Symbion, our interleaved execution technique!
ConcreteTargetthat is used to "import" a concrete state of the target program from an external source into
angr. Once the state is imported you can make parts of the state symbolic, use symbolic execution on this state, run your analyses, and finally concretize the symbolic parts and resume concrete execution in the external environment. By iterating this process it is possible to implement run-time and interactive advanced symbolic analyses that are backed up by the real program's execution!
ConcreteTarget(effectively, an object that is going to be the "glue" between angr and the external process.) We ship a default one (the AvatarGDBConcreteTarget, which control an instance of a program being debugged under GDB) in the following repo https://github.com/angr/angr-targets.
SimulationManager, and specified a list of stop_points using the
Symbioninterface we are going to resume the concrete process execution.
angr. A new plugin called concrete is in charge of synchronizing the concrete state of the program inside a new
SimProcedureif we happen to have it, otherwise with a
SimProcedurestub (you can control this decision by using the Options SYMBION_KEEP_STUBS_ON_SYNC). Conversely, the real code of the function is executed inside angr (Warning: do that at your own risk!)
SimStatebacked by the concrete process stopped at that particular stop_point. Options