• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.8
• /
• pp.229-234
• /
• 2020

This paper presents the design and the implementation of CRESTIVE-DX, a concolic testing tool that distribute the concolic testing process over the embedded target system and the host system for efficient test generation of a target embedded program. CRESTIVE-DX conducts the execution of a target program on the target embedded system to consider possible machine-dependent behaviors of a target program execution, and conducts machine-independent parts, such as search-strategy heuristics, constraint solving, on host systems with high-speed computation unit, and coordinates their concurrent executions. CRESTIVE-DX is implemented by extending an existing concolic testing tool for C programs CREST. We conducted experiments with a test bed that consists of an embedded target system in the Arm Cortex A54 architecture and host systems in the x86-64 architecture. The results of experiments with Unix utility programs Grep, Busybox Awk, and Busybox Ed show that test input generation of CRESTIVE-DX is 1.59 to 2.64 times faster than that of CREST.

• Journal of KIISE:Software and Applications
• /
• v.37 no.10
• /
• pp.768-772
• /
• 2010

Concolic testing generates test data by combining concrete program execution and symbolic execution to achieve high test coverage. CREST is a representative open-source test tool implementing concolic testing. Currently, however, CREST aims at exploring all possible execution paths. In case of testing a specific branch or block, thus, it can be ineffective. This paper suggests a goal-oriented concolic testing that generates test data to execute a given branch or block.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.1
• /
• pp.123-132
• /
• 2012

This paper presents a goal-oriented test data generation technique that specializes concolic testing. The proposed technique, referred to as GCT (Goal-oriented Concolic Testing) produces test inputs which execute a specific target. Concolic testing can be seen as the brute force approach to search the space of all possible paths until a required test input is found. In contrast, GCT restricts the number of program paths that are explored by using data flow information to identify statements that should be executed beforehand in order for the target to be executed. We conducted experiments to evaluate the performance of GCT with programs with flag variables to show its effectiveness.

• The KIPS Transactions:PartD
• /
• v.17D no.4
• /
• pp.297-310
• /
• 2010

Recently, a new testing technique called concolic testing receives lots of attention. Concolic testing generates test data by combining concrete program execution and symbolic execution to achieve high test coverage. CREST is a representative open-source test tool implementing concolic testing. Currently, however, CREST only deals with integer type as input. This paper presents a new rule for automated test data generation in presence of inputs of pointer type. The rules effectively handles multi-level stack-directed pointers that are mainly used in C programs. In addition, we describe a tool named vCREST implementing the proposed rules together with the results of applying the tool to some C programs.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.350-352
• /
• 2019

프로그램 슬라이싱은 처음 발표된 이후로 지금까지 다양하게 연구되어 테스팅, 디버깅, 개발, 유지 보수 등 다양한 분야에서 사용되어 왔다. 프로그램 슬라이싱을 수행하기 위해서는 기준이 되는 변수에 대해 소스코드 내에 존재하는 모든 라인들에 대해 의존성을 계산하여 프로그램 슬라이싱을 수행하게 된다. 하지만 지정된 변수에 대해서만 의존성 계산을 수행하기 때문에 프로그램을 실행 가능하게 하는 정보들에 대해서는 누락될 수 있고 이 경우의 프로그램 실행은 보장되지 않을 수 있다. 이러한 문제를 개선하기 위해 본 논문에서는 concolic testing 기법을 이용하여 기준이 되는 변수에 대한 의존성 있는 구문들을 추출하고 프로그램 실행에 요구되는 구문들을 같이 추출해낼 수 있는 프로그램 상호작용 슬라이싱 기법을 제안한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06b
• /
• pp.120-122
• /
• 2012

기존 소프트웨어 테스팅 기법은 개발자가 수동으로 테스트 케이스를 작성해야 하는 비효율성으로 인해 임베디드 소프트웨어의 안정성 확보에 어려움이 있다. Concolic 테스팅 기법은 자동으로 소프트웨어 테스트 케이스를 생성함으로써 기존 소프트웨어 테스팅 기법의 문제를 해결했지만, 임베디드 소프트웨어 테스트에 필수적인 bitwise 연산을 지원하지 않는 등의 문제가 있었다. 본 논문에서는 임베디드 소프트웨어를 위해 bitwise 연산을 지원하는 Concolic 테스팅 개선 방법에 대한 연구를 수행하고 오픈 소스 임베디드 소프트웨어 Busybox에 적용하여 기존 연구와 결과를 비교하였다. Busybox의 10개 유틸리티에 적용한 결과 기존 연구 결과 대비 평균 33%의 분기 커버리지 향상이 있었다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.9
• /
• pp.3885-3906
• /
• 2020

Hybrid fuzzing which combines fuzzing and concolic execution, has proved its ability to achieve higher code coverage and therefore find more bugs. However, current hybrid fuzzers usually suffer from inefficiency and poor scalability when applied to complex, real-world program testing. We observed that the performance bottleneck is the inefficient cooperation between the fuzzer and concolic executor and the slow symbolic emulation. In this paper, we propose a novel solution named EPfuzzer to improve hybrid fuzzing. EPfuzzer implements two key ideas: 1) only the hardest-to-reach branch will be prioritized for concolic execution to avoid generating uninteresting inputs; and 2) only input bytes relevant to the target branch to be flipped will be symbolized to reduce the overhead of the symbolic emulation. With these optimizations, EPfuzzer can be efficiently targeted to the hardest-to-reach branch. We evaluated EPfuzzer with three sets of programs: five real-world applications and two popular benchmarks (LAVA-M and the Google Fuzzer Test Suite). The evaluation results showed that EPfuzzer was much more efficient and scalable than the state-of-the-art concolic execution engine (QSYM). EPfuzzer was able to find more bugs and achieve better code coverage. In addition, we discovered seven previously unknown security bugs in five real-world programs and reported them to the vendors.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.423-425
• /
• 2016

콘콜릭 테스팅(Concolic testing)은 프로그램 실행을 실제 구체적인 입력 값(Concrete Values)을 입력하며, 동시에 심볼릭 실행 (Syrnbolic execution)을 진행하는 테스팅 기법이다. 콘콜릭 테스팅은 모든 실행 가능 경로를 탐색하여, 테스트 케이스를 자동 생생한다. 그래서 높은 분기 커버리지를 나타내지만, 안전성을 목표로 하는 MC/DC 커버리지는 만족하지 못한다. 본 논문에서는 분기 커버리지와 MC/DC 커버리지를 만족하는 테스트 케이스를 자동생성하는 CREST 도구 개선을 제안한다.