cute a concolic unit testing engine for c acm sigsoft
play

CUTE: A Concolic Unit Testing Engine for C (ACM SIGSOFT Impact - PowerPoint PPT Presentation

Apr 21, 2023 •473 likes •1.16k views

CUTE: A Concolic Unit Testing Engine for C (ACM SIGSOFT Impact Award 2019) Koushik Sen, UC Berkeley Darko Marinov, UIUC Gul Agha, UIUC Programs Have Bugs 2 Why Program Testing? Programmer familiarity Concrete input for debugging

  1. CUTE: A Concolic Unit Testing Engine for C (ACM SIGSOFT Impact Award 2019) Koushik Sen, UC Berkeley Darko Marinov, UIUC Gul Agha, UIUC

  2. Programs Have Bugs 2

  3. Why Program Testing? ü Programmer familiarity ü Concrete input for debugging ü No false positives ü Easy regression 3

  4. Why Automated Testing? 4

  5. Automated Testing Hits the Mainstream 5

  6. Automated Testing Hits the Mainstream 6

  7. Automated Testing Hits the Mainstream 7

  8. Automated Testing Hits the Mainstream 8

  9. Automated Test Generation Trend • 1976: King’76, Clarke’76, Howden’77 • 2000: Java PathFinder • 2001: Started my PhD UIUC • 2001: SLAM/Blast: Automatic predicate abstraction • 2001: Java PathExplorer: Runtime Verification • 2003: Runtime monitoring with Eagle (Internship) • 2003: Generalized Symbolic Execution

  10. Automated Test Generation Trend • 1976: King’76, Clarke’76, Howden’77 • 2000: Java PathFinder • 2001: Started my PhD UIUC • 2001: SLAM/Blast: Automatic predicate abstraction • 2001: Java PathExplorer: Runtime Verification • 2003: Runtime monitoring with Eagle (Internship) • 2003: Generalized Symbolic Execution • 2005: DART: Directed Automated Random Testing (Internship) • 2005: CUTE: A Concolic Unit Testing Engine for C • 2006: jCUTE: Concolic Testing for Multi-threaded programs Symbolic JPF, KLEE, CREST, S 2 E, Angr, Veritesting, Mayhem, Triton, Jalangi, CATG

  12. What is Concolic testing? • Combine concrete execution and symbolic execution Conc rete + Symb olic = Concolic 12

  14. Goal • Automated Unit Testing of real-world C and Java Programs • Generate test inputs • Execute unit under test on generated test inputs • so that all reachable statements are executed • Any assertion violation gets caught 14

  15. Goal • Automated Unit Testing of real-world C and Java Programs • Generate test inputs • Execute unit under test on generated test inputs • so that all reachable statements are executed • Any assertion violation gets caught • Concolic Testing Approach: • Explore all execution paths of an unit for all possible inputs 15

  16. Computation Tree • Can be seen as a binary tree with possibly infinite depth • Computation tree 1 0 • Each node represents the execution of a “ if then else ” statement 1 0 1 0 • Each edge represents the execution of a sequence of non-conditional statements 0 1 1 • Each path in the tree represents an equivalence class of inputs 1 0 1 16

  17. Concolic Testing Approach int double (int v) { return 2*v; n Random Test Driver: } q random values for x and y void testme (int x, int y) { n Probability of reaching z = double (y); ERROR is extremely low if (z == x) { if (x > y+10) { ERROR; } } } 17

  18. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } state state condition void testme (int x, int y) { x = 22, y = 7 x = x 0 , y = y 0 z = double (y); if (z == x) { if (x > y+10) { ERROR; } } } 18

  19. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { z = double (y); x = 22, y = 7, x = x 0 , y = y 0 , if (z == x) { z = 14 z = 2*y 0 if (x > y+10) { ERROR; } } } 19

  20. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { z = double (y); if (z == x) { 2*y 0 != x 0 if (x > y+10) { ERROR; } } x = 22, y = 7, x = x 0 , y = y 0 , } z = 14 z = 2*y 0 20

  21. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { Solve: 2*y 0 == x 0 z = double (y); Solution: x 0 = 2, y 0 = 1 if (z == x) { 2*y 0 != x 0 if (x > y+10) { ERROR; } } x = 22, y = 7, x = x 0 , y = y 0 , } z = 14 z = 2*y 0 21

  22. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { x = 2, y = 1 x = x 0 , y = y 0 z = double (y); if (z == x) { if (x > y+10) { ERROR; } } } 22

  23. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { z = double (y); x = 2, y = 1, x = x 0 , y = y 0 , if (z == x) { z = 2 z = 2*y 0 if (x > y+10) { ERROR; } } } 23

  24. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { z = double (y); if (z == x) { 2*y 0 == x 0 x = 2, y = 1, x = x 0 , y = y 0 , if (x > y+10) { z = 2 z = 2*y 0 ERROR; } } } 24

  25. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { z = double (y); if (z == x) { 2*y 0 == x 0 if (x > y+10) { x 0 ≤ y 0 +10 ERROR; } } } x = 2, y = 1, x = x 0 , y = y 0 , z = 2 z = 2*y 0 25

  26. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { Solve: (2*y 0 == x 0 ) ∧ (x 0 > y 0 + 10) z = double (y); Solution: x 0 = 30, y 0 = 15 if (z == x) { 2*y 0 == x 0 if (x > y+10) { x 0 > y 0 +10 ERROR; } } } x = 2, y = 1, x = x 0 , y = y 0 , z = 2 z = 2*y 0 26

  27. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { x = 30, y = 15 x = x 0 , y = y 0 z = double (y); if (z == x) { if (x > y+10) { ERROR; } } } 27

  28. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { Program Error z = double (y); if (z == x) { 2*y 0 == x 0 if (x > y+10) { x 0 > y 0 +10 x = 30, y = 15 x = x 0 , y = y 0 ERROR; } } } 28

  29. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 29

  30. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 30

  31. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 31

  32. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 32

  33. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 33

  34. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 34

  35. Novelty : Simultaneous Concrete and Symbolic Execution Concrete Symbolic int foo (int v) { Execution Execution concrete symbolic path return (v*v) % 50; } condition state state void testme (int x, int y) { x = 22, y = 7 x = x 0 , y = y 0 z = foo (y); if (z == x) { if (x > y+10) { ERROR; } } } 35

  36. Novelty : Simultaneous Concrete and Symbolic Execution Concrete Symbolic int foo (int v) { Execution Execution concrete symbolic path return (v*v) % 50; } condition state state void testme (int x, int y) { Solve: (y 0 *y 0 )%50 == x 0 z = foo (y); Don ’ t know how to solve! Stuck? if (z == x) { (y 0 *y 0 )%50 !=x 0 if (x > y+10) { ERROR; } } x = 22, y = 7, x = x 0 , y = y 0 , } z = 49 z = (y 0 * y 0 )%50 36

  37. Novelty : Simultaneous Concrete and Symbolic Execution Concrete Symbolic Execution Execution concrete symbolic path condition state state void testme (int x, int y) { Solve: foo (y 0 ) == x 0 z = foo (y); Don ’ t know how to solve! Stuck? if (z == x) { foo (y 0 ) !=x 0 if (x > y+10) { ERROR; } } x = 22, y = 7, x = x 0 , y = y 0 , } z = 49 z = foo (y 0 ) 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Concolic Testing Dynamic Symbolic Execution Marco Probst Albert-Ludwigs-Universitt Freiburg

Concolic Testing Dynamic Symbolic Execution Marco Probst Albert-Ludwigs-Universitt Freiburg

Concolic Testing Dynamic Symbolic Execution Marco Probst Albert-Ludwigs-Universitt Freiburg January 25th, 2016 Marco Probst Concolic Testing 1 / 22 Overview Code Example 1 Unit Testing 2 Random Testing Symbolic Execution Concolic

919 views • 89 slides
Efficient Concolic Testing of MPI Applications Hongbo Li Zizhong Chen Rajiv Gupta CC19,

Efficient Concolic Testing of MPI Applications Hongbo Li Zizhong Chen Rajiv Gupta CC19,

Efficient Concolic Testing of MPI Applications Hongbo Li Zizhong Chen Rajiv Gupta CC19, Washington DC, USA Feb. 17, 2019 Concolic Testing Symbolic Execution Concrete Execution It Is Popular Programming languages: Binary machine

769 views • 37 slides
LCT: An Open Source Concolic Testing Tool for Java Programs Kari Khknen, Tuomas Launiainen,

LCT: An Open Source Concolic Testing Tool for Java Programs Kari Khknen, Tuomas Launiainen,

LCT: An Open Source Concolic Testing Tool for Java Programs Kari Khknen, Tuomas Launiainen, Olli Saarikivi, Janne Kauttio, Keijo Heljanko and Ilkka Niemel BYTECODE 2011 Overview Concolic Testing Tool Overview Experiments

395 views • 13 slides
QSYM : A PRACTICAL CONCOLIC EXECUTION ENGINE TAILORED FOR HYBRID FUZZING Insu Yun, Sangho Lee,

QSYM : A PRACTICAL CONCOLIC EXECUTION ENGINE TAILORED FOR HYBRID FUZZING Insu Yun, Sangho Lee,

QSYM : A PRACTICAL CONCOLIC EXECUTION ENGINE TAILORED FOR HYBRID FUZZING Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang and Taesoo Kim, FINDING SECURITY BUGS Fuzzing Automated test to monitor exceptions (crashes & memory leaks)

417 views • 17 slides
CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems Su Yong Kim, Sangho

CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems Su Yong Kim, Sangho

CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, Taesoo Kim USENIX Annual Technical Conference July 14, 2017 The Affiliated Institute of ETRI

812 views • 46 slides
UNDERSTANDING UNIT TRUST CUTE Tutorial We operate as John Hancock in the United States, and

UNDERSTANDING UNIT TRUST CUTE Tutorial We operate as John Hancock in the United States, and

UNDERSTANDING UNIT TRUST CUTE Tutorial We operate as John Hancock in the United States, and Manulife in other parts of the world. For Internal Circulation and Training Purposes Only Source: FiMM Study Guide Dealing in Unit Trusts General

1.5k views • 137 slides
Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing

Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing

Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing Testing of individual components Integration testing Testing to expose problems arising from the combination of components System

173 views • 15 slides
Unit Testing in Ruby SWEN-250 Personal Software Engineering Testing, 1 2 3 4,

Unit Testing in Ruby SWEN-250 Personal Software Engineering Testing, 1 2 3 4,

Unit Testing in Ruby SWEN-250 Personal Software Engineering Testing, 1 2 3 4, Testing What Does a Unit Test Test? The term unit predates the O -O era. Unit natural abstraction unit of an O -O system: class

992 views • 15 slides
Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International

Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International

Andreas Zeller Software Systems Dept. Passau University Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) Portland, Oregon, August 23, 2000

673 views • 22 slides
Page 1 Unit Testing Informal -- Incremental coding Static Analysis: Hand execution:

Page 1 Unit Testing Informal -- Incremental coding Static Analysis: Hand execution:

Podcast Ch11-02 Title : Types of Testing Description : Unit Testing, Black Box Testing, White Box Testing, Using Flow Diagrams Participants : Barry Kurtz (instructor); Brandon Winters, Sara Hyde, Cheng Vue, Dan Baehr (students)

792 views • 8 slides
Unit Testing Course Software Testing & Verification 2019/20 Wishnu Prasetya & Gabriele

Unit Testing Course Software Testing & Verification 2019/20 Wishnu Prasetya & Gabriele

Unit Testing Course Software Testing & Verification 2019/20 Wishnu Prasetya & Gabriele Keller Plan What is unit testing, and why we do it? Some essentials on unit testing: Unit testing in C# Mocking Specifying (and

1.11k views • 52 slides
Testing Overview Introduction (Proving and Testing) Types of Testing Unit,

Testing Overview Introduction (Proving and Testing) Types of Testing Unit,

CPSC 310 Software Engineering Testing Overview Introduction (Proving and Testing) Types of Testing Unit, Integration, Regression, System, Acceptance Testing Tactics Functional (Black Box), Structural (White Box)

982 views • 61 slides
Object Oriented Testing Chapter 23 1 OO Testing Class Testing: Equivalent to unit testing

Object Oriented Testing Chapter 23 1 OO Testing Class Testing: Equivalent to unit testing

Click here to review SW Testing Strategies Object Oriented Testing Chapter 23 1 OO Testing Class Testing: Equivalent to unit testing for conventional SW. The concept of a unit changes in the OO context. The class or object is the

304 views • 18 slides
Software Testing Lecture 2 Introduction to Unit Testing and TDD Justin Pearson 2019 1 / 91

Software Testing Lecture 2 Introduction to Unit Testing and TDD Justin Pearson 2019 1 / 91

Software Testing Lecture 2 Introduction to Unit Testing and TDD Justin Pearson 2019 1 / 91 Unit Testing xUnit testing is a framework where individual functions and methods are tested. It is not particularly well suited to integration

1.36k views • 91 slides
Unit Testing Why and How to Write Unit Tests in KDE? David Faure faure@kde.org Kvin Ottens

Unit Testing Why and How to Write Unit Tests in KDE? David Faure faure@kde.org Kvin Ottens

Unit Testing Why and How to Write Unit Tests in KDE? David Faure faure@kde.org Kvin Ottens ervin@kde.org aKademy 2007, Glasgow What is a Unit Test? "Unit testing is a procedure used to validate that individual units of source code

328 views • 17 slides
Unit testing and mocking with cmocka Unit testing and mocking with cmocka SambaXP 2018 SambaXP

Unit testing and mocking with cmocka Unit testing and mocking with cmocka SambaXP 2018 SambaXP

Unit testing and mocking with cmocka Unit testing and mocking with cmocka SambaXP 2018 SambaXP 2018 Andreas Schneider Red Hat Samba Maintainer About me About me Free and Open Source Software Developer: cmocka - a unit testing framework for

1.27k views • 40 slides
Models for Count Data and Categorical Response Data Christopher F Baum Boston College and DIW

Models for Count Data and Categorical Response Data Christopher F Baum Boston College and DIW

Models for Count Data and Categorical Response Data Christopher F Baum Boston College and DIW Berlin June 2010 Christopher F Baum (BC / DIW) Count & Categorical Data June 2010 1 / 66 Poisson and negative binomial regression Poisson

681 views • 66 slides
Stat 4 tox : An open-source R-GUI for the statistical evaluation of in vitro assays in toxicology

Stat 4 tox : An open-source R-GUI for the statistical evaluation of in vitro assays in toxicology

Stat 4 tox : An open-source R-GUI for the statistical evaluation of in vitro assays in toxicology Frank Schaarschmidt; schaarschmidt@biostat.uni-hannover.de Institut f ur Biostatistik, Leibniz Universit at Hannover, Germany Non-Clinical

433 views • 40 slides
Comparing 2 implementations of the IETF-IPPM One-Way Delay and Loss Metrics Sunil Kalidindi,

Comparing 2 implementations of the IETF-IPPM One-Way Delay and Loss Metrics Sunil Kalidindi,

Comparing 2 implementations of the IETF-IPPM One-Way Delay and Loss Metrics Sunil Kalidindi, Matt Zekauskas Advanced Network & Services Armonk, NY, USA Henk Uijterwaal, Ren Wilhelm RIPE-NCC Amsterdam, The Netherlands 1 Henk Uijterwaal

850 views • 48 slides
ZigBee for Wireless Sensor Networks ZigBee for Wireless Sensor Networks in Space and Field

ZigBee for Wireless Sensor Networks ZigBee for Wireless Sensor Networks in Space and Field

ZigBee for Wireless Sensor Networks ZigBee for Wireless Sensor Networks in Space and Field Science in Space and Field Science Mark Foster, CSC / NASA Ames Rick Alena, NASA Ames Intelligent Systems Division Discovery and Systems Health NASA

504 views • 32 slides
Model Building: General Strategies, Data Pre-processing, and Partial Least Squares Max Kuhn and

Model Building: General Strategies, Data Pre-processing, and Partial Least Squares Max Kuhn and

Model Building: General Strategies, Data Pre-processing, and Partial Least Squares Max Kuhn and Kjell Johnson Nonclinical Statistics, Pfizer 1 Monday, March 24, 2008 1 Objective To construct a model of predictors that can be used to

814 views • 77 slides
STAT 215 Regression Inference Colin Reimer Dawson Oberlin College October 12, 2017 1 / 26

STAT 215 Regression Inference Colin Reimer Dawson Oberlin College October 12, 2017 1 / 26

Outline Regression Inference Simulation Approaches Partitioning Variability STAT 215 Regression Inference Colin Reimer Dawson Oberlin College October 12, 2017 1 / 26 Outline Regression Inference Simulation Approaches Partitioning

538 views • 23 slides
Duality as Seen in Basis Light Front Quantization James P. Vary Iowa State University Ames,

Duality as Seen in Basis Light Front Quantization James P. Vary Iowa State University Ames,

Duality as Seen in Basis Light Front Quantization James P. Vary Iowa State University Ames, Iowa, USA Quark Hadron Duality Workshop: Probing the Transition from Free to Confined Quarks James Madison University September 23 25, 2018 Hot

369 views • 35 slides
Overview of the Final Repair and Capitalization Regulations Sorting Out the Confusion and the Myths

Overview of the Final Repair and Capitalization Regulations Sorting Out the Confusion and the Myths

2/17/2015 Overview of the Final Repair and Capitalization Regulations Sorting Out the Confusion and the Myths The Final Treasury Regulations on Repairs and Capitalization Roger A. McEowen Director, Center For Agricultural Law and Taxation, Ames,

416 views • 25 slides

More recommend