{"title":"使用变形测试改进动态符号执行","authors":"Eman Alatawi, Tim Miller, H. Søndergaard","doi":"10.1109/ASWEC.2015.16","DOIUrl":null,"url":null,"abstract":"Dynamic symbolic execution (DSE) is an approach for automatically generating test inputs from source code using constraint information. It is used in fuzzing: the execution of tests while monitoring for generic properties such as buffer overflows and other security violations. Limitations of DSE for fuzzing are two-fold: (1) only generic properties are checked: many deviations from specified behaviour are not found, and (2) many programs are not entirely amenable to DSE because they give rise to hard constraints, so that some parts of a program remain uncovered. In this paper, we discuss how to mitigate these problems using metamorphic testing (MT). Metamorphic testing uses domain-specific properties about program behaviour, relating pairs of inputs to pairs of outputs. From a given test suite, follow-up tests inputs are generated, and their outputs are compared to outputs from the original tests, using metamorphic relations. Our hypothesis is that using metamorphic testing increases the ability of a DSE test suite to find faults, and that the follow-up tests execute some previously-uncovered segments. We have experimented with seven small but non-trivial libraries, comparing DSE test suites with DSE+MT test suites, demonstrating that DSE+MT test suites improve coverage marginally, but find more faults.","PeriodicalId":310799,"journal":{"name":"2015 24th Australasian Software Engineering Conference","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Using Metamorphic Testing to Improve Dynamic Symbolic Execution\",\"authors\":\"Eman Alatawi, Tim Miller, H. Søndergaard\",\"doi\":\"10.1109/ASWEC.2015.16\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Dynamic symbolic execution (DSE) is an approach for automatically generating test inputs from source code using constraint information. It is used in fuzzing: the execution of tests while monitoring for generic properties such as buffer overflows and other security violations. Limitations of DSE for fuzzing are two-fold: (1) only generic properties are checked: many deviations from specified behaviour are not found, and (2) many programs are not entirely amenable to DSE because they give rise to hard constraints, so that some parts of a program remain uncovered. In this paper, we discuss how to mitigate these problems using metamorphic testing (MT). Metamorphic testing uses domain-specific properties about program behaviour, relating pairs of inputs to pairs of outputs. From a given test suite, follow-up tests inputs are generated, and their outputs are compared to outputs from the original tests, using metamorphic relations. Our hypothesis is that using metamorphic testing increases the ability of a DSE test suite to find faults, and that the follow-up tests execute some previously-uncovered segments. We have experimented with seven small but non-trivial libraries, comparing DSE test suites with DSE+MT test suites, demonstrating that DSE+MT test suites improve coverage marginally, but find more faults.\",\"PeriodicalId\":310799,\"journal\":{\"name\":\"2015 24th Australasian Software Engineering Conference\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-09-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 24th Australasian Software Engineering Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ASWEC.2015.16\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 24th Australasian Software Engineering Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASWEC.2015.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Using Metamorphic Testing to Improve Dynamic Symbolic Execution
Dynamic symbolic execution (DSE) is an approach for automatically generating test inputs from source code using constraint information. It is used in fuzzing: the execution of tests while monitoring for generic properties such as buffer overflows and other security violations. Limitations of DSE for fuzzing are two-fold: (1) only generic properties are checked: many deviations from specified behaviour are not found, and (2) many programs are not entirely amenable to DSE because they give rise to hard constraints, so that some parts of a program remain uncovered. In this paper, we discuss how to mitigate these problems using metamorphic testing (MT). Metamorphic testing uses domain-specific properties about program behaviour, relating pairs of inputs to pairs of outputs. From a given test suite, follow-up tests inputs are generated, and their outputs are compared to outputs from the original tests, using metamorphic relations. Our hypothesis is that using metamorphic testing increases the ability of a DSE test suite to find faults, and that the follow-up tests execute some previously-uncovered segments. We have experimented with seven small but non-trivial libraries, comparing DSE test suites with DSE+MT test suites, demonstrating that DSE+MT test suites improve coverage marginally, but find more faults.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
