Automated Test Generation Using Concolic Testing

Proceedings of the 8th India Software Engineering Conference Pub Date : 2015-02-18 DOI:10.1145/2723742.2723768

Koushik Sen

{"title":"Automated Test Generation Using Concolic Testing","authors":"Koushik Sen","doi":"10.1145/2723742.2723768","DOIUrl":null,"url":null,"abstract":"In this talk, I will talk about the recent advances and challenges in concolic testing and symbolic execution. Concolic testing, also known as directed automated random testing (DART) or dynamic symbolic execution, is an efficient way to automatically and systematically generate test inputs for programs. Concolic testing uses a combination of runtime symbolic execution and automated theorem proving techniques to generate automatically non-redundant and exhaustive test inputs. Concolic testing has inspired the development of several industrial and academic automated testing and security tools such as PEX, SAGE, and YOGI at Microsoft, Apollo at IBM, Conbol at Samsung, and CUTE, jCUTE, CATG, Jalangi, SPLAT, BitBlaze, jFuzz, Oasis, and SmartFuzz in academia. A central reason behind the wide adoption of concolic testing is that, while concolic testing uses program analysis and automated theorem proving techniques internally, it exposes a testing usage model that is familiar to most software developers. A key challenge in concolic testing techniques is scalability for large realistic programs---often the number of feasible execution paths of a program increases exponentially with the increase in the length of an execution path. I will describe MultiSE, a new technique for merging states incrementally during symbolic execution, without using auxiliary variables. The key idea of MultiSE is based on an alternative representation of the state, where we map each variable, including the program counter, to a set of guarded symbolic expressions called a value summary. MultiSE has several advantages over conventional DSE and state merging techniques: 1) value summaries enable sharing of symbolic expressions and path constraints along multiple paths, 2) value-summaries avoid redundant execution, 3) MultiSE does not introduce auxiliary symbolic values, which enables it to make progress even when merging values not supported by the constraint solver, such as floating point or function values. We have implemented MultiSE for JavaScript programs in a publicly available open-source tool . Our evaluation of MultiSE on several programs shows that MultiSE can run significantly faster than traditional symbolic execution.","PeriodicalId":288030,"journal":{"name":"Proceedings of the 8th India Software Engineering Conference","volume":"55 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th India Software Engineering Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2723742.2723768","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

In this talk, I will talk about the recent advances and challenges in concolic testing and symbolic execution. Concolic testing, also known as directed automated random testing (DART) or dynamic symbolic execution, is an efficient way to automatically and systematically generate test inputs for programs. Concolic testing uses a combination of runtime symbolic execution and automated theorem proving techniques to generate automatically non-redundant and exhaustive test inputs. Concolic testing has inspired the development of several industrial and academic automated testing and security tools such as PEX, SAGE, and YOGI at Microsoft, Apollo at IBM, Conbol at Samsung, and CUTE, jCUTE, CATG, Jalangi, SPLAT, BitBlaze, jFuzz, Oasis, and SmartFuzz in academia. A central reason behind the wide adoption of concolic testing is that, while concolic testing uses program analysis and automated theorem proving techniques internally, it exposes a testing usage model that is familiar to most software developers. A key challenge in concolic testing techniques is scalability for large realistic programs---often the number of feasible execution paths of a program increases exponentially with the increase in the length of an execution path. I will describe MultiSE, a new technique for merging states incrementally during symbolic execution, without using auxiliary variables. The key idea of MultiSE is based on an alternative representation of the state, where we map each variable, including the program counter, to a set of guarded symbolic expressions called a value summary. MultiSE has several advantages over conventional DSE and state merging techniques: 1) value summaries enable sharing of symbolic expressions and path constraints along multiple paths, 2) value-summaries avoid redundant execution, 3) MultiSE does not introduce auxiliary symbolic values, which enables it to make progress even when merging values not supported by the constraint solver, such as floating point or function values. We have implemented MultiSE for JavaScript programs in a publicly available open-source tool . Our evaluation of MultiSE on several programs shows that MultiSE can run significantly faster than traditional symbolic execution.

查看原文本刊更多论文

使用Concolic测试自动生成测试

在这次演讲中，我将讨论在结肠测试和符号执行方面的最新进展和挑战。Concolic测试，也称为定向自动随机测试(DART)或动态符号执行，是一种自动和系统地为程序生成测试输入的有效方法。Concolic测试使用运行时符号执行和自动定理证明技术的组合来自动生成非冗余和详尽的测试输入。Concolic测试激发了一些工业和学术自动化测试和安全工具的开发，例如微软的PEX、SAGE和YOGI, IBM的Apollo，三星的Conbol，以及学术界的CUTE、jCUTE、CATG、Jalangi、SPLAT、BitBlaze、jFuzz、Oasis和SmartFuzz。广泛采用concolic测试背后的一个中心原因是，虽然concolic测试在内部使用程序分析和自动化定理证明技术，但它暴露了大多数软件开发人员所熟悉的测试使用模型。concolic测试技术的一个关键挑战是大型实际程序的可伸缩性——通常程序的可行执行路径的数量会随着执行路径长度的增加而呈指数增长。我将描述MultiSE，这是一种在符号执行期间增量合并状态的新技术，不使用辅助变量。MultiSE的关键思想是基于状态的另一种表示，我们将每个变量(包括程序计数器)映射到一组称为值摘要的受保护符号表达式。与传统的DSE和状态合并技术相比，MultiSE有几个优点:1)值摘要允许沿着多条路径共享符号表达式和路径约束;2)值摘要避免冗余执行;3)MultiSE不引入辅助符号值，这使得它即使在合并约束求解器不支持的值(如浮点数或函数值)时也能取得进展。我们已经在一个公开可用的开源工具中为JavaScript程序实现了MultiSE。我们在几个程序上对MultiSE的评估表明，MultiSE的运行速度明显快于传统的符号执行。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 8th India Software Engineering Conference

自引率

0.00%

发文量