Strategy-guided test-case order in dynamic symbolic execution

Dynamic symbolic execution (DSE) is a variation of symbolic execution, which is a path sensitive technique for software testing. Recently there has emerged much new techniques and many new tools, depending on DSE, to improve path coverage in testing. But when facing large-scale programs, there still exists a challenge that if DSE cannot choose better inputs as seeds, it has to do much redundant execution because of inputs' similarity in their trace. An intuitive idea to improve the performance of DSE is to reorder these inputs, which will be passed to the symbolic engine for path-constraints collection, by some criteria. In this paper, we present six strategies and design some experiments, aiming to demonstrate that ordering testing case is useful to improve the path-coverage in a limited resource.

[1]  Christopher Krügel,et al.  Driller: Augmenting Fuzzing Through Selective Symbolic Execution , 2016, NDSS.

[2]  Ting Chen,et al.  State of the art: Dynamic symbolic execution for automated test generation , 2013, Future Gener. Comput. Syst..

[3]  Alex Groce,et al.  Using test case reduction and prioritization to improve symbolic execution , 2014, ISSTA 2014.

[4]  Koushik Sen,et al.  WISE: Automated test generation for worst-case complexity , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[5]  Sarfraz Khurshid,et al.  Symbolic execution for software testing in practice: preliminary assessment , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[6]  David Brumley,et al.  Unleashing Mayhem on Binary Code , 2012, 2012 IEEE Symposium on Security and Privacy.

[7]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[8]  Tao Xie,et al.  To Be Optimal or Not in Test-Case Prioritization , 2016, IEEE Transactions on Software Engineering.

[9]  Koushik Sen,et al.  Heuristics for Scalable Dynamic Test Generation , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[10]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[11]  Gregg Rothermel,et al.  Test Case Prioritization: A Family of Empirical Studies , 2002, IEEE Trans. Software Eng..

[12]  Christopher Krügel,et al.  SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[13]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.