基于符号执行与模糊测试的混合测试方法

Translated title of the contribution: Hybrid Testing Based on Symbolic Execution and Fuzzing

Xiao Fei Xie, Xiao Hong Li, Xiang Chen, Guo Zhu Meng, Yang Liu

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)

Abstract

Software testing is a common way to guarantee software quality. How to achieve high coverage is a very important and challenging goal in testing. Fuzz testing and symbolic execution, as two mainstream testing techniques, have been widely studied and applied to academia and industry, both technologies have certain advantages and limitations. Fuzz testing can execute and cover deeper branches by randomly mutating test cases and dynamically executing programs. However, it is difficult to generate test cases that can cover complex conditional branches by random mutation. Symbolic execution can cover complex conditional branches with SMT solvers, but it is difficult to cover deeper branches due to state explosion during symbolic execution. Current works have shown that hybrid testing involving fuzzing and symbolic execution can archive better performance than fuzzing or symbolic execution. By analyzing the advantages and disadvantages in fuzzing and symbolic execution, this study proposes a branch coverage-based hybrid testing approach that combines the two methods with each other to achieve better test cases with high branch coverage. Specifically, fuzz testing (e.g., AFL) quickly generates a large number of test cases that can cover deeper branches, and symbolic execution (e.g., KLEE) performs a search based on the coverage of fuzz testing, and generating test cases for uncovered branches. To evaluate the effectiveness of Afleer, the study selects the standard benchmark LAVA-M and one real project oSIP as the evaluation object, and uses bug detection and coverage as the evaluation measures. The experimental results show that: 1) For bug discovery, Afleer found 755 bugs while AFL only found 1; 2) For coverage, Afleer achieved some improvement on benchmarks and real project. In the project oSIP, Afleer increases the branch coverage by 2.4 times and the path coverage by 6.1 times. In addition, Afleer found a new bug in oSIP.

Translated title of the contributionHybrid Testing Based on Symbolic Execution and Fuzzing
Original languageChinese (Traditional)
Pages (from-to)3071-3089
Number of pages19
JournalRuan Jian Xue Bao/Journal of Software
Volume30
Issue number10
DOIs
Publication statusPublished - Oct 1 2019
Externally publishedYes

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint

Dive into the research topics of 'Hybrid Testing Based on Symbolic Execution and Fuzzing'. Together they form a unique fingerprint.

Cite this