Abstract
Concolic unit testing is able to perform comprehensive analysis with a small function of the program. However, due to the following disadvantages, it cannot be widely and effectively applied to test the whole program. One is that it includes many false positives for lacking context-dependent information. The other is that it is difficult to automatically generate the whole program’s inputs by unit inputs. The researchers have proposed different ways to solve the above problems, but it also causes inaccuracy or performance problems in some extent. In this paper, we present a method called Target-Driven Concolic Testing (TDCT) to meet the challenges, which combines concolic unit testing and concolic testing. TDCT is a fine-grained method based on the interprocedural control flow graph (ICFG) to construct extended unit, which could obtain a comprehensive and accurate context of target function as far as possible. We present a custom target-driven search strategy in concolic execution to automatically generate the whole program’s inputs by unit inputs. It not only reduces the system performance overhead by discarding the search of irrelevant paths, but also further validates the authenticity of the potential bugs. We implement a prototype system of TDCT and apply it to 4 real-world C programs. The experiment shows that TDCT could find 83.87% of the target bugs and it possesses high precision with a true to false alarm ration is 1:5.2. It indicates that TDCT is able to effectively and accurately detect bugs and automatically generate the whole program’s inputs by unit inputs.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Kim, Y., Choi, Y., Kim, M.: Precise concolic unit testing of c programs using extended units and symbolic alarm filtering. In: Proceedings of the 40th International Conference on Software Engineering (ICSE 2018). ACM, New York, NY, USA, pp. 315–326 (2018)
Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. In: Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE 2005), pp. 263–272 (2005)
Sen, K., Agha, G.: CUTE and jCUTE: concolic unit testing and explicit path model-checking tools. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 419–423. Springer, Heidelberg (2006). https://doi.org/10.1007/11817963_38
Ahmadi, R., Jahed, K., Dingel, J.: mCUTE: a model-level concolic unit testing engine for UML state machines. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 1182–1185 (2019)
Chakrabarti, A., Godefroid, P.: Software partitioning for effective automated unit testing. In: Proceedings of the 6th International Conference on Embedded Software (EMSOFT 2006), New York, NY, USA, pp. 262–271. ACM (2006)
Banabic, R., Candea, G., Guerraoui, R.: Finding Trojan message vulnerabilities in distributed systems. In: Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2014), New York, NY, USA, pp. 113–126. ACM (2014)
Kim, Y., Hong, S., Kim, M.: Target-driven compositional concolic testing with function summary refinement for effective bug detection, pp. 16–26 (2019)
Li, H., Kwon, H., Kwon, J., Lee, H.: A scalable approach for vulnerability discovery based on security patches. In: Batten, L., Li, G., Niu, W., Warren, M. (eds.) ATIS 2014. CCIS, vol. 490, pp. 109–122. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45670-5_11
Do, H., Elbaum, S., Rothermel, G.: Supporting controlled experimentation with testing techniques: an infrastructure and its potential impact. Empirical Softw. Eng. 10(4), 405–435 (2005)
FOCAL real-world crash bug benchmark. https://sites.google.com/view/focal-fse19
Kim, M., Kim, Y., Choi, Y.: Concolic testing of the multisector read operation for flash storage platform software. Formal Aspects Comput. 24(3), 355–374 (2012)
Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2005), pp. 213–223 (2005)
Kim, S.Y., et al.: CAB-fuzz: practical concolic testing techniques for COTS operating systems. In: 2017 USENIX Annual Technical Conference (USENIX ATC 2017), pp. 689–701 (2017)
Christakis, M., Müller, P., Wüstholz, V.: Guiding dynamic symbolic execution toward unverified program executions. In: Proceedings of the 38th International Conference on Software Engineering (ICSE 2016), pp. 144–155 (2016)
Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS 2016), pp. 1–16 (2016)
Zhang, Y., Clien, Z., Wang, J., Dong, W., Liu, Z.: Regular property guided dynamic symbolic execution. In: Proceedings of the 37th International Conference on Software Engineering (ICSE 2015), vol. 1, pp. 643–653 (2015)
Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2), 82–90 (2013)
Baldoni, R., Coppa, E., D’Elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. 51(3), 1–39 (2018). Article No. 50
Engler, D.R., Dunbar, D.: Under-constrained execution: making automatic code destruction easy and scalable. In: Proceedings of the of 2007 International Symposium on Software Testing and Analysis (ISSTA 2007), pp. 1–4 (2007)
Trabish, D., Mattavelli, A., Rinetzky, N., Cadar, C.: Chopped symbolic execution. In: 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE), Gothenburg, pp. 350–360 (2018)
Seo, H., Kim, S.: How we get there: a context-guided search strategy in concolic testing. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014), New York, NY, USA, pp. 413–424. Association for Computing Machinery (2014)
Pham, V.-T., Ng, W.B., Rubinov, K., Roychoudhury, A.: Hercules: reproducing crashes in real-world application binaries. In: Proceedings of the 37th International Conference on Software Engineering (ICSE 2015), vol. 1, pp. 891–901. IEEE Press (2015)
Xu, Z., Chen, B., Chandramohan, M., Liu, Y., Song, F.: SPAIN: security patch analysis for binaries towards understanding the pain and pills. In: Proceedings of the 39th International Conference on Software Engineering, pp. 462–472. IEEE Press (2017)
Marinescu, P.D., Cadar, C.: KATCH: high-coverage testing of software patches. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 235–245. ACM (2013)
Kuchta, T., Palikareva, H., Cadar, C.: Shadow symbolic execution for testing software patches. ACM Trans. Softw. Eng. Methodol. (TOSEM) 27(3), 10 (2018)
Ramos, D.A., Engler, D.R.: Under-constrained symbolic execution: correctness checking for real code. In: Proceedings of the 24th USENIX Conference on Security Symposium (SEC 2015), pp. 49–64. USENIX Association (2015)
Pǎsǎreanu, C.S., et al.: Combining unit-level symbolic execution and system-level concrete execution for testing NASA software. In: Proceedings of the 2008 International Symposium on Software Testing and Analysis (ISSTA 2008), New York, NY, USA, pp. 15–26. Association for Computing Machinery (2008)
Chipounov, V., Kuznetsov, V., Candea, G.: S2E: a platform for in-vivo multi-path analysis of software systems. ACM SIGARCH Comput. Archit. News 39, 265–278 (2011)
Acknowledgment
This work is supported by the strategic Priority Research Program of Chinese Academy of Sciences, Grant No. XDC02010400.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Fan, M., Wang, W., Yu, A., Meng, D. (2022). TDCT: Target-Driven Concolic Testing Using Extended Units by Calculating Function Relevance. In: Lai, Y., Wang, T., Jiang, M., Xu, G., Liang, W., Castiglione, A. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2021. Lecture Notes in Computer Science(), vol 13157. Springer, Cham. https://doi.org/10.1007/978-3-030-95391-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-95391-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95390-4
Online ISBN: 978-3-030-95391-1
eBook Packages: Computer ScienceComputer Science (R0)