Execution Hijacking: Improving Dynamic Analysis by Flying off Course

Abstract

Typically, dynamic-analysis techniques operate on a small subset of all possible program behaviors, which limits their effectiveness and the representativeness of the computed results. To address this issue, a new paradigm is emerging: execution hijacking—techniques that explore a larger set of program behaviors by forcing executions along specific paths. Although hijacked executions are infeasible for the given inputs, they can still produce feasible behaviors that could be observed under other inputs. In such cases, execution hijacking can improve the effectiveness of dynamic analysis without requiring the (expensive) generation of additional inputs. To evaluate the usefulness of execution hijacking, we defined, implemented, and evaluated several variants of it. Specifically, we performed empirical study where we assessed whether execution hijacking could improve the effectiveness of two common dynamic analyses: software testing and memory error detection. The results of the study show that execution hijacking, if suitably performed, can indeed help dynamic analysis techniques.