@inbook{085e9056b6bb43c4b7a22c4c01c84c1b,
title = "Concolic Execution Optimized for Go Binaries using Ghidra{\textquoteright}s P-Code",
abstract = "The widespread adoption of the Go programming language in infrastructure backends and blockchain projects has heightened the need for improved security measures. Established techniques such as unit testing, static analysis, and program fuzzing provide foundational protection mechanisms. Although symbolic execution tools have made significant contributions, opportunities remain to address the complexities of Go{\textquoteright}s runtime and concurrency model. In this work, we present Zorya, a novel methodology leveraging concrete and symbolic (concolic) execution to evaluate Go programs comprehensively. By systematically exploring execution paths to uncover vulnerabilities beyond conventional testing, symbolic execution offers distinct advantages, and coupling it with concrete execution mitigates the path explosion problem. Our solution employs Ghidra{\textquoteright}s P-Code as an intermediate representation (IR). This implementation detects runtime panics in the TinyGo compiler and supports both generic and custom invariants. Furthermore, P-Code{\textquoteright}s generic IR nature enables analysis of programs written in other languages such as C. Future enhancements may include intelligent classification of concolic execution logs to identify vulnerability patterns.",
keywords = "Concolic execution, Go, Invariant testing, P-Code, Vulnerabilities detection",
author = "Karolina Gorna and Nicolas Iooss and Yannick Seurin and Rida Khatoun",
note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.",
year = "2026",
month = jan,
day = "1",
doi = "10.1007/978-3-032-06658-9\_10",
language = "English",
series = "Studies in Computational Intelligence",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "161--176",
booktitle = "Studies in Computational Intelligence",
}