Symbolic execution suffers from the path explosion problem, severely limiting its scalability in practical applications such as vulnerability discovery, malware analysis, firmware reverse engineering, and protocol parsing. To address this, we systematically survey over a decade of industrial and academic practice and propose, for the first time, a taxonomy of symbolic execution strategies tailored to real-world deployment—categorizing path-explosion mitigation techniques into two fundamental paradigms: *scope reduction* and *guidance-driven exploration*. Building upon this taxonomy, we introduce a synergistic analysis framework that integrates constraint solving, fine-grained program state modeling, and dynamic scheduling. We validate its effectiveness on real-time operating systems and modern memory-safe languages (e.g., Rust). Our work provides a systematic methodology and reusable technical pathways for the engineering adoption of symbolic execution, bridging the gap between theoretical advances and practical deployment.

Symbolic execution is a powerful program analysis technique that allows for the systematic exploration of all program paths. Path explosion, where the number of states to track becomes unwieldy, is one of the biggest challenges hindering symbolic execution's practical application. To combat this, researchers have employed various strategies to enable symbolic execution on complex software systems. This paper introduces a systematic taxonomy of these strategies, categorizing them into two primary approaches: Scope Reduction, which aims to reduce the scope of symbolic execution to manageable portions of code, and Guidance Heuristics, which steer the symbolic execution engine toward promising paths. Using this taxonomy as a lens, we survey applications of symbolic executions in several domains such as vulnerability analysis, malware analysis, firmware re-hosting, and network protocol analysis. Finally, we identify promising directions for future research, including the application of symbolic execution to real-time operating systems and modern, type-safe languages.