules that define control-flow constraints among sequentially composed API functions. Given a PROSE model and a software component, PROMPT symbolically executes the component while enforcing the specified API model. PROMPT has been implemented on top of the KLEE symbolic execution engine and has been applied to Linux device drivers from the video, sound, and network subsystems and to some vulnerable components of BlueZ, the implementation of the Bluetooth protocol stack for the Linux kernel. PROMPT detected two new and four known memory vulnerabilities in some of the analyzed system software components.

中文翻译：

---

使用 API 模型引导的符号执行分析系统软件组件

由于它们所依赖的软件框架或 API 的复杂性，分析现实世界的软件具有挑战性。在本文中，我们提出了一个工具 PROMPT，它有助于使用 API 模型引导的符号执行来分析软件组件。PROMPT 有一个规范组件 PROSE，它允许用户定义 API 模型，该模型由一组数据约束和生命周期规则组成，这些规则定义了按顺序组合的 API 函数之间的控制流约束。给定一个 PROSE 模型和一个软件组件，PROMPT 在强制执行指定的 API 模型的同时象征性地执行该组件。PROMPT 已在 KLEE 符号执行引擎之上实现，并已应用于来自视频、声音和网络子系统的 Linux 设备驱动程序以及 BlueZ 的一些易受攻击的组件，Linux内核蓝牙协议栈的实现。PROMPT 在一些被分析的系统软件组件中检测到两个新的和四个已知的内存漏洞。