Goal-oriented dynamic test generation

Memory safety errors such as buffer overflow vulnerabilities are one of the most serious classes of security threats. Detecting and removing such security errors are important tasks of software testing for improving the quality and reliability of software in practice. This paper presents a goal-orie...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Information and software technology Ročník 66; s. 40 - 57
Hlavní autoři: Do, TheAnh, Khoo, Siau-Cheng, Fong, Alvis Cheuk Ming, Pears, Russel, Quan, Tho Thanh
Médium: Journal Article
Jazyk:angličtina
Vydáno: Amsterdam Elsevier B.V 01.10.2015
Elsevier Science Ltd
Témata:
Algorithms
Buffer overflow vulnerabilities
Data and control dependence analysis
Dynamic symbolic execution
Security management
Software
Software quality
Studies
Type inference analysis
Buffer overflow vulnerabilities
Type inference analysis
Dynamic symbolic execution
Data and control dependence analysis
ISSN:0950-5849, 1873-6025
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Abstract Memory safety errors such as buffer overflow vulnerabilities are one of the most serious classes of security threats. Detecting and removing such security errors are important tasks of software testing for improving the quality and reliability of software in practice. This paper presents a goal-oriented testing approach for effectively and efficiently exploring security vulnerability errors. A goal is a potential safety violation and the testing approach is to automatically generate test inputs to uncover the violation. We use type inference analysis to diagnose potential safety violations and dynamic symbolic execution to perform test input generation. A major challenge facing dynamic symbolic execution in such application is the combinatorial explosion of the path space. To address this fundamental scalability issue, we employ data dependence analysis to identify a root cause leading to the execution of the goal and propose a path exploration algorithm to guide dynamic symbolic execution for effectively discovering the goal. To evaluate the effectiveness of our proposed approach, we conducted experiments against 23 buffer overflow vulnerabilities. We observed a significant improvement of our proposed algorithm over two widely adopted search algorithms. Specifically, our algorithm discovered security vulnerability errors within a matter of a few seconds, whereas the two baseline algorithms failed even after 30min of testing on a number of test subjects. The experimental results highlight the potential of utilizing data dependence analysis to address the combinatorial path space explosion issue faced by dynamic symbolic execution for effective security testing.
AbstractList Memory safety errors such as buffer overflow vulnerabilities are one of the most serious classes of security threats. Detecting and removing such security errors are important tasks of software testing for improving the quality and reliability of software in practice. This paper presents a goal-oriented testing approach for effectively and efficiently exploring security vulnerability errors. A goal is a potential safety violation and the testing approach is to automatically generate test inputs to uncover the violation. The authors use type inference analysis to diagnose potential safety violations and dynamic symbolic execution to perform test input generation. A major challenge facing dynamic symbolic execution in such application is the combinatorial explosion of the path space. To address this fundamental scalability issue, the authors employ data dependence analysis to identify a root cause leading to the execution of the goal and propose a path exploration algorithm to guide dynamic symbolic execution for effectively discovering the goal. To evaluate the effectiveness of the proposed approach, the authors conducted experiments against 23 buffer overflow vulnerabilities. They observed a significant improvement of the proposed algorithm over two widely adopted search algorithms. Specifically, the algorithm discovered security vulnerability errors within a matter of a few seconds, whereas the two baseline algorithms failed even after 30 min of testing on a number of test subjects. The experimental results highlight the potential of utilizing data dependence analysis to address the combinatorial path space explosion issue faced by dynamic symbolic execution for effective security testing.
Memory safety errors such as buffer overflow vulnerabilities are one of the most serious classes of security threats. Detecting and removing such security errors are important tasks of software testing for improving the quality and reliability of software in practice. This paper presents a goal-oriented testing approach for effectively and efficiently exploring security vulnerability errors. A goal is a potential safety violation and the testing approach is to automatically generate test inputs to uncover the violation. We use type inference analysis to diagnose potential safety violations and dynamic symbolic execution to perform test input generation. A major challenge facing dynamic symbolic execution in such application is the combinatorial explosion of the path space. To address this fundamental scalability issue, we employ data dependence analysis to identify a root cause leading to the execution of the goal and propose a path exploration algorithm to guide dynamic symbolic execution for effectively discovering the goal. To evaluate the effectiveness of our proposed approach, we conducted experiments against 23 buffer overflow vulnerabilities. We observed a significant improvement of our proposed algorithm over two widely adopted search algorithms. Specifically, our algorithm discovered security vulnerability errors within a matter of a few seconds, whereas the two baseline algorithms failed even after 30min of testing on a number of test subjects. The experimental results highlight the potential of utilizing data dependence analysis to address the combinatorial path space explosion issue faced by dynamic symbolic execution for effective security testing.
Author Khoo, Siau-Cheng
Do, TheAnh
Quan, Tho Thanh
Pears, Russel
Fong, Alvis Cheuk Ming
Author_xml – sequence: 1
  givenname: TheAnh
  surname: Do
  fullname: Do, TheAnh
  organization: Auckland University of Technology, 2-14 Wakefield St, Auckland 1010, New Zealand
– sequence: 2
  givenname: Siau-Cheng
  surname: Khoo
  fullname: Khoo, Siau-Cheng
  organization: National University of Singapore, COM1, 13 Computing Drive, Singapore 117417, Singapore
– sequence: 3
  givenname: Alvis Cheuk Ming
  surname: Fong
  fullname: Fong, Alvis Cheuk Ming
  organization: Auckland University of Technology, 2-14 Wakefield St, Auckland 1010, New Zealand
– sequence: 4
  givenname: Russel
  surname: Pears
  fullname: Pears, Russel
  email: russel.pears@aut.ac.nz
  organization: Auckland University of Technology, 2-14 Wakefield St, Auckland 1010, New Zealand
– sequence: 5
  givenname: Tho Thanh
  surname: Quan
  fullname: Quan, Tho Thanh
  organization: Ho Chi Minh City University of Technology, 268 Ly Thuong Kiet St, Ho Chi Minh City, Viet Nam
BookMark eNqFUE1LAzEUDFLBtvoPPBTE464vm81-eBCkaBUKXvQcstkXydImNUmF_ntT15MHhYF3eDPz5s2MTKyzSMglhZwCrW6G3FgdnM4LoDyHBKhPyJQ2NcsqKPiETKHlkPGmbM_ILIQBgNbAYEquV05uMucN2oj9oj9YuTVqETHExTta9DIaZ8_JqZabgBc_c07eHh9el0_Z-mX1vLxfZ4qxMmaoakDeQ8tYxajuVEkb2ldcF5p3VGFbNchbXSBrWN1QXtC-lUwXqku7rpFsTq5G3513H_uUQQxu7206KWjVsgIq2vLEuh1ZyrsQPGqhTPzOGb00G0FBHGsRgxhrEcdaBCRAncTlL_HOm630h_9kd6MM0_ufBr0IKnWmsDceVRS9M38bfAGv_3-I
CitedBy_id crossref_primary_10_1016_j_infsof_2018_11_006
crossref_primary_10_3390_electronics11050727
crossref_primary_10_1016_j_csi_2020_103444
Cites_doi 10.1109/ASE.2008.69
10.1145/2379776.2379787
10.1007/978-3-642-16573-3_11
10.1109/DSN.2009.5270315
10.1145/1065010.1065036
10.1109/TSE.1976.233817
10.1016/j.cor.2007.01.013
10.1145/1081706.1081750
10.1145/2025113.2025152
10.1145/1831708.1831732
10.1145/360248.360252
10.1109/ISSRE.2012.25
10.1007/978-3-540-71316-6_35
10.1145/1190216.1190226
10.1145/1450058.1450087
10.1145/226155.226158
10.1145/2254064.2254088
10.1109/DISCEX.2000.821514
10.1145/2408776.2408795
10.1007/11691617_10
10.1007/978-3-642-02652-2_16
10.1145/2093548.2093564
10.1145/2483760.2483777
10.1007/978-3-540-79124-9_10
10.1145/1831708.1831733
10.1109/FOSE.2007.29
10.1109/ICSE.2013.6606558
10.1145/1985793.1985995
10.1162/evco.2006.14.1.41
10.1007/s10009-009-0118-1
10.1016/j.infsof.2012.03.009
10.1007/978-3-642-23702-7_11
10.1145/1993498.1993558
10.1109/CGO.2004.1281665
10.1145/1273463.1273489
10.1145/2048066.2048083
10.1145/2393596.2393666
10.1145/1321631.1321691
10.1007/s11219-011-9150-y
10.1049/ip-sen:20030559
ContentType Journal Article
Copyright 2015
Copyright Elsevier Science Ltd. Oct 2015
Copyright_xml – notice: 2015
– notice: Copyright Elsevier Science Ltd. Oct 2015
DBID AAYXX
CITATION
7SC
8FD
JQ2
L7M
L~C
L~D
DOI 10.1016/j.infsof.2015.05.007
DatabaseName CrossRef
Computer and Information Systems Abstracts
Technology Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DatabaseTitle CrossRef
Computer and Information Systems Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Advanced Technologies Database with Aerospace
ProQuest Computer Science Collection
Computer and Information Systems Abstracts Professional
DatabaseTitleList Computer and Information Systems Abstracts
DeliveryMethod fulltext_linktorsrc
Discipline Business
EISSN 1873-6025
EndPage 57
ExternalDocumentID 3733402091
10_1016_j_infsof_2015_05_007
S0950584915001044
Genre Feature
GroupedDBID --K
--M
-~X
.DC
.~1
0R~
1B1
1~.
1~5
29I
4.4
457
4G.
5GY
5VS
7-5
71M
77K
8P~
9JN
AABNK
AACTN
AAEDT
AAEDW
AAIAV
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AAXUO
AAYFN
AAYOK
ABBOA
ABFNM
ABFRF
ABJNI
ABMAC
ABTAH
ABXDB
ABYKQ
ACDAQ
ACGFO
ACGFS
ACGOD
ACNNM
ACRLP
ACZNC
ADBBV
ADEZE
ADJOM
ADMUD
AEBSH
AEFWE
AEKER
AENEX
AFKWA
AFTJW
AGHFR
AGUBO
AGYEJ
AHHHB
AHZHX
AIALX
AIEXJ
AIKHN
AITUG
AJBFU
AJOXV
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOUOD
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BKOMP
BLXMC
CS3
DU5
EBS
EFJIC
EFLBG
EJD
EO8
EO9
EP2
EP3
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-Q
G8K
GBLVA
GBOLZ
HLZ
HVGLF
HZ~
IHE
J1W
KOM
LG9
M41
MO0
MS~
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
P2P
PC.
PQQKQ
Q38
R2-
RIG
ROL
RPZ
SBC
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SSV
SSZ
T5K
TWZ
UHS
UNMZH
WH7
WUQ
XFK
ZY4
~G-
77I
9DU
AATTM
AAXKI
AAYWO
AAYXX
ABDPE
ABWVN
ACLOT
ACRPL
ACVFH
ADCNI
ADNMO
AEIPS
AEUPX
AFJKZ
AFPUW
AGQPQ
AIGII
AIIUN
AKBMS
AKRWK
AKYEP
ANKPU
APXCP
CITATION
EFKBS
~HD
7SC
8FD
JQ2
L7M
L~C
L~D
ID FETCH-LOGICAL-c334t-ec70e5d0933631fbc4181d65f2f5b1ce968e59f2e383781521d9a3f2cbce9b8a3
ISICitedReferencesCount 5
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000358699900004&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 0950-5849
IngestDate Sun Nov 09 06:00:28 EST 2025
Tue Nov 18 22:36:06 EST 2025
Sat Nov 29 07:49:45 EST 2025
Fri Feb 23 02:23:56 EST 2024
IsPeerReviewed true
IsScholarly true
Keywords Buffer overflow vulnerabilities
Type inference analysis
Dynamic symbolic execution
Data and control dependence analysis
Language English
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c334t-ec70e5d0933631fbc4181d65f2f5b1ce968e59f2e383781521d9a3f2cbce9b8a3
Notes SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
PQID 1693206195
PQPubID 41979
PageCount 18
ParticipantIDs proquest_journals_1693206195
crossref_citationtrail_10_1016_j_infsof_2015_05_007
crossref_primary_10_1016_j_infsof_2015_05_007
elsevier_sciencedirect_doi_10_1016_j_infsof_2015_05_007
PublicationCentury 2000
PublicationDate October 2015
2015-10-00
20151001
PublicationDateYYYYMMDD 2015-10-01
PublicationDate_xml – month: 10
  year: 2015
  text: October 2015
PublicationDecade 2010
PublicationPlace Amsterdam
PublicationPlace_xml – name: Amsterdam
PublicationTitle Information and software technology
PublicationYear 2015
Publisher Elsevier B.V
Elsevier Science Ltd
Publisher_xml – name: Elsevier B.V
– name: Elsevier Science Ltd
References J. Burnim, K. Sen, Heuristics for scalable dynamic test generation, in: Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering, 2008, pp. 443–446.
K. Sen, D. Marinov, G. Agha, CUTE: a concolic unit testing engine for C, in: Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2005, pp. 263–272.
D. Qi, H.D.T. Nguyen, A. Roychoudhury, Path exploration based on symbolic output, in: Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering, 2011, pp. 278–288.
N. Rungta, E.G. Mercer, W. Visser, Efficient testing of concurrent programs with abstraction-guided symbolic execution, in: Proceedings of the 16th International SPIN Workshop on Model Checking Software, 2009, pp. 174–191.
Godefroid, Levin, Molnar (b0130) 2012; 55
Harman, Mansouri, Zhang (b0140) 2012; 45
O. Ruwase, M.S. Lam, A practical dynamic buffer overflow detector, in: Proceedings of the 11th Annual Network and Distributed System Security Symposium, 2004.
Clarke, Dolado, Harman, Hierons, Jones, Lumkin, Mitchell, Mancoridis, Rees, Roper, Shepperd (b0050) 2003; 150
S. Person, G. Yang, N. Rungta, S. Khurshid, Directed incremental symbolic execution, in: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, 2011, pp. 504–515.
Common Weakness Enumeration, The 2011 CWE/SANS Top 25 Most Dangerous Software Errors.
Baluda, Braione, Denaro, Pezzè (b0020) Dec. 2011; 19
T. Xie, N. Tillmann, J. de Halleux, W. Schulte, Fitness–guided path exploration in dynamic symbolic execution, in: Proceedings of the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2009, pp. 359–368.
K. Lakhotia, N. Tillmann, M. Harman, J. de Halleux, FloPSy: search-based floating point constraint solving for symbolic execution, in: Proceedings of the 22nd IFIP WG 6.1 International Conference on Testing Software and Systems, 2010, pp. 142–157.
P. Godefroid, M.Y. Levin, D.A. Molnar, Active property checking, in: Proceedings of the 8th ACM International Conference on Embedded Software, 2008, pp. 207–216.
S. Anand, C.S. Păsăreanu, W. Visser, Symbolic execution with abstract subsumption checking, in: Proceedings of the 13th International SPIN Workshop on Model Checking Software, 2006, pp. 163–181.
J. Condit, M. Harren, Z.R. Anderson, D. Gay, G.C. Necula, Dependent types for low-level programming, in: Proceedings of the 16th European Conference on Programming, 2007, pp. 520–535.
King (b0150) 1976; 19
Do, Fong, Pears (b0095) 2013; vol. 410
C. Lattner, V.S. Adve, LLVM: a compilation framework for lifelong program analysis and transformation, in: Proceedings of the International Symposium on Code Generation and Optimization: Feedback-Directed and Runtime Optimization, 2004, pp. 75–88.
.
Binkley, Harman, Lakhotia (b0030) 2011; 20
J.E. Forrester, B.P. Miller, An empirical study of the robustness of Windows NT applications using random testing, in: Proceedings of the 4th Conference on USENIX Windows Systems Symposium, 2000, pp. 6–6.
B. Xin, X. Zhang, Efficient online detection of dynamic control dependence, in: Proceedings of the 2007 International Symposium on Software Testing and Analysis, 2007, pp. 185–195.
S. Arlt, A. Podelski, C. Bertolini, M. Schaf, I. Banerjee, A.M. Memon, Lightweight static analysis for GUI testing, in: Proceedings of the IEEE 23rd International Symposium on Software Reliability Engineering, 2012, pp. 301–310.
C.S. Jensen, M.R. Prasad, A. Møller, Automated testing with targeted event sequence generation, in: Proceedings of the 2013 International Symposium on Software Testing and Analysis, 2013, pp. 67–77.
Ferguson, Korel (b0100) 1996; 5
P. Godefroid, M.Y. Levin, D.A. Molnar, Automated whitebox fuzz testing, in: Proceedings of Network and Distributed Systems Security, 2008.
S. Anand, M. Naik, M.J. Harrold, H. Yang, Automated concolic testing of smartphone apps, in: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, 2012.
Del Grosso, Antoniol, Merlo, Galinier (b0090) 2008; 35
Cadar, Ganesh, Pawlowski, Dill, Engler (b0060) Dec. 2008; 12
M. Weiser, Program slicing, in: Proceedings of the 5th International Conference on Software Engineering, 1981, pp. 439–449.
K.K. Ma, Y.P. Khoo, J.S. Foster, M. Hicks, Directed symbolic execution, in: Proceedings of the 18th International Conference on Static Analysis, 2011, pp. 95–111.
D.A. Molnar, Dynamic Test Generation for Large Binary Programs, Ph.D. Dissertation, University of California, Berkeley, 2009.
M. Staats, C.S. Păsăreanu, Parallel symbolic execution for structural test generation, in: Proceedings of the 19th International Symposium on Software Testing and Analysis, 2010, pp. 183–194.
S. Thummalapenta, T. Xie, N. Tillmann, J. de Halleux, Z. Su, Synthesizing method sequences for high-coverage testing, in: Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, 2011, pp. 189–206.
Păsăreanu, Visser (b0195) 2009; 11
C. Cowan, P. Wagle, C. Pu, S. Beattie, J. Walpole, Buffer overflows: attacks and defenses for the vulnerability of the decade, in: Proceedings of DARPA Information Survivability Conference and Exposition, 2000, pp. 119–129.
K. Ku, T.E. Hart, M. Chechik, D. Lie, A buffer overflow benchmark for software model checkers, in: Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering, 2007, pp. 389–392.
M. Harman, The current state and future of search based software engineering, in: Future of Software Engineering, 2007, pp. 342–357.
E. Bounimova, P. Godefroid, D.A. Molnar, Billions and billions of constraints: whitebox fuzz testing in production, in: Proceedings of the 2013 International Conference on Software Engineering, 2013, pp. 122–131.
Common Vulnerabilities and Exposures
Lakhotia, Harman, Gross (b0170) 2013; 55
C. Cadar, D. Dunbar, D.R. Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs, in: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, 2008, pp. 209–224.
Cadar, Sen (b0070) Feb. 2013; 56
Clarke (b0040) May 1976; 2
C. Cadar, P. Godefroid, S. Khurshid, C.S. Păsăreanu, K. Sen, N. Tillmann, W. Visser, Symbolic execution for software testing in practice. preliminary assessment, in: Proceedings of the 33rd International Conference on Software Engineering, 2011, pp. 1066–1071.
P. Godefroid, Compositional dynamic test generation, in: Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2007, pp. 47–54.
D. Wagner, J.S. Foster, E.A. Brewer, A. Aiken, A first step towards automated detection of buffer overrun vulnerabilities, in: Proceedings of the Network and Distributed System Security Symposium, 2000.
P. Godefroid, N. Klarlund, K. Sen, DART: directed automated random testing, in: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, 2005, pp. 213–223.
McMinn, Holcombe (b0185) 2006; 14
R.A. Santelices, M.J. Harrold, Exploiting program dependencies for scalable multiple-path symbolic execution, in: Proceedings of the 19th International Symposium on Software Testing and Analysis, 2010, pp. 195–206.
N. Tillmann, J. de Halleux, Pex – white box test generation for.NET, in: Proceedings of the 2nd International Conference on Tests and Proofs, 2008, pp. 134–153.
V. Kuznetsov, J. Kinder, S. Bucur, G. Candea, Efficient state merging in symbolic execution, in: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation, 2012, pp. 193–204.
10.1016/j.infsof.2015.05.007_b0200
10.1016/j.infsof.2015.05.007_b0245
10.1016/j.infsof.2015.05.007_b0165
10.1016/j.infsof.2015.05.007_b0045
Lakhotia (10.1016/j.infsof.2015.05.007_b0170) 2013; 55
10.1016/j.infsof.2015.05.007_b0205
10.1016/j.infsof.2015.05.007_b0125
10.1016/j.infsof.2015.05.007_b0005
10.1016/j.infsof.2015.05.007_b0160
10.1016/j.infsof.2015.05.007_b0080
Ferguson (10.1016/j.infsof.2015.05.007_b0100) 1996; 5
Binkley (10.1016/j.infsof.2015.05.007_b0030) 2011; 20
10.1016/j.infsof.2015.05.007_b0240
10.1016/j.infsof.2015.05.007_b0120
10.1016/j.infsof.2015.05.007_b0085
Clarke (10.1016/j.infsof.2015.05.007_b0050) 2003; 150
Clarke (10.1016/j.infsof.2015.05.007_b0040) 1976; 2
10.1016/j.infsof.2015.05.007_b0035
10.1016/j.infsof.2015.05.007_b0110
10.1016/j.infsof.2015.05.007_b0155
10.1016/j.infsof.2015.05.007_b0235
10.1016/j.infsof.2015.05.007_b0115
King (10.1016/j.infsof.2015.05.007_b0150) 1976; 19
10.1016/j.infsof.2015.05.007_b0190
10.1016/j.infsof.2015.05.007_b0075
Del Grosso (10.1016/j.infsof.2015.05.007_b0090) 2008; 35
10.1016/j.infsof.2015.05.007_b0230
Baluda (10.1016/j.infsof.2015.05.007_b0020) 2011; 19
10.1016/j.infsof.2015.05.007_b0145
Păsăreanu (10.1016/j.infsof.2015.05.007_b0195) 2009; 11
10.1016/j.infsof.2015.05.007_b0025
10.1016/j.infsof.2015.05.007_b0220
10.1016/j.infsof.2015.05.007_b0105
McMinn (10.1016/j.infsof.2015.05.007_b0185) 2006; 14
10.1016/j.infsof.2015.05.007_b0225
10.1016/j.infsof.2015.05.007_b0180
10.1016/j.infsof.2015.05.007_b0065
Cadar (10.1016/j.infsof.2015.05.007_b0060) 2008; 12
10.1016/j.infsof.2015.05.007_b0260
10.1016/j.infsof.2015.05.007_b0255
10.1016/j.infsof.2015.05.007_b0135
10.1016/j.infsof.2015.05.007_b0055
10.1016/j.infsof.2015.05.007_b0210
10.1016/j.infsof.2015.05.007_b0215
Do (10.1016/j.infsof.2015.05.007_b0095) 2013; vol. 410
10.1016/j.infsof.2015.05.007_b0015
10.1016/j.infsof.2015.05.007_b0010
10.1016/j.infsof.2015.05.007_b0175
10.1016/j.infsof.2015.05.007_b0250
Cadar (10.1016/j.infsof.2015.05.007_b0070) 2013; 56
Godefroid (10.1016/j.infsof.2015.05.007_b0130) 2012; 55
Harman (10.1016/j.infsof.2015.05.007_b0140) 2012; 45
References_xml – reference: P. Godefroid, N. Klarlund, K. Sen, DART: directed automated random testing, in: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, 2005, pp. 213–223.
– reference: S. Anand, M. Naik, M.J. Harrold, H. Yang, Automated concolic testing of smartphone apps, in: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, 2012.
– reference: E. Bounimova, P. Godefroid, D.A. Molnar, Billions and billions of constraints: whitebox fuzz testing in production, in: Proceedings of the 2013 International Conference on Software Engineering, 2013, pp. 122–131.
– reference: C. Cadar, P. Godefroid, S. Khurshid, C.S. Păsăreanu, K. Sen, N. Tillmann, W. Visser, Symbolic execution for software testing in practice. preliminary assessment, in: Proceedings of the 33rd International Conference on Software Engineering, 2011, pp. 1066–1071.
– reference: J. Condit, M. Harren, Z.R. Anderson, D. Gay, G.C. Necula, Dependent types for low-level programming, in: Proceedings of the 16th European Conference on Programming, 2007, pp. 520–535.
– reference: N. Rungta, E.G. Mercer, W. Visser, Efficient testing of concurrent programs with abstraction-guided symbolic execution, in: Proceedings of the 16th International SPIN Workshop on Model Checking Software, 2009, pp. 174–191.
– reference: S. Anand, C.S. Păsăreanu, W. Visser, Symbolic execution with abstract subsumption checking, in: Proceedings of the 13th International SPIN Workshop on Model Checking Software, 2006, pp. 163–181.
– volume: 19
  start-page: 725
  year: Dec. 2011
  end-page: 751
  ident: b0020
  article-title: Enhancing structural software coverage by incrementally computing branch executability
  publication-title: Software Qual. J.
– reference: C. Cowan, P. Wagle, C. Pu, S. Beattie, J. Walpole, Buffer overflows: attacks and defenses for the vulnerability of the decade, in: Proceedings of DARPA Information Survivability Conference and Exposition, 2000, pp. 119–129.
– reference: D.A. Molnar, Dynamic Test Generation for Large Binary Programs, Ph.D. Dissertation, University of California, Berkeley, 2009.
– volume: 12
  year: Dec. 2008
  ident: b0060
  article-title: EXE: automatically generating inputs of death
  publication-title: ACM Trans. Inform. Syst. Secur.
– reference: N. Tillmann, J. de Halleux, Pex – white box test generation for.NET, in: Proceedings of the 2nd International Conference on Tests and Proofs, 2008, pp. 134–153.
– volume: 20
  year: 2011
  ident: b0030
  article-title: FlagRemover: a testability transformation for transforming loop-assigned flags
  publication-title: ACM Trans. Softw. Eng. Methodol.
– volume: 14
  year: 2006
  ident: b0185
  article-title: Evolutionary testing using an extended chaining approach
  publication-title: Evol. Comput.
– reference: T. Xie, N. Tillmann, J. de Halleux, W. Schulte, Fitness–guided path exploration in dynamic symbolic execution, in: Proceedings of the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2009, pp. 359–368.
– reference: P. Godefroid, M.Y. Levin, D.A. Molnar, Active property checking, in: Proceedings of the 8th ACM International Conference on Embedded Software, 2008, pp. 207–216.
– reference: P. Godefroid, M.Y. Levin, D.A. Molnar, Automated whitebox fuzz testing, in: Proceedings of Network and Distributed Systems Security, 2008.
– reference: S. Person, G. Yang, N. Rungta, S. Khurshid, Directed incremental symbolic execution, in: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, 2011, pp. 504–515.
– reference: J.E. Forrester, B.P. Miller, An empirical study of the robustness of Windows NT applications using random testing, in: Proceedings of the 4th Conference on USENIX Windows Systems Symposium, 2000, pp. 6–6.
– volume: 55
  start-page: 40
  year: 2012
  end-page: 44
  ident: b0130
  article-title: SAGE: whitebox fuzzing for security testing
  publication-title: Commun. ACM
– volume: 55
  year: 2013
  ident: b0170
  article-title: AUSTIN: an open source tool for search based software testing of C programs
  publication-title: Inf. Softw. Technol.
– volume: 35
  start-page: 3125
  year: 2008
  end-page: 3143
  ident: b0090
  article-title: Detecting buffer overflow via automatic test input data generation
  publication-title: Comput. Oper. Res.
– reference: O. Ruwase, M.S. Lam, A practical dynamic buffer overflow detector, in: Proceedings of the 11th Annual Network and Distributed System Security Symposium, 2004.
– reference: V. Kuznetsov, J. Kinder, S. Bucur, G. Candea, Efficient state merging in symbolic execution, in: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation, 2012, pp. 193–204.
– reference: M. Staats, C.S. Păsăreanu, Parallel symbolic execution for structural test generation, in: Proceedings of the 19th International Symposium on Software Testing and Analysis, 2010, pp. 183–194.
– reference: C.S. Jensen, M.R. Prasad, A. Møller, Automated testing with targeted event sequence generation, in: Proceedings of the 2013 International Symposium on Software Testing and Analysis, 2013, pp. 67–77.
– reference: R.A. Santelices, M.J. Harrold, Exploiting program dependencies for scalable multiple-path symbolic execution, in: Proceedings of the 19th International Symposium on Software Testing and Analysis, 2010, pp. 195–206.
– reference: K.K. Ma, Y.P. Khoo, J.S. Foster, M. Hicks, Directed symbolic execution, in: Proceedings of the 18th International Conference on Static Analysis, 2011, pp. 95–111.
– volume: vol. 410
  start-page: 3
  year: 2013
  end-page: 15
  ident: b0095
  article-title: Dynamic symbolic execution guided by data dependency analysis for high structural coverage
  publication-title: Communications in Computer and Information Science
– reference: P. Godefroid, Compositional dynamic test generation, in: Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2007, pp. 47–54.
– reference: K. Ku, T.E. Hart, M. Chechik, D. Lie, A buffer overflow benchmark for software model checkers, in: Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering, 2007, pp. 389–392.
– volume: 150
  start-page: 161
  year: 2003
  end-page: 175
  ident: b0050
  article-title: Reformulating software engineering as a search problem
  publication-title: IEE Proc. – Softw.
– reference: S. Thummalapenta, T. Xie, N. Tillmann, J. de Halleux, Z. Su, Synthesizing method sequences for high-coverage testing, in: Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, 2011, pp. 189–206.
– reference: Common Vulnerabilities and Exposures, <
– volume: 2
  start-page: 215
  year: May 1976
  end-page: 222
  ident: b0040
  article-title: A system to generate test data and symbolically execute programs
  publication-title: IEEE Trans. Softw. Eng.
– reference: S. Arlt, A. Podelski, C. Bertolini, M. Schaf, I. Banerjee, A.M. Memon, Lightweight static analysis for GUI testing, in: Proceedings of the IEEE 23rd International Symposium on Software Reliability Engineering, 2012, pp. 301–310.
– volume: 45
  year: 2012
  ident: b0140
  article-title: Search-based software engineering: trends, techniques and applications
  publication-title: ACM Comput. Surv.
– reference: C. Cadar, D. Dunbar, D.R. Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs, in: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, 2008, pp. 209–224.
– reference: C. Lattner, V.S. Adve, LLVM: a compilation framework for lifelong program analysis and transformation, in: Proceedings of the International Symposium on Code Generation and Optimization: Feedback-Directed and Runtime Optimization, 2004, pp. 75–88.
– volume: 11
  start-page: 339
  year: 2009
  end-page: 353
  ident: b0195
  article-title: A survey of new trends in symbolic execution for software testing and analysis
  publication-title: Softw. Tools Technol. Transfer
– reference: Common Weakness Enumeration, The 2011 CWE/SANS Top 25 Most Dangerous Software Errors. <
– volume: 5
  start-page: 63
  year: 1996
  end-page: 86
  ident: b0100
  article-title: The chaining approach for software test data generation
  publication-title: ACM Trans. Softw. Eng. Methodol.
– volume: 19
  start-page: 385
  year: 1976
  end-page: 394
  ident: b0150
  article-title: Symbolic execution and program testing
  publication-title: Commun. ACM
– reference: K. Lakhotia, N. Tillmann, M. Harman, J. de Halleux, FloPSy: search-based floating point constraint solving for symbolic execution, in: Proceedings of the 22nd IFIP WG 6.1 International Conference on Testing Software and Systems, 2010, pp. 142–157.
– reference: M. Harman, The current state and future of search based software engineering, in: Future of Software Engineering, 2007, pp. 342–357.
– reference: D. Wagner, J.S. Foster, E.A. Brewer, A. Aiken, A first step towards automated detection of buffer overrun vulnerabilities, in: Proceedings of the Network and Distributed System Security Symposium, 2000.
– reference: >.
– reference: M. Weiser, Program slicing, in: Proceedings of the 5th International Conference on Software Engineering, 1981, pp. 439–449.
– reference: B. Xin, X. Zhang, Efficient online detection of dynamic control dependence, in: Proceedings of the 2007 International Symposium on Software Testing and Analysis, 2007, pp. 185–195.
– volume: 56
  start-page: 82
  year: Feb. 2013
  end-page: 90
  ident: b0070
  article-title: Symbolic execution for software testing: three decades later
  publication-title: Commun. ACM
– reference: K. Sen, D. Marinov, G. Agha, CUTE: a concolic unit testing engine for C, in: Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2005, pp. 263–272.
– reference: D. Qi, H.D.T. Nguyen, A. Roychoudhury, Path exploration based on symbolic output, in: Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering, 2011, pp. 278–288.
– reference: J. Burnim, K. Sen, Heuristics for scalable dynamic test generation, in: Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering, 2008, pp. 443–446.
– ident: 10.1016/j.infsof.2015.05.007_b0035
  doi: 10.1109/ASE.2008.69
– ident: 10.1016/j.infsof.2015.05.007_b0045
– volume: 45
  issue: 1
  year: 2012
  ident: 10.1016/j.infsof.2015.05.007_b0140
  article-title: Search-based software engineering: trends, techniques and applications
  publication-title: ACM Comput. Surv.
  doi: 10.1145/2379776.2379787
– ident: 10.1016/j.infsof.2015.05.007_b0175
  doi: 10.1007/978-3-642-16573-3_11
– ident: 10.1016/j.infsof.2015.05.007_b0255
  doi: 10.1109/DSN.2009.5270315
– ident: 10.1016/j.infsof.2015.05.007_b0115
  doi: 10.1145/1065010.1065036
– volume: vol. 410
  start-page: 3
  year: 2013
  ident: 10.1016/j.infsof.2015.05.007_b0095
  article-title: Dynamic symbolic execution guided by data dependency analysis for high structural coverage
– volume: 2
  start-page: 215
  year: 1976
  ident: 10.1016/j.infsof.2015.05.007_b0040
  article-title: A system to generate test data and symbolically execute programs
  publication-title: IEEE Trans. Softw. Eng.
  doi: 10.1109/TSE.1976.233817
– volume: 35
  start-page: 3125
  issue: 10
  year: 2008
  ident: 10.1016/j.infsof.2015.05.007_b0090
  article-title: Detecting buffer overflow via automatic test input data generation
  publication-title: Comput. Oper. Res.
  doi: 10.1016/j.cor.2007.01.013
– ident: 10.1016/j.infsof.2015.05.007_b0210
– ident: 10.1016/j.infsof.2015.05.007_b0225
  doi: 10.1145/1081706.1081750
– ident: 10.1016/j.infsof.2015.05.007_b0205
  doi: 10.1145/2025113.2025152
– ident: 10.1016/j.infsof.2015.05.007_b0230
  doi: 10.1145/1831708.1831732
– volume: 19
  start-page: 385
  issue: July
  year: 1976
  ident: 10.1016/j.infsof.2015.05.007_b0150
  article-title: Symbolic execution and program testing
  publication-title: Commun. ACM
  doi: 10.1145/360248.360252
– ident: 10.1016/j.infsof.2015.05.007_b0010
  doi: 10.1109/ISSRE.2012.25
– ident: 10.1016/j.infsof.2015.05.007_b0105
– volume: 20
  issue: 12
  year: 2011
  ident: 10.1016/j.infsof.2015.05.007_b0030
  article-title: FlagRemover: a testability transformation for transforming loop-assigned flags
  publication-title: ACM Trans. Softw. Eng. Methodol.
– ident: 10.1016/j.infsof.2015.05.007_b0065
  doi: 10.1007/978-3-540-71316-6_35
– ident: 10.1016/j.infsof.2015.05.007_b0110
  doi: 10.1145/1190216.1190226
– ident: 10.1016/j.infsof.2015.05.007_b0125
  doi: 10.1145/1450058.1450087
– volume: 5
  start-page: 63
  year: 1996
  ident: 10.1016/j.infsof.2015.05.007_b0100
  article-title: The chaining approach for software test data generation
  publication-title: ACM Trans. Softw. Eng. Methodol.
  doi: 10.1145/226155.226158
– ident: 10.1016/j.infsof.2015.05.007_b0160
  doi: 10.1145/2254064.2254088
– ident: 10.1016/j.infsof.2015.05.007_b0245
– ident: 10.1016/j.infsof.2015.05.007_b0075
– volume: 12
  issue: 10
  year: 2008
  ident: 10.1016/j.infsof.2015.05.007_b0060
  article-title: EXE: automatically generating inputs of death
  publication-title: ACM Trans. Inform. Syst. Secur.
– ident: 10.1016/j.infsof.2015.05.007_b0085
  doi: 10.1109/DISCEX.2000.821514
– volume: 56
  start-page: 82
  year: 2013
  ident: 10.1016/j.infsof.2015.05.007_b0070
  article-title: Symbolic execution for software testing: three decades later
  publication-title: Commun. ACM
  doi: 10.1145/2408776.2408795
– ident: 10.1016/j.infsof.2015.05.007_b0180
– ident: 10.1016/j.infsof.2015.05.007_b0015
  doi: 10.1007/11691617_10
– ident: 10.1016/j.infsof.2015.05.007_b0215
  doi: 10.1007/978-3-642-02652-2_16
– volume: 55
  start-page: 40
  issue: 3
  year: 2012
  ident: 10.1016/j.infsof.2015.05.007_b0130
  article-title: SAGE: whitebox fuzzing for security testing
  publication-title: Commun. ACM
  doi: 10.1145/2093548.2093564
– ident: 10.1016/j.infsof.2015.05.007_b0145
  doi: 10.1145/2483760.2483777
– ident: 10.1016/j.infsof.2015.05.007_b0235
  doi: 10.1007/978-3-540-79124-9_10
– ident: 10.1016/j.infsof.2015.05.007_b0220
  doi: 10.1145/1831708.1831733
– ident: 10.1016/j.infsof.2015.05.007_b0135
  doi: 10.1109/FOSE.2007.29
– ident: 10.1016/j.infsof.2015.05.007_b0025
  doi: 10.1109/ICSE.2013.6606558
– ident: 10.1016/j.infsof.2015.05.007_b0055
  doi: 10.1145/1985793.1985995
– ident: 10.1016/j.infsof.2015.05.007_b0080
– volume: 14
  issue: 1
  year: 2006
  ident: 10.1016/j.infsof.2015.05.007_b0185
  article-title: Evolutionary testing using an extended chaining approach
  publication-title: Evol. Comput.
  doi: 10.1162/evco.2006.14.1.41
– volume: 11
  start-page: 339
  issue: October
  year: 2009
  ident: 10.1016/j.infsof.2015.05.007_b0195
  article-title: A survey of new trends in symbolic execution for software testing and analysis
  publication-title: Softw. Tools Technol. Transfer
  doi: 10.1007/s10009-009-0118-1
– ident: 10.1016/j.infsof.2015.05.007_b0250
– volume: 55
  issue: 1
  year: 2013
  ident: 10.1016/j.infsof.2015.05.007_b0170
  article-title: AUSTIN: an open source tool for search based software testing of C programs
  publication-title: Inf. Softw. Technol.
  doi: 10.1016/j.infsof.2012.03.009
– ident: 10.1016/j.infsof.2015.05.007_b0190
  doi: 10.1007/978-3-642-23702-7_11
– ident: 10.1016/j.infsof.2015.05.007_b0200
  doi: 10.1145/1993498.1993558
– ident: 10.1016/j.infsof.2015.05.007_b0165
  doi: 10.1109/CGO.2004.1281665
– ident: 10.1016/j.infsof.2015.05.007_b0120
– ident: 10.1016/j.infsof.2015.05.007_b0260
  doi: 10.1145/1273463.1273489
– ident: 10.1016/j.infsof.2015.05.007_b0240
  doi: 10.1145/2048066.2048083
– ident: 10.1016/j.infsof.2015.05.007_b0005
  doi: 10.1145/2393596.2393666
– ident: 10.1016/j.infsof.2015.05.007_b0155
  doi: 10.1145/1321631.1321691
– volume: 19
  start-page: 725
  year: 2011
  ident: 10.1016/j.infsof.2015.05.007_b0020
  article-title: Enhancing structural software coverage by incrementally computing branch executability
  publication-title: Software Qual. J.
  doi: 10.1007/s11219-011-9150-y
– volume: 150
  start-page: 161
  issue: 3
  year: 2003
  ident: 10.1016/j.infsof.2015.05.007_b0050
  article-title: Reformulating software engineering as a search problem
  publication-title: IEE Proc. – Softw.
  doi: 10.1049/ip-sen:20030559
SSID ssj0017030
Score 2.1296058
Snippet Memory safety errors such as buffer overflow vulnerabilities are one of the most serious classes of security threats. Detecting and removing such security...
SourceID proquest
crossref
elsevier
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 40
SubjectTerms Algorithms
Buffer overflow vulnerabilities
Data and control dependence analysis
Dynamic symbolic execution
Security management
Software
Software quality
Studies
Type inference analysis
Title Goal-oriented dynamic test generation
URI https://dx.doi.org/10.1016/j.infsof.2015.05.007
https://www.proquest.com/docview/1693206195
Volume 66
WOSCitedRecordID wos000358699900004&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals 2021
  customDbUrl:
  eissn: 1873-6025
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0017030
  issn: 0950-5849
  databaseCode: AIEXJ
  dateStart: 19950101
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1bb9MwFLZgQ4gXxFUMBsoDPFWWktjx5bEa486E2EB9i-LE1lqqZGrSsZ_PcY6Twio0QEKqotZuUtfn5Pjzl3Mh5LmQjqepFdQqzil3pqLKOkFZATttoxUT_RP8rx_k0ZGazfSnQOi3fTkBWdfq4kKf_VdRQxsI24fO_oW4x4tCA7wHocMRxA7HPxL866ZY0sanL_ZgssKK8xNAlJ0vl2xXG1EsBi_2MYJxgjS66757h7Bui3Z_2aBTkZ3WI438_rTpW4_nxZoenNqwFPYrGxqS6fJ83k6ga_1t8nG-6QdzjAXaPq_bNrjuBwIiyUZXtsCKbUXGBHoxpgBu0BxaNK5KMipiDHQerK_42Xxi5qawEGPi6i0Tj2zDwu9LYD68c17W517F4rmXkmcf-3H4YQDu9TtPfp3spjLTYP92p28PZ-_GJ07e8mFeRhz3EGbZ-wJu_9bvYMylBb1HKSd3yO2wvYimqBZ3yTVb3yM3h-iG--TFL9oRBe2IvHZEG-14QL68Ojw5eENDpQxaMsY7aksZ26zy7JRgiTMlB-BWicylLjNJabVQNtMutZ6PUB6yVbpgLi0N9BlVsIdkp25q-4hEDPqMsE4qYzjX1miRlDF8drBXSHSxR9jwx_MypJH31UyW-eAvuMhxunI_XXkMr1juETqedYZpVK74vhzmNA9QECFeDmpwxZn7gwjycFe2uc84lAJy1dnjf77wE3Jro_37ZKdbre1TcqM87-bt6llQpx-lxo1A
linkProvider Elsevier
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Goal-oriented+dynamic+test+generation&rft.jtitle=Information+and+software+technology&rft.au=Do%2C+TheAnh&rft.au=Khoo%2C+Siau-Cheng&rft.au=Fong%2C+Alvis+Cheuk+Ming&rft.au=Pears%2C+Russel&rft.date=2015-10-01&rft.pub=Elsevier+B.V&rft.issn=0950-5849&rft.eissn=1873-6025&rft.volume=66&rft.spage=40&rft.epage=57&rft_id=info:doi/10.1016%2Fj.infsof.2015.05.007&rft.externalDocID=S0950584915001044
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0950-5849&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0950-5849&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0950-5849&client=summon