Traditional fuzzing fails to guarantee security for critical software systems, while symbolic execution suffers from path explosion and scalability limitations. To address these challenges, this paper proposes a divide-and-conquer–based symbolic vulnerability detection method. The approach integrates control-flow graph analysis with path-sensitive constraint solving, and—novelty—it systematically incorporates the divide-and-conquer paradigm into symbolic execution, enabling dynamic pruning of irrelevant program paths to significantly mitigate path explosion. Experimental evaluation across multiple real-world open-source projects demonstrates that our method achieves a 3.2× improvement in detection efficiency, scales to million-line codebases, and covers seven representative weakness categories from the OWASP Top 10. It thus overcomes key scalability bottlenecks inherent in existing symbolic execution and model-checking techniques.

In modern software development, vulnerability detection is crucial due to the inevitability of bugs and vulnerabilities in complex software systems. Effective detection and elimination of these vulnerabilities during the testing phase are essential. Current methods, such as fuzzing, are widely used for this purpose. While fuzzing is efficient in identifying a broad range of bugs and vulnerabilities by using random mutations or generations, it does not guarantee correctness or absence of vulnerabilities. Therefore, non-random methods are preferable for ensuring the safety and security of critical infrastructure and control systems. This paper presents a vulnerability detection approach based on symbolic execution and control flow graph analysis to identify various types of software weaknesses. Our approach employs a divide-and-conquer algorithm to eliminate irrelevant program information, thus accelerating the process and enabling the analysis of larger programs compared to traditional symbolic execution and model checking methods.