Local analysis for global inputs
Pages 433 - 436
Abstract
Fuzz testing and symbolic test generation both face their own challenges. While symbolic testing has scalability issues, fuzzing cannot uncover faults which require carefully engineered inputs. In this paper I propose a combination of both approaches, compensating weaknesses of each approach with the strength of the other approach.
I present my plans for evaluation, which include applications of the hybrid tool to programs which neither of the approaches can handle on its own.
References
[1]
B. P. Miller, L. Fredriksen, and B. So, "An empirical study of the reliability of UNIX utilities," Communications of the ACM, vol. 33, no. 12, pp. 32--44, 1990.
[2]
american fuzzy lop. {Online}. Available: http://lcamtuf.coredump.cx/afl/
[3]
How heartbleed could've been found. {Online}. Available: https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html
[4]
S. Elbaum, H. N. Chin, M. B. Dwyer, and J. Dokulil, "Carving Differential Unit Test Cases from System Test Cases," Sigsoft'06, pp. 253--263, 2006.
[5]
C. Cadar, D. Dunbar, and D. R. Engler, "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs," Proceedings of the 8th USENIX conference on Operating systems design and implementation, pp. 209--224, 2008.
[6]
M. Staats, G. Gay, M. Whalen, and M. Heimdahl, "On the danger of coverage directed test case generation," in International Conference on Fundamental Approaches to Software Engineering. Springer, 2012, pp. 409--424.
[7]
P. Godefroid, M. Y. Levin, D. A. Molnar et al., "Automated whitebox fuzz testing." in NDSS, vol. 8, 2008, pp. 151--166.
[8]
K. Sen, D. Marinov, and G. Agha, "Cute: A concolic unit testing engine for c," in Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ser. ESEC/FSE-13. New York, NY, USA: ACM, 2005, pp. 263--272.
[9]
Peach fuzzer: Discover unknown vulnerabilities. {Online}. Available: http://www.peachfuzzer.com/
[10]
C. Holler, K. Herzig, and A. Zeller, "Fuzzing with code fragments," in Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). Bellevue, WA: USENIX, 2012, pp. 445--458.
[11]
N. Havrikov, M. Höschele, J. P. Galeotti, and A. Zeller, "XMLMate: Evolutionary XML Test Generation," Proceedings of the 22Nd ACM SIG-SOFT International Symposium on Foundations of Software Engineering, pp. 719--722, 2014.
[12]
M. Höschele and A. Zeller, "Mining input grammars from dynamic taints," in Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ser. ASE 2016. New York, NY, USA: ACM, 2016, pp. 720--725.
[13]
C. S. Pâsâreanu, P. C. Mehlitz, D. H. Bushnell, K. Gundy-Burlet, M. Lowry, S. Person, and M. Pape, "Combining unit-level symbolic execution and system-level concrete execution for testing nasa software," Proceedings of the 2008 international symposium on Software testing and analysis ISSTA 08, pp. 15--26, 2008.
[14]
M. Böhme and S. Paul, "A Probabilistic Analysis of the Efficiency of Automated Software Testing," IEEE Transactions on Software Engineering, vol. 42, no. 4, pp. 345--360, 2016.
[15]
M. Böhme and A. Roychoudhury, "Corebench: Studying complexity of regression errors," in Proceedings of the 23rd ACM/SIGSOFT International Symposium on Software Testing and Analysis, ser. ISSTA, 2014, pp. 105--115.
[16]
H. Do, S. Elbaum, and G. Rothermel, "Supporting controlled experimentation with testing techniques: An infrastructure and its potential impact," Empirical Softw. Engg., vol. 10, no. 4, pp. 405--435, Oct. 2005.
[17]
R. J. Lipton, R. A. DeMillo, and F. Sayward, "Hints on test data selection: Help for the practicing programmer," IEEE computer, vol. 11, no. 4, pp. 34--41, 1978.
Recommendations
Generating source inputs for metamorphic testing using dynamic symbolic execution
MET '16: Proceedings of the 1st International Workshop on Metamorphic TestingMetamorphic testing uses domain-specific properties about a program's intended behaviour to alleviate the oracle problem. From a given set of source test inputs, a set of follow-up test inputs are generated which have some relation to the source inputs, ...
Global and local testing from Message Sequence Charts
SAC '12: Proceedings of the 27th Annual ACM Symposium on Applied ComputingMessage Sequence Charts are a widely used formalism for describing scenarios a communicating system must be able to perform. We study in this paper different formal frameworks for testing from MSCs. We first consider a setting where all the processes of ...
Prioritizing Test Inputs for Deep Neural Networks via Mutation Analysis
ICSE '21: Proceedings of the 43rd International Conference on Software EngineeringDeep Neural Network (DNN) testing is one of the most widely-used ways to guarantee the quality of DNNs. However, labeling test inputs to check the correctness of DNN prediction is very costly, which could largely affect the efficiency of DNN testing, ...
Comments
Information & Contributors
Information
Published In
May 2017
558 pages
ISBN:9781538615898
- General Chair:
- Sebastian Uchitel,
- Program Chairs:
- Alessandro Orso,
- Martin Robillard
Sponsors
- SIGSOFT: ACM Special Interest Group on Software Engineering
- IEEE-CS: Computer Society
- SADIO: SADIO
Publisher
IEEE Press
Publication History
Published: 20 May 2017
Check for updates
Qualifiers
- Research-article
Conference
ICSE '17
Sponsor:
- SIGSOFT
- IEEE-CS
- SADIO
ICSE '17: 39th International Conference on Software Engineering
May 20 - 28, 2017
Buenos Aires, Argentina
Acceptance Rates
Overall Acceptance Rate 276 of 1,856 submissions, 15%
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 64Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)0
Reflects downloads up to 26 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in