Open Access
Coverage Maximization Using Dynamic Taint Tracing
Reads0
Chats0
TLDR
A system that automatically assembles a test suite for a C program to improve line coverage, and gives initial results for a prototype implementation of COMET, which dramatically narrowing the search over inputs necessary to expose new code.Abstract:
: We present COMET, a system that automatically assembles a test suite for a C program to improve line coverage, and give initial results for a prototype implementation. COMET works dynamically, running the program under a variety of instrumentations in a feedback loop that adds new inputs to an initial corpus with each iteration. One instrumentation in particular is crucial to the success of this approach: dynamic taint tracing. Inputs are labeled as tainted at the byte level and all read/write pairs in the program are augmented to track the flow of taint between memory objects. This allows COMET to determine from which bytes of which inputs the variables in conditions derive, thereby dramatically narrowing the search over inputs necessary to expose new code. On a test set of 13 example programs, COMET improves upon the level of coverage reached in random testing by an average of 23% relative, takes only about twice the time, and requires a tiny fraction of the number of inputs to do so.read more
Citations
More filters
Proceedings ArticleDOI
Dytan: a generic dynamic taint analysis framework
TL;DR: A general framework for dynamic tainting is defined and developed that is highly flexible and customizable, allows for performing both data-flow and control-flow based taints conservatively, and does not rely on any customized run-time system.
Proceedings ArticleDOI
Automatic creation of SQL Injection and cross-site scripting attacks
TL;DR: This work presents a technique for finding security vulnerabilities in Web applications by analyzing the input to the application to access or modify user data and execute malicious code.
Proceedings ArticleDOI
Taint-based directed whitebox fuzzing
TL;DR: The results indicate that the new directed fuzzing technique can effectively expose errors located deep within large programs, especially appropriate for testing programs that have complex, highly structured input file formats.
Proceedings ArticleDOI
DeFlaker: automatically detecting flaky tests
TL;DR: This work presents the first extensive evaluation of rerunning failing tests and proposes a new technique, called DeFlaker, that detects if a test failure is due to a flaky test without rerunning and with very low runtime overhead.
References
More filters
Journal ArticleDOI
A simplex method for function minimization
John A. Nelder,R. Mead +1 more
TL;DR: A method is described for the minimization of a function of n variables, which depends on the comparison of function values at the (n 41) vertices of a general simplex, followed by the replacement of the vertex with the highest value by another point.
Numerical recipes in C
TL;DR: The Diskette v 2.06, 3.5''[1.44M] for IBM PC, PS/2 and compatibles [DOS] Reference Record created on 2004-09-07, modified on 2016-08-08.
Journal ArticleDOI
DART: directed automated random testing
TL;DR: DART is a new tool for automatically testing software that combines three main techniques, automated extraction of the interface of a program with its external environment using static source-code parsing, and dynamic analysis of how the program behaves under random testing and automatic generation of new test inputs to direct systematically the execution along alternative program paths.
Journal ArticleDOI
Language-based information-flow security
Andrei Sabelfeld,Andrew C. Myers +1 more
TL;DR: A structured view of research on information-flow security is given, particularly focusing on work that uses static program analysis to enforce information- flow policies, and some important open challenges are identified.
Proceedings ArticleDOI
CUTE: a concolic unit testing engine for C
TL;DR: In this paper, the authors address the problem of automating unit testing with memory graphs as inputs, and develop a method to represent and track constraints that capture the behavior of a symbolic execution of a unit with memory graph as inputs.