Digital Library[ Search Result ]
An effective Seed Selection Method for Maximizing the Performance of Symbolic Execution
http://doi.org/10.5626/JOK.2025.52.7.578
Symbolic execution is a promising software testing technique that aims to maximize the coverage of executed code areas of program under test by effectively generating test cases. A well-known challenge in symbolic execution is the high cost associated with solving path conditions. One solution to this challenge is to utilize generated test cases as seed inputs for a symbolic execution tool, thereby reducing the number of required solver calls. The effectiveness of this solution depends on the selection of appropriate test cases as seed inputs. This paper proposes a method to enhance the performance of symbolic execution by grouping the generated test cases into clusters, identifying the most promising cluster and selecting the most potential seed input from within it. Experimentally, the proposed method achieved 42.0% more branch coverage on average than traditional symbolic execution tools without seed inputs.
Effective Fuzzing Technique with Command Line Option Mutation/Selection
Ahcheong Lee, Yunho Kim, Moonzoo Kim
http://doi.org/10.5626/JOK.2022.49.11.981
Command line option determines how Command Line Interface (CLI) program executes. Therefore, selecting and using proper command line options determines the performance and effectiveness of testing in terms of coverage and bug detection power. In this paper, we propose PAW (Program option-AWare fuzzer) which automatically selects useful command line options to improve the effectiveness of fuzz testing. In the first 10% of fuzzing time, PAW generates diverse command line options by mutating existing options, and it decides which options are useful ones using branch coverage. For the remaining 90% of the time, PAW focuses on executing the selected, useful options for effective testing. We implemented PAW on top of AFL++ which is the state-of-the-art fuzzer, and we evaluated PAW on ten real-world C programs by comparing coverage with AFL++ and Angora. PAW showed higher branch coverage results and crash detection power on the ten C programs.
A Study on Improvement of Scoring in Programming Practice Questions Using Concolic Testing Technique
Kangbok Seo, Sunghee Lee, Deokyeop Kim, Woojin Lee
http://doi.org/10.5626/JOK.2019.46.11.1133
Recently, as programming education has attracted increasing interest, studies on effective programming education have been actively investigated. Various automatic scoring systems have been developed and are currently used in programming education, but in these systems, there are some contents that the instructor must write, such as test cases for scoring. The test cases used for scoring should not simply use the correct input, but should also be written in consideration of the various parts that students might add to the source code. If the instructor writes such a test case, the author"s mistake may lead to insufficient test cases or incorrect test cases, ultimately resulting in incorrect scoring. In order to solve these problems, this paper proposed a tool to improve the test cases used in existing scoring by applying the concolic testing technique to the source code submitted by the students. In addition, using the proposed tool, we found a case in which the scoring was incorrect, so we added an improved test case to perform the scoring again.
A Comparative Study of C Program Mutation Tools for Effective Mutation Analysis: A Case Study of Proteum and Milu
Yunho Kim, Hyunwoo Kim, Woong-gyu Yang, Moonzoo Kim
http://doi.org/10.5626/JOK.2018.45.4.342
Mutation analysis generates mutants of a target program by applying syntactic changes to the source code and analyzes the difference of execution results of the mutants from those of the original program. For effective mutation analysis, mutant generation tools should be able to generate effective program mutants. For example, a mutant that is semantically equivalent to the original program or another mutant is not an effective mutant, because it does not generate an execution result different from that of the original program or another existing mutant. This paper presents a comparative study of two mutant generation tools for C programs, Proteum and Milu. To generate effective mutants effectively, we generated a canonical form of mutated expressions and removed duplicated mutants that have the same canonical form as that of other mutants. We applied Proteum and Milu to four Linux/Unix utilities in the SIR benchmark and showed that 48.7% and 46.4% of mutants generated by Proteum and Milu were effective mutants on average, respectively.
Automated Unit-test Generation for Detecting Vulnerabilities of Android Kernel Modules
In this study, we propose an automated unit test generation technique for detecting vulnerabilities of Android kernel modules. The technique automatically generates unit test drivers/stubs and unit test inputs for each function of Android kernel modules by utilizing dynamic symbolic execution. To reduce false alarms caused by function pointers and missing pre-conditions of automated unit test generation technique, we develop false alarm reduction techniques that match function pointers by utilizing static analysis and generate pre-conditions by utilizing def-use analysis. We showed that the proposed technique could detect all existing vulnerabilities in the three modules of Android kernel 3.4. Also, the false alarm reduction techniques removed 44.9% of false alarms on average.
Mutagen4J : Effective Mutant Generation Tool for Java Programs
Yiru Jeon, Yunho Kim, Shin Hong, Moonzoo Kim
Mutation analysis (or software mutation analysis) generates variants of a target program by injecting systematic code changes to the target program, and utilizes the variants to analyze the target program behaviors. Effective mutation analyses require adequate mutation operators that generate diverse variants for use in the analysis. However, the current mutation analysis tools for Java programs have limitations, since they support only limited types of mutation operators and do not support recent language features such as Java8. In this study, we present Mutagen4J, a new mutant generation tool for Java programs. Mutagen4J additionally supports mutation operators recently shown to generate various mutants and fully supports recent Java language features. The experimental results show that Mutagen4J generates useful mutants for analyses 2.3 times more than the existing Java mutation tools used for the study.
Effective Integer Promotion Bug Detection Technique for Embedded Software
Yunho Kim, Taejin Kim, Moonzoo Kim, Ho-jung Lee, Hoon Jang, Mingyu Park
C compilers for 8-bit MCUs used in washing machines and refrigerators often do not follow the C standard to improve runtime performance. Developers who are unaware of the difference between C compilers following the C standard and the C compilers for 8-bit MCU can cause bugs that do not appear in the standard C environment but appear in the embedded systems using 8-bit MCUs. It is difficult for bug detectors that assume the standard C environment to detect such bugs. In this paper, we introduce integer promotion bugs caused by the different integer promotion rules of the C compilers for 8-bit MCU from the C standard and propose 5 bug patterns where the integer promotion bugs occur. We have developed an integer promotion bug detection tool and applied it to the washing machine control software developed by the LG electronics. The integer promotion bug detection tool successfully detected 27 integer promotion bugs in the washing machine control software.
A Comparison of the Search Based Testing Algorithm with Metrics
Search-Based Software Testing (SBST) is an effective technique for test data generation on large domain size. Although the performance of SBST seems to be affected by the structural characteristics of Software Under Test (SUT), studies for the comparison of SBST techniques considering structural characteristics are rare. In addition to the comparison study for SBST, we analyzed the best algorithm with different structural characteristics of SUT. For the generalization of experimental results, we automatically generated 19,800 SUTs by combining four metrics, which are expected to affect the performance of SBST. According to the experiment results, Genetic algorithm showed the best performance for SUTs with high complexity and test data evaluation with count ≤ 20,000. On the other hand, the genetic simulated annealing and the simulated annealing showed relatively better performance for SUTs with high complexity and test data evaluation with count ≥ 50,000. Genetic simulated annealing, simulated annealing and hill climbing showed better performance for SUTs with low complexity.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr