Closed amita1101 closed 9 months ago
With taint analysis alone you can't explore all paths. For exploring, you have to generate good inputs and for generating good inputs you have to rely on symbolic execution. In theory you can do everything you want but in practice it's ambitious to explore all paths. Especially on a whole kernel. However, specific and well defined parts of a kernel yes.
Can I do dynamic tainting on Linux Kernel's latest versions using the Triton tool? is it possible to explore all the paths?