cute a concolic unit testing engine for c acm sigsoft
play

CUTE: A Concolic Unit Testing Engine for C (ACM SIGSOFT Impact - PowerPoint PPT Presentation

Apr 21, 2023 •473 likes •1.16k views

CUTE: A Concolic Unit Testing Engine for C (ACM SIGSOFT Impact Award 2019) Koushik Sen, UC Berkeley Darko Marinov, UIUC Gul Agha, UIUC Programs Have Bugs 2 Why Program Testing? Programmer familiarity Concrete input for debugging

  1. CUTE: A Concolic Unit Testing Engine for C (ACM SIGSOFT Impact Award 2019) Koushik Sen, UC Berkeley Darko Marinov, UIUC Gul Agha, UIUC

  2. Programs Have Bugs 2

  3. Why Program Testing? ü Programmer familiarity ü Concrete input for debugging ü No false positives ü Easy regression 3

  4. Why Automated Testing? 4

  5. Automated Testing Hits the Mainstream 5

  6. Automated Testing Hits the Mainstream 6

  7. Automated Testing Hits the Mainstream 7

  8. Automated Testing Hits the Mainstream 8

  9. Automated Test Generation Trend • 1976: King’76, Clarke’76, Howden’77 • 2000: Java PathFinder • 2001: Started my PhD UIUC • 2001: SLAM/Blast: Automatic predicate abstraction • 2001: Java PathExplorer: Runtime Verification • 2003: Runtime monitoring with Eagle (Internship) • 2003: Generalized Symbolic Execution

  10. Automated Test Generation Trend • 1976: King’76, Clarke’76, Howden’77 • 2000: Java PathFinder • 2001: Started my PhD UIUC • 2001: SLAM/Blast: Automatic predicate abstraction • 2001: Java PathExplorer: Runtime Verification • 2003: Runtime monitoring with Eagle (Internship) • 2003: Generalized Symbolic Execution • 2005: DART: Directed Automated Random Testing (Internship) • 2005: CUTE: A Concolic Unit Testing Engine for C • 2006: jCUTE: Concolic Testing for Multi-threaded programs Symbolic JPF, KLEE, CREST, S 2 E, Angr, Veritesting, Mayhem, Triton, Jalangi, CATG

  12. What is Concolic testing? • Combine concrete execution and symbolic execution Conc rete + Symb olic = Concolic 12

  14. Goal • Automated Unit Testing of real-world C and Java Programs • Generate test inputs • Execute unit under test on generated test inputs • so that all reachable statements are executed • Any assertion violation gets caught 14

  15. Goal • Automated Unit Testing of real-world C and Java Programs • Generate test inputs • Execute unit under test on generated test inputs • so that all reachable statements are executed • Any assertion violation gets caught • Concolic Testing Approach: • Explore all execution paths of an unit for all possible inputs 15

  16. Computation Tree • Can be seen as a binary tree with possibly infinite depth • Computation tree 1 0 • Each node represents the execution of a “ if then else ” statement 1 0 1 0 • Each edge represents the execution of a sequence of non-conditional statements 0 1 1 • Each path in the tree represents an equivalence class of inputs 1 0 1 16

  17. Concolic Testing Approach int double (int v) { return 2*v; n Random Test Driver: } q random values for x and y void testme (int x, int y) { n Probability of reaching z = double (y); ERROR is extremely low if (z == x) { if (x > y+10) { ERROR; } } } 17

  18. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } state state condition void testme (int x, int y) { x = 22, y = 7 x = x 0 , y = y 0 z = double (y); if (z == x) { if (x > y+10) { ERROR; } } } 18

  19. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { z = double (y); x = 22, y = 7, x = x 0 , y = y 0 , if (z == x) { z = 14 z = 2*y 0 if (x > y+10) { ERROR; } } } 19

  20. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { z = double (y); if (z == x) { 2*y 0 != x 0 if (x > y+10) { ERROR; } } x = 22, y = 7, x = x 0 , y = y 0 , } z = 14 z = 2*y 0 20

  21. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { Solve: 2*y 0 == x 0 z = double (y); Solution: x 0 = 2, y 0 = 1 if (z == x) { 2*y 0 != x 0 if (x > y+10) { ERROR; } } x = 22, y = 7, x = x 0 , y = y 0 , } z = 14 z = 2*y 0 21

  22. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { x = 2, y = 1 x = x 0 , y = y 0 z = double (y); if (z == x) { if (x > y+10) { ERROR; } } } 22

  23. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { z = double (y); x = 2, y = 1, x = x 0 , y = y 0 , if (z == x) { z = 2 z = 2*y 0 if (x > y+10) { ERROR; } } } 23

  24. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { z = double (y); if (z == x) { 2*y 0 == x 0 x = 2, y = 1, x = x 0 , y = y 0 , if (x > y+10) { z = 2 z = 2*y 0 ERROR; } } } 24

  25. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { z = double (y); if (z == x) { 2*y 0 == x 0 if (x > y+10) { x 0 ≤ y 0 +10 ERROR; } } } x = 2, y = 1, x = x 0 , y = y 0 , z = 2 z = 2*y 0 25

  26. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { Solve: (2*y 0 == x 0 ) ∧ (x 0 > y 0 + 10) z = double (y); Solution: x 0 = 30, y 0 = 15 if (z == x) { 2*y 0 == x 0 if (x > y+10) { x 0 > y 0 +10 ERROR; } } } x = 2, y = 1, x = x 0 , y = y 0 , z = 2 z = 2*y 0 26

  27. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { x = 30, y = 15 x = x 0 , y = y 0 z = double (y); if (z == x) { if (x > y+10) { ERROR; } } } 27

  28. Concolic Testing Approach Concrete Symbolic int double (int v) { Execution Execution concrete symbolic path return 2*v; } condition state state void testme (int x, int y) { Program Error z = double (y); if (z == x) { 2*y 0 == x 0 if (x > y+10) { x 0 > y 0 +10 x = 30, y = 15 x = x 0 , y = y 0 ERROR; } } } 28

  29. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 29

  30. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 30

  31. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 31

  32. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 32

  33. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 33

  34. Explicit Path (not State) Model Checking n Traverse all execution paths one by one to detect T F errors q assertion violations T q program crash F T F q uncaught exceptions n combine with address F T T sanitizer to discover memory errors T F T 34

  35. Novelty : Simultaneous Concrete and Symbolic Execution Concrete Symbolic int foo (int v) { Execution Execution concrete symbolic path return (v*v) % 50; } condition state state void testme (int x, int y) { x = 22, y = 7 x = x 0 , y = y 0 z = foo (y); if (z == x) { if (x > y+10) { ERROR; } } } 35

  36. Novelty : Simultaneous Concrete and Symbolic Execution Concrete Symbolic int foo (int v) { Execution Execution concrete symbolic path return (v*v) % 50; } condition state state void testme (int x, int y) { Solve: (y 0 *y 0 )%50 == x 0 z = foo (y); Don ’ t know how to solve! Stuck? if (z == x) { (y 0 *y 0 )%50 !=x 0 if (x > y+10) { ERROR; } } x = 22, y = 7, x = x 0 , y = y 0 , } z = 49 z = (y 0 * y 0 )%50 36

  37. Novelty : Simultaneous Concrete and Symbolic Execution Concrete Symbolic Execution Execution concrete symbolic path condition state state void testme (int x, int y) { Solve: foo (y 0 ) == x 0 z = foo (y); Don ’ t know how to solve! Stuck? if (z == x) { foo (y 0 ) !=x 0 if (x > y+10) { ERROR; } } x = 22, y = 7, x = x 0 , y = y 0 , } z = 49 z = foo (y 0 ) 37

Recommend

Concolic Testing Dynamic Symbolic Execution Marco Probst Albert-Ludwigs-Universitt Freiburg

Concolic Testing Dynamic Symbolic Execution Marco Probst Albert-Ludwigs-Universitt Freiburg

Concolic Testing Dynamic Symbolic Execution Marco Probst Albert-Ludwigs-Universitt Freiburg January 25th, 2016 Marco Probst Concolic Testing 1 / 22 Overview Code Example 1 Unit Testing 2 Random Testing Symbolic Execution Concolic

919 views • 89 slides
Efficient Concolic Testing of MPI Applications Hongbo Li Zizhong Chen Rajiv Gupta CC19,

Efficient Concolic Testing of MPI Applications Hongbo Li Zizhong Chen Rajiv Gupta CC19,

Efficient Concolic Testing of MPI Applications Hongbo Li Zizhong Chen Rajiv Gupta CC19, Washington DC, USA Feb. 17, 2019 Concolic Testing Symbolic Execution Concrete Execution It Is Popular Programming languages: Binary machine

769 views • 37 slides
LCT: An Open Source Concolic Testing Tool for Java Programs Kari Khknen, Tuomas Launiainen,

LCT: An Open Source Concolic Testing Tool for Java Programs Kari Khknen, Tuomas Launiainen,

LCT: An Open Source Concolic Testing Tool for Java Programs Kari Khknen, Tuomas Launiainen, Olli Saarikivi, Janne Kauttio, Keijo Heljanko and Ilkka Niemel BYTECODE 2011 Overview Concolic Testing Tool Overview Experiments

395 views • 13 slides
QSYM : A PRACTICAL CONCOLIC EXECUTION ENGINE TAILORED FOR HYBRID FUZZING Insu Yun, Sangho Lee,

QSYM : A PRACTICAL CONCOLIC EXECUTION ENGINE TAILORED FOR HYBRID FUZZING Insu Yun, Sangho Lee,

QSYM : A PRACTICAL CONCOLIC EXECUTION ENGINE TAILORED FOR HYBRID FUZZING Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang and Taesoo Kim, FINDING SECURITY BUGS Fuzzing Automated test to monitor exceptions (crashes & memory leaks)

417 views • 17 slides
CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems Su Yong Kim, Sangho

CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems Su Yong Kim, Sangho

CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, Taesoo Kim USENIX Annual Technical Conference July 14, 2017 The Affiliated Institute of ETRI

812 views • 46 slides
UNDERSTANDING UNIT TRUST CUTE Tutorial We operate as John Hancock in the United States, and

UNDERSTANDING UNIT TRUST CUTE Tutorial We operate as John Hancock in the United States, and

UNDERSTANDING UNIT TRUST CUTE Tutorial We operate as John Hancock in the United States, and Manulife in other parts of the world. For Internal Circulation and Training Purposes Only Source: FiMM Study Guide Dealing in Unit Trusts General

1.5k views • 137 slides
Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing

Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing

Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing Testing of individual components Integration testing Testing to expose problems arising from the combination of components System

173 views • 15 slides
Unit Testing in Ruby SWEN-250 Personal Software Engineering Testing, 1 2 3 4,

Unit Testing in Ruby SWEN-250 Personal Software Engineering Testing, 1 2 3 4,

Unit Testing in Ruby SWEN-250 Personal Software Engineering Testing, 1 2 3 4, Testing What Does a Unit Test Test? The term unit predates the O -O era. Unit natural abstraction unit of an O -O system: class

992 views • 15 slides
Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International

Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International

Andreas Zeller Software Systems Dept. Passau University Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) Portland, Oregon, August 23, 2000

673 views • 22 slides
Page 1 Unit Testing Informal -- Incremental coding Static Analysis: Hand execution:

Page 1 Unit Testing Informal -- Incremental coding Static Analysis: Hand execution:

Podcast Ch11-02 Title : Types of Testing Description : Unit Testing, Black Box Testing, White Box Testing, Using Flow Diagrams Participants : Barry Kurtz (instructor); Brandon Winters, Sara Hyde, Cheng Vue, Dan Baehr (students)

792 views • 8 slides
Unit Testing Course Software Testing & Verification 2019/20 Wishnu Prasetya & Gabriele

Unit Testing Course Software Testing & Verification 2019/20 Wishnu Prasetya & Gabriele

Unit Testing Course Software Testing & Verification 2019/20 Wishnu Prasetya & Gabriele Keller Plan What is unit testing, and why we do it? Some essentials on unit testing: Unit testing in C# Mocking Specifying (and

1.11k views • 52 slides
Testing Overview Introduction (Proving and Testing) Types of Testing Unit,

Testing Overview Introduction (Proving and Testing) Types of Testing Unit,

CPSC 310 Software Engineering Testing Overview Introduction (Proving and Testing) Types of Testing Unit, Integration, Regression, System, Acceptance Testing Tactics Functional (Black Box), Structural (White Box)

982 views • 61 slides
Object Oriented Testing Chapter 23 1 OO Testing Class Testing: Equivalent to unit testing

Object Oriented Testing Chapter 23 1 OO Testing Class Testing: Equivalent to unit testing

Click here to review SW Testing Strategies Object Oriented Testing Chapter 23 1 OO Testing Class Testing: Equivalent to unit testing for conventional SW. The concept of a unit changes in the OO context. The class or object is the

304 views • 18 slides
Software Testing Lecture 2 Introduction to Unit Testing and TDD Justin Pearson 2019 1 / 91

Software Testing Lecture 2 Introduction to Unit Testing and TDD Justin Pearson 2019 1 / 91

Software Testing Lecture 2 Introduction to Unit Testing and TDD Justin Pearson 2019 1 / 91 Unit Testing xUnit testing is a framework where individual functions and methods are tested. It is not particularly well suited to integration

1.36k views • 91 slides
Unit Testing Why and How to Write Unit Tests in KDE? David Faure faure@kde.org Kvin Ottens

Unit Testing Why and How to Write Unit Tests in KDE? David Faure faure@kde.org Kvin Ottens

Unit Testing Why and How to Write Unit Tests in KDE? David Faure faure@kde.org Kvin Ottens ervin@kde.org aKademy 2007, Glasgow What is a Unit Test? "Unit testing is a procedure used to validate that individual units of source code

328 views • 17 slides
Unit testing and mocking with cmocka Unit testing and mocking with cmocka SambaXP 2018 SambaXP

Unit testing and mocking with cmocka Unit testing and mocking with cmocka SambaXP 2018 SambaXP

Unit testing and mocking with cmocka Unit testing and mocking with cmocka SambaXP 2018 SambaXP 2018 Andreas Schneider Red Hat Samba Maintainer About me About me Free and Open Source Software Developer: cmocka - a unit testing framework for

1.27k views • 40 slides
Start unit testing your infrastructure now! Eric Nieuwenhuijsen Start unit testing your

Start unit testing your infrastructure now! Eric Nieuwenhuijsen Start unit testing your

Software Development Done Right Start unit testing your infrastructure now! Eric Nieuwenhuijsen Start unit testing your infrastructure now! This presentation Testing practices applied to Infrastructure as Code What? Why? How? 2 Start unit

495 views • 25 slides
CSSE 220 Unit Testing GUI Applications Checkout TicTacToeTesting project from SVN Questions Why

CSSE 220 Unit Testing GUI Applications Checkout TicTacToeTesting project from SVN Questions Why

CSSE 220 Unit Testing GUI Applications Checkout TicTacToeTesting project from SVN Questions Why do software engineers do unit testing? UNIT TESTING REVIEW Why do unit testing? Get code right Keep code right as changes are made

332 views • 10 slides
Software Testing Outline Software Quality Unit Testing Integration Testing

Software Testing Outline Software Quality Unit Testing Integration Testing

Software Testing Outline Software Quality Unit Testing Integration Testing Acceptance Testing Quality is Hard to Pin Down Concise, clear definition is elusive Not easily quantifiable Many things to many people

513 views • 39 slides
UNIT TESTING 3 / 8 1 / 8 Unit testing involves: Lots of small, independent tests Reporting

UNIT TESTING 3 / 8 1 / 8 Unit testing involves: Lots of small, independent tests Reporting

UNIT TESTING 3 / 8 1 / 8 Unit testing involves: Lots of small, independent tests Reporting passes, failures, and errors Some optional setup and teardown shared across tests Aggregation (combining tests into test suites) 3 / 8 2 / 8 WHY

89 views • 8 slides
Unit Testing in XSLT 2.0 Norman Walsh Sun Microsystems, Inc. Table of Contents Using unit

Unit Testing in XSLT 2.0 Norman Walsh Sun Microsystems, Inc. Table of Contents Using unit

Unit Testing in XSLT 2.0 Norman Walsh Sun Microsystems, Inc. Table of Contents Using unit testing to improve stylesheet quality and docu- mentation. Background Motivation Survey of the framework Demo http://www.sun.com/ 2

506 views • 34 slides
Unit Testing Venkat Subramaniam svenkat@cs.uh.edu 1 Unit Testing Venkats rant on

Unit Testing Venkat Subramaniam svenkat@cs.uh.edu 1 Unit Testing Venkats rant on

Unit Testing Venkat Subramaniam svenkat@cs.uh.edu 1 Unit Testing Venkats rant on Unit Testing What is it? Benefits Rubys emphasis on it Venkat Subramaniam svenkat@cs.uh.edu 2 Your Test Your Test inherits

310 views • 5 slides
Chapter 10 Retrospective on Unit Testing Software Testing: A Craftsman s Approach, 4 th

Chapter 10 Retrospective on Unit Testing Software Testing: A Craftsman s Approach, 4 th

Chapter 10 Retrospective on Unit Testing Software Testing: A Craftsman s Approach, 4 th Edition Chapter 10 Retrospective The Test Method Pendulum Code-based Spec-based Testing Testing Boundary Path Equivalence Value Decision Dataflow

537 views • 32 slides
AngularJS Unit Testing with Karma & Jasmine Getting started with testing Angular

AngularJS Unit Testing with Karma & Jasmine Getting started with testing Angular

AngularJS Unit Testing with Karma & Jasmine Getting started with testing Angular AngularJS is built with testing in mind Testing is a good approach to reap the following benefits keep code maintainable, o Keep code understandable,

263 views • 14 slides

More recommend