Digital Library[ Search Result ]
An effective Seed Selection Method for Maximizing the Performance of Symbolic Execution
http://doi.org/10.5626/JOK.2025.52.7.578
Symbolic execution is a promising software testing technique that aims to maximize the coverage of executed code areas of program under test by effectively generating test cases. A well-known challenge in symbolic execution is the high cost associated with solving path conditions. One solution to this challenge is to utilize generated test cases as seed inputs for a symbolic execution tool, thereby reducing the number of required solver calls. The effectiveness of this solution depends on the selection of appropriate test cases as seed inputs. This paper proposes a method to enhance the performance of symbolic execution by grouping the generated test cases into clusters, identifying the most promising cluster and selecting the most potential seed input from within it. Experimentally, the proposed method achieved 42.0% more branch coverage on average than traditional symbolic execution tools without seed inputs.
Dynamic Function Relevance based Fuzzing for High Coverage
Ahcheong Lee, Yunho Kim, Moonzoo Kim
http://doi.org/10.5626/JOK.2021.48.4.391
Coverage Guided Fuzzing (CGF) is one of the famous test case generation technique. The technique is actively researched and used based on its simplicity and scalability for large real software. However, most of the fuzzing techniques do not utilize valuable semantic information of target programs. This paper presents two new heuristics that use dynamic function relevance to select the appropriate input bytes which can be mutated to increase the coverage. The function relevance between the two functions is defined as the number of test cases that execute the functions together, and the high relevance means the two functions executing high dependency on each other. To improve coverage of a target function, the new heuristics determines bytes that are used by functions that are highly relevant to the target function, and only the valuable bytes are mutated. As these bytes have high data dependency on the variables in the target function, mutating them improves the coverage of the target function. We implemented the two heuristics on the top of the state-of-the-art fuzzers, Angora and FairFuzz, and evaluated on real-world C programs that are used by recent fuzzing works. The heuristics showed 17.88% and 11.03% path coverage improvement, respectively.
Behavior Model-Based Fault Localization for RESTful Web Applications
Jong-In Jang, Nakwon Lee, Duksan Ryu, Jongmoon Baik
http://doi.org/10.5626/JOK.2020.47.11.1044
Because of the nature of Web applications being more complex, larger in scale and more likely to be composed of black box components compared to traditional software systems wherein fault localization techniques are actively used, existing techniques can be only minimally applied to localize faults in Web applications. Also, existing studies to localize a fault in a complex system such as a Web application system also have limitations in capturing the indirect interactions in Web applications and suffers from the Web application’s dynamic nature. In this study, we propose a behavior modeling-based fault localization for the RESTful Web applications. The approach models a RESTful Web application as a sequence of behaviors that captures the direct and indirect interactions in the application. The modeling process is lightweight and it is not necessary to build the model in advance of the actual execution of application. The spectrum-based fault localization is then performed in the granularity of behavior pairs in the behavior model. To demonstrate the approach, a case study on the RESTful Web application built upon the YouTube Data API v3 was conducted and demonstrated that the approach can successfully resolve aforementioned difficulties and localize a fault in the RESTful Web application.
A Study on Improvement of Scoring in Programming Practice Questions Using Concolic Testing Technique
Kangbok Seo, Sunghee Lee, Deokyeop Kim, Woojin Lee
http://doi.org/10.5626/JOK.2019.46.11.1133
Recently, as programming education has attracted increasing interest, studies on effective programming education have been actively investigated. Various automatic scoring systems have been developed and are currently used in programming education, but in these systems, there are some contents that the instructor must write, such as test cases for scoring. The test cases used for scoring should not simply use the correct input, but should also be written in consideration of the various parts that students might add to the source code. If the instructor writes such a test case, the author"s mistake may lead to insufficient test cases or incorrect test cases, ultimately resulting in incorrect scoring. In order to solve these problems, this paper proposed a tool to improve the test cases used in existing scoring by applying the concolic testing technique to the source code submitted by the students. In addition, using the proposed tool, we found a case in which the scoring was incorrect, so we added an improved test case to perform the scoring again.
A Comparative Study of C Program Mutation Tools for Effective Mutation Analysis: A Case Study of Proteum and Milu
Yunho Kim, Hyunwoo Kim, Woong-gyu Yang, Moonzoo Kim
http://doi.org/10.5626/JOK.2018.45.4.342
Mutation analysis generates mutants of a target program by applying syntactic changes to the source code and analyzes the difference of execution results of the mutants from those of the original program. For effective mutation analysis, mutant generation tools should be able to generate effective program mutants. For example, a mutant that is semantically equivalent to the original program or another mutant is not an effective mutant, because it does not generate an execution result different from that of the original program or another existing mutant. This paper presents a comparative study of two mutant generation tools for C programs, Proteum and Milu. To generate effective mutants effectively, we generated a canonical form of mutated expressions and removed duplicated mutants that have the same canonical form as that of other mutants. We applied Proteum and Milu to four Linux/Unix utilities in the SIR benchmark and showed that 48.7% and 46.4% of mutants generated by Proteum and Milu were effective mutants on average, respectively.
Automated Unit-test Generation for Detecting Vulnerabilities of Android Kernel Modules
In this study, we propose an automated unit test generation technique for detecting vulnerabilities of Android kernel modules. The technique automatically generates unit test drivers/stubs and unit test inputs for each function of Android kernel modules by utilizing dynamic symbolic execution. To reduce false alarms caused by function pointers and missing pre-conditions of automated unit test generation technique, we develop false alarm reduction techniques that match function pointers by utilizing static analysis and generate pre-conditions by utilizing def-use analysis. We showed that the proposed technique could detect all existing vulnerabilities in the three modules of Android kernel 3.4. Also, the false alarm reduction techniques removed 44.9% of false alarms on average.
Mutagen4J : Effective Mutant Generation Tool for Java Programs
Yiru Jeon, Yunho Kim, Shin Hong, Moonzoo Kim
Mutation analysis (or software mutation analysis) generates variants of a target program by injecting systematic code changes to the target program, and utilizes the variants to analyze the target program behaviors. Effective mutation analyses require adequate mutation operators that generate diverse variants for use in the analysis. However, the current mutation analysis tools for Java programs have limitations, since they support only limited types of mutation operators and do not support recent language features such as Java8. In this study, we present Mutagen4J, a new mutant generation tool for Java programs. Mutagen4J additionally supports mutation operators recently shown to generate various mutants and fully supports recent Java language features. The experimental results show that Mutagen4J generates useful mutants for analyses 2.3 times more than the existing Java mutation tools used for the study.
Effective Integer Promotion Bug Detection Technique for Embedded Software
Yunho Kim, Taejin Kim, Moonzoo Kim, Ho-jung Lee, Hoon Jang, Mingyu Park
C compilers for 8-bit MCUs used in washing machines and refrigerators often do not follow the C standard to improve runtime performance. Developers who are unaware of the difference between C compilers following the C standard and the C compilers for 8-bit MCU can cause bugs that do not appear in the standard C environment but appear in the embedded systems using 8-bit MCUs. It is difficult for bug detectors that assume the standard C environment to detect such bugs. In this paper, we introduce integer promotion bugs caused by the different integer promotion rules of the C compilers for 8-bit MCU from the C standard and propose 5 bug patterns where the integer promotion bugs occur. We have developed an integer promotion bug detection tool and applied it to the washing machine control software developed by the LG electronics. The integer promotion bug detection tool successfully detected 27 integer promotion bugs in the washing machine control software.
A Comparison of the Search Based Testing Algorithm with Metrics
Search-Based Software Testing (SBST) is an effective technique for test data generation on large domain size. Although the performance of SBST seems to be affected by the structural characteristics of Software Under Test (SUT), studies for the comparison of SBST techniques considering structural characteristics are rare. In addition to the comparison study for SBST, we analyzed the best algorithm with different structural characteristics of SUT. For the generalization of experimental results, we automatically generated 19,800 SUTs by combining four metrics, which are expected to affect the performance of SBST. According to the experiment results, Genetic algorithm showed the best performance for SUTs with high complexity and test data evaluation with count ≤ 20,000. On the other hand, the genetic simulated annealing and the simulated annealing showed relatively better performance for SUTs with high complexity and test data evaluation with count ≥ 50,000. Genetic simulated annealing, simulated annealing and hill climbing showed better performance for SUTs with low complexity.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr