EATBit: Effective automated test for binary translation with high code coverage

Binary translation makes it convenient to emulate one instruction set by another. Nowadays, it is growing in popularity in various applications, especially the embedded platforms. When it comes to the test of binary translators, traditional methodologies which still mainly rely on manual unit test is costly, labor intensive and often not adequate to test complicated algorithms in the translators. Some standard benchmark suites, like SPEC CPU2006, are compiled with different compilation options for further tests. However, the translation modules still have over 30% of their code unexecuted after such tests, according to our experimental results. Methodologies based on randomization can generate a vast variety of tests, thus improve the code coverage in the translation system. In this paper, we propose such an approach named EATBit. Test binaries are generated with randomly selected instructions and operands. The binaries and a large amount of input data are then refined to exclude invalid ones. Experimental results on a real binary translator demonstrate that EATBit can not only improve code coverage by over 20%, but also find some new bugs in the translator successfully.

[1]  Christian Lindig,et al.  Random testing of C calling conventions , 2005, AADEBUG'05.

[2]  K. V. Hanford,et al.  Automatic Generation of Test Cases , 1970, IBM Syst. J..

[3]  Jianjun Li,et al.  An Evaluation of Misaligned Data Access Handling Mechanisms in Dynamic Binary Translation Systems , 2009, 2009 International Symposium on Code Generation and Optimization.

[4]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[5]  Wei-Chung Hsu,et al.  Dynamic helper threaded prefetching on the Sun UltraSPARC/spl reg/ CMP processor , 2005, 38th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'05).

[6]  K. Burr,et al.  Combinatorial Test Techniques : Table-based Automation , Test Generation and Code Coverage , 1998 .

[7]  Dinakar Dhurjati,et al.  Efficiently Detecting All Dangling Pointer Uses in Production Servers , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[8]  Wei-Chung Hsu,et al.  Design and Implementation of a Lightweight Dynamic Optimization System , 2004, J. Instr. Level Parallelism.

[9]  Chi-Keung Luk,et al.  PinOS: a programmable framework for whole-system dynamic instrumentation , 2007, VEE '07.

[10]  Liang Guo,et al.  Automated test program generation for an industrial optimizing compiler , 2009, 2009 ICSE Workshop on Automation of Software Test.

[11]  Flash Sheridan,et al.  Practical testing of a C99 compiler using output comparison , 2007, Softw. Pract. Exp..

[12]  Richard L. Sauder,et al.  A general test data generator for COBOL , 1962, AIEE-IRE '62 (Spring).

[13]  Xuejun Yang,et al.  Test-case reduction for C compiler bugs , 2012, PLDI.

[14]  C. J. Burgess,et al.  The automatic generation of test cases for optimizing Fortran compilers , 1996, Inf. Softw. Technol..

[15]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.