Skip to main content
SpringerLink
Log in
Book cover

International Conference on Algorithms and Architectures for Parallel Processing

ICA3PP 2021: Algorithms and Architectures for Parallel Processing pp 196–213Cite as

TDCT: Target-Driven Concolic Testing Using Extended Units by Calculating Function Relevance

  • Conference paper
  • First Online:

  • 1568 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 13157))

Abstract

Concolic unit testing is able to perform comprehensive analysis with a small function of the program. However, due to the following disadvantages, it cannot be widely and effectively applied to test the whole program. One is that it includes many false positives for lacking context-dependent information. The other is that it is difficult to automatically generate the whole program’s inputs by unit inputs. The researchers have proposed different ways to solve the above problems, but it also causes inaccuracy or performance problems in some extent. In this paper, we present a method called Target-Driven Concolic Testing (TDCT) to meet the challenges, which combines concolic unit testing and concolic testing. TDCT is a fine-grained method based on the interprocedural control flow graph (ICFG) to construct extended unit, which could obtain a comprehensive and accurate context of target function as far as possible. We present a custom target-driven search strategy in concolic execution to automatically generate the whole program’s inputs by unit inputs. It not only reduces the system performance overhead by discarding the search of irrelevant paths, but also further validates the authenticity of the potential bugs. We implement a prototype system of TDCT and apply it to 4 real-world C programs. The experiment shows that TDCT could find 83.87% of the target bugs and it possesses high precision with a true to false alarm ration is 1:5.2. It indicates that TDCT is able to effectively and accurately detect bugs and automatically generate the whole program’s inputs by unit inputs.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Kim, Y., Choi, Y., Kim, M.: Precise concolic unit testing of c programs using extended units and symbolic alarm filtering. In: Proceedings of the 40th International Conference on Software Engineering (ICSE 2018). ACM, New York, NY, USA, pp. 315–326 (2018)

    Google Scholar 

  2. Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. In: Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE 2005), pp. 263–272 (2005)

    Google Scholar 

  3. Sen, K., Agha, G.: CUTE and jCUTE: concolic unit testing and explicit path model-checking tools. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 419–423. Springer, Heidelberg (2006). https://doi.org/10.1007/11817963_38

    Chapter  Google Scholar 

  4. Ahmadi, R., Jahed, K., Dingel, J.: mCUTE: a model-level concolic unit testing engine for UML state machines. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 1182–1185 (2019)

    Google Scholar 

  5. Chakrabarti, A., Godefroid, P.: Software partitioning for effective automated unit testing. In: Proceedings of the 6th International Conference on Embedded Software (EMSOFT 2006), New York, NY, USA, pp. 262–271. ACM (2006)

    Google Scholar 

  6. Banabic, R., Candea, G., Guerraoui, R.: Finding Trojan message vulnerabilities in distributed systems. In: Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2014), New York, NY, USA, pp. 113–126. ACM (2014)

    Google Scholar 

  7. Kim, Y., Hong, S., Kim, M.: Target-driven compositional concolic testing with function summary refinement for effective bug detection, pp. 16–26 (2019)

    Google Scholar 

  8. Li, H., Kwon, H., Kwon, J., Lee, H.: A scalable approach for vulnerability discovery based on security patches. In: Batten, L., Li, G., Niu, W., Warren, M. (eds.) ATIS 2014. CCIS, vol. 490, pp. 109–122. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45670-5_11

    Chapter  Google Scholar 

  9. Do, H., Elbaum, S., Rothermel, G.: Supporting controlled experimentation with testing techniques: an infrastructure and its potential impact. Empirical Softw. Eng. 10(4), 405–435 (2005)

    Article  Google Scholar 

  10. FOCAL real-world crash bug benchmark. https://sites.google.com/view/focal-fse19

  11. Kim, M., Kim, Y., Choi, Y.: Concolic testing of the multisector read operation for flash storage platform software. Formal Aspects Comput. 24(3), 355–374 (2012)

    Article  Google Scholar 

  12. Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2005), pp. 213–223 (2005)

    Google Scholar 

  13. Kim, S.Y., et al.: CAB-fuzz: practical concolic testing techniques for COTS operating systems. In: 2017 USENIX Annual Technical Conference (USENIX ATC 2017), pp. 689–701 (2017)

    Google Scholar 

  14. Christakis, M., Müller, P., Wüstholz, V.: Guiding dynamic symbolic execution toward unverified program executions. In: Proceedings of the 38th International Conference on Software Engineering (ICSE 2016), pp. 144–155 (2016)

    Google Scholar 

  15. Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS 2016), pp. 1–16 (2016)

    Google Scholar 

  16. Zhang, Y., Clien, Z., Wang, J., Dong, W., Liu, Z.: Regular property guided dynamic symbolic execution. In: Proceedings of the 37th International Conference on Software Engineering (ICSE 2015), vol. 1, pp. 643–653 (2015)

    Google Scholar 

  17. Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2), 82–90 (2013)

    Article  Google Scholar 

  18. Baldoni, R., Coppa, E., D’Elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. 51(3), 1–39 (2018). Article No. 50

    Article  Google Scholar 

  19. Engler, D.R., Dunbar, D.: Under-constrained execution: making automatic code destruction easy and scalable. In: Proceedings of the of 2007 International Symposium on Software Testing and Analysis (ISSTA 2007), pp. 1–4 (2007)

    Google Scholar 

  20. Trabish, D., Mattavelli, A., Rinetzky, N., Cadar, C.: Chopped symbolic execution. In: 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE), Gothenburg, pp. 350–360 (2018)

    Google Scholar 

  21. Seo, H., Kim, S.: How we get there: a context-guided search strategy in concolic testing. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014), New York, NY, USA, pp. 413–424. Association for Computing Machinery (2014)

    Google Scholar 

  22. Pham, V.-T., Ng, W.B., Rubinov, K., Roychoudhury, A.: Hercules: reproducing crashes in real-world application binaries. In: Proceedings of the 37th International Conference on Software Engineering (ICSE 2015), vol. 1, pp. 891–901. IEEE Press (2015)

    Google Scholar 

  23. Xu, Z., Chen, B., Chandramohan, M., Liu, Y., Song, F.: SPAIN: security patch analysis for binaries towards understanding the pain and pills. In: Proceedings of the 39th International Conference on Software Engineering, pp. 462–472. IEEE Press (2017)

    Google Scholar 

  24. Marinescu, P.D., Cadar, C.: KATCH: high-coverage testing of software patches. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 235–245. ACM (2013)

    Google Scholar 

  25. Kuchta, T., Palikareva, H., Cadar, C.: Shadow symbolic execution for testing software patches. ACM Trans. Softw. Eng. Methodol. (TOSEM) 27(3), 10 (2018)

    Article  Google Scholar 

  26. Ramos, D.A., Engler, D.R.: Under-constrained symbolic execution: correctness checking for real code. In: Proceedings of the 24th USENIX Conference on Security Symposium (SEC 2015), pp. 49–64. USENIX Association (2015)

    Google Scholar 

  27. Pǎsǎreanu, C.S., et al.: Combining unit-level symbolic execution and system-level concrete execution for testing NASA software. In: Proceedings of the 2008 International Symposium on Software Testing and Analysis (ISSTA 2008), New York, NY, USA, pp. 15–26. Association for Computing Machinery (2008)

    Google Scholar 

  28. Chipounov, V., Kuznetsov, V., Candea, G.: S2E: a platform for in-vivo multi-path analysis of software systems. ACM SIGARCH Comput. Archit. News 39, 265–278 (2011)

    Article  Google Scholar 

Download references

Acknowledgment

This work is supported by the strategic Priority Research Program of Chinese Academy of Sciences, Grant No. XDC02010400.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Meng Fan, Wenzhi Wang, Aimin Yu & Dan Meng

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Meng Fan & Wenzhi Wang

Authors
  1. Meng Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenzhi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aimin Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dan Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wenzhi Wang .

Editor information

Editors and Affiliations

  1. Xiamen University, Xiamen, China

    Yongxuan Lai

  2. Beijing Normal University, Zhuhai, China

    Tian Wang

  3. Xiamen University, Xiamen, China

    Min Jiang

  4. Tianjin University, Tianjin, China

    Guangquan Xu

  5. Hunan University, Changsha, China

    Wei Liang

  6. University of Naples Parthenope, Naples, Italy

    Aniello Castiglione

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fan, M., Wang, W., Yu, A., Meng, D. (2022). TDCT: Target-Driven Concolic Testing Using Extended Units by Calculating Function Relevance. In: Lai, Y., Wang, T., Jiang, M., Xu, G., Liang, W., Castiglione, A. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2021. Lecture Notes in Computer Science(), vol 13157. Springer, Cham. https://doi.org/10.1007/978-3-030-95391-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-95391-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-95390-4

  • Online ISBN: 978-3-030-95391-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation