Concolic Testing of the Multi-sector Read Operation for Flash Memory File System

In today's information society, flash memory has become a virtually indispensable component, particularly for mobile devices. In order for mobile devices to operate successfully, it is essential that flash memory be controlled correctly through file system software. However, as is typical for embedded software, conventional testing methods often fail to detect hidden flaws in the software due to the difficulty of creating effective test cases. As a different approach, model checking techniques guarantee a complete analysis, but only on a limited scale. In this paper, we describe an empirical study wherein a concolic testing method is applied to the multi-sector read operation for a flash memory. This method combines a symbolic static analysis and a concrete dynamic analysis to automatically generate test cases and perform exhaustive path testing accordingly. In addition, we analyze the advantages and weaknesses of the concolic testing approach on the domain of the flash file system compared to model checking techniques.

[1]  Lionel C. Briand,et al.  Is mutation an appropriate tool for testing experiments? , 2005, ICSE.

[2]  Stephan Merz,et al.  Model Checking , 2000 .

[3]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[4]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[5]  Abz,et al.  Abstract State Machines, B and Z, First International Conference, ABZ 2008, London, UK, September 16-18, 2008. Proceedings , 2008, ABZ.

[6]  Jim Woodcock,et al.  Mechanising a formal model of flash memory , 2009, Sci. Comput. Program..

[7]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[8]  Sarfraz Khurshid,et al.  Test input generation with java PathFinder , 2004, ISSTA '04.

[9]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[10]  Daniel Jackson,et al.  Formal Modeling and Analysis of a Flash Filesystem in Alloy , 2008, ABZ.

[11]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[12]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[13]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[14]  David L. Dill,et al.  An Online Proof-Producing Decision Procedure for Mixed-Integer Linear Arithmetic , 2003, TACAS.

[15]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[16]  Bruno Dutertre,et al.  A Fast Linear-Arithmetic Solver for DPLL(T) , 2006, CAV.

[17]  Moonzoo Kim,et al.  Pre-testing Flash Device Driver through Model Checking Techniques , 2008, 2008 1st International Conference on Software Testing, Verification, and Validation.

[18]  Koushik Sen,et al.  Heuristics for Scalable Dynamic Test Generation , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[19]  Nikolai Tillmann,et al.  An empirical study of testing file-system-dependent software with mock objects , 2009, 2009 ICSE Workshop on Automation of Software Test.

[20]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[21]  Nikolai Tillmann,et al.  Parameterized unit tests , 2005, ESEC/FSE-13.

[22]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[23]  Moonzoo Kim,et al.  Formal Verification of a Flash Memory Device Driver - An Experience Report , 2008, SPIN.