Exposing Go's Hidden Bugs: A Novel Concolic Framework

TL;DR

The paper introduces Zorya, a concolic execution framework for Go that enhances vulnerability detection by combining concrete and symbolic analysis, addressing Go's concurrency complexities.

Contribution

It presents Zorya, a novel concolic framework that improves Go program analysis by integrating concrete and symbolic execution using Ghidra's IR.

Findings

Detects runtime panics in TinyGo compiler

Supports both generic and custom invariants

Uses Ghidra's P-Code IR for multi-language analysis

Abstract

The widespread adoption of the Go programming language in infrastructure backends and blockchain projects has heightened the need for improved security measures. Established techniques such as unit testing, static analysis, and program fuzzing provide foundational protection mechanisms. Although symbolic execution tools have made significant contributions, opportunities remain to address the complexities of Go's runtime and concurrency model. In this work, we present Zorya, a novel methodology leveraging concrete and symbolic (concolic) execution to evaluate Go programs comprehensively. By systematically exploring execution paths to uncover vulnerabilities beyond conventional testing, symbolic execution offers distinct advantages, and coupling it with concrete execution mitigates the path explosion problem. Our solution employs Ghidra's P-Code as an intermediate representation (IR). This implementation detects runtime panics in the TinyGo compiler and supports both generic and custom invariants. Furthermore, P-Code's generic IR nature enables analysis of programs written in other languages such as C. Future enhancements may include intelligent classification of concolic execution logs to identify vulnerability patterns.