Automatically generating search heuristics for concolic testing

Sooyoung Cha; Seongjoon Hong; Junhee Lee; Hakjoo Oh

doi:10.1145/3180155.3180166

Automatically generating search heuristics for concolic testing

Sooyoung Cha, Seongjoon Hong, Junhee Lee, Hakjoo Oh

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

20 Citations (Scopus)

Abstract

We present a technique to automatically generate search heuristics for concolic testing. A key challenge in concolic testing is how to effectively explore the program's execution paths to achieve high code coverage in a limited time budget. Concolic testing employs a search heuristic to address this challenge, which favors exploring particular types of paths that are most likely to maximize the final coverage. However, manually designing a good search heuristic is nontrivial and typically ends up with suboptimal and unstable outcomes. The goal of this paper is to overcome this shortcoming of concolic testing by automatically generating search heuristics. We define a class of search heuristics, namely a parameterized heuristic, and present an algorithm that efficiently finds an optimal heuristic for each subject program. Experimental results with open-source C programs show that our technique successfully generates search heuristics that significantly outperform existing manually-crafted heuristics in terms of branch coverage and bug-finding.

Original language	English
Title of host publication	Proceedings of the 40th International Conference on Software Engineering, ICSE 2018
Publisher	IEEE Computer Society
Pages	1244-1254
Number of pages	11
ISBN (Electronic)	9781450356381
DOIs	https://doi.org/10.1145/3180155.3180166
Publication status	Published - 2018 May 27
Event	40th International Conference on Software Engineering, ICSE 2018 - Gothenburg, Sweden Duration: 2018 May 27 → 2018 Jun 3

Publication series

Name	Proceedings - International Conference on Software Engineering
ISSN (Print)	0270-5257

Conference

Conference	40th International Conference on Software Engineering, ICSE 2018
Country/Territory	Sweden
City	Gothenburg
Period	18/5/27 → 18/6/3

ASJC Scopus subject areas

Software

Access to Document

10.1145/3180155.3180166

Cite this

Automatically generating search heuristics for concolic testing. / Cha, Sooyoung; Hong, Seongjoon; Lee, Junhee et al.
Proceedings of the 40th International Conference on Software Engineering, ICSE 2018. IEEE Computer Society, 2018. p. 1244-1254 (Proceedings - International Conference on Software Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Cha, S, Hong, S, Lee, J & Oh, H 2018, Automatically generating search heuristics for concolic testing. in Proceedings of the 40th International Conference on Software Engineering, ICSE 2018. Proceedings - International Conference on Software Engineering, IEEE Computer Society, pp. 1244-1254, 40th International Conference on Software Engineering, ICSE 2018, Gothenburg, Sweden, 18/5/27. https://doi.org/10.1145/3180155.3180166

@inproceedings{fd6dd9c97ca8414fa7a0aaae7ea7b1ee,

title = "Automatically generating search heuristics for concolic testing",

abstract = "We present a technique to automatically generate search heuristics for concolic testing. A key challenge in concolic testing is how to effectively explore the program's execution paths to achieve high code coverage in a limited time budget. Concolic testing employs a search heuristic to address this challenge, which favors exploring particular types of paths that are most likely to maximize the final coverage. However, manually designing a good search heuristic is nontrivial and typically ends up with suboptimal and unstable outcomes. The goal of this paper is to overcome this shortcoming of concolic testing by automatically generating search heuristics. We define a class of search heuristics, namely a parameterized heuristic, and present an algorithm that efficiently finds an optimal heuristic for each subject program. Experimental results with open-source C programs show that our technique successfully generates search heuristics that significantly outperform existing manually-crafted heuristics in terms of branch coverage and bug-finding.",

author = "Sooyoung Cha and Seongjoon Hong and Junhee Lee and Hakjoo Oh",

year = "2018",

month = may,

day = "27",

doi = "10.1145/3180155.3180166",

language = "English",

series = "Proceedings - International Conference on Software Engineering",

publisher = "IEEE Computer Society",

pages = "1244--1254",

booktitle = "Proceedings of the 40th International Conference on Software Engineering, ICSE 2018",

note = "40th International Conference on Software Engineering, ICSE 2018 ; Conference date: 27-05-2018 Through 03-06-2018",

}

TY - GEN

T1 - Automatically generating search heuristics for concolic testing

AU - Cha, Sooyoung

AU - Hong, Seongjoon

AU - Lee, Junhee

AU - Oh, Hakjoo

PY - 2018/5/27

Y1 - 2018/5/27

N2 - We present a technique to automatically generate search heuristics for concolic testing. A key challenge in concolic testing is how to effectively explore the program's execution paths to achieve high code coverage in a limited time budget. Concolic testing employs a search heuristic to address this challenge, which favors exploring particular types of paths that are most likely to maximize the final coverage. However, manually designing a good search heuristic is nontrivial and typically ends up with suboptimal and unstable outcomes. The goal of this paper is to overcome this shortcoming of concolic testing by automatically generating search heuristics. We define a class of search heuristics, namely a parameterized heuristic, and present an algorithm that efficiently finds an optimal heuristic for each subject program. Experimental results with open-source C programs show that our technique successfully generates search heuristics that significantly outperform existing manually-crafted heuristics in terms of branch coverage and bug-finding.

AB - We present a technique to automatically generate search heuristics for concolic testing. A key challenge in concolic testing is how to effectively explore the program's execution paths to achieve high code coverage in a limited time budget. Concolic testing employs a search heuristic to address this challenge, which favors exploring particular types of paths that are most likely to maximize the final coverage. However, manually designing a good search heuristic is nontrivial and typically ends up with suboptimal and unstable outcomes. The goal of this paper is to overcome this shortcoming of concolic testing by automatically generating search heuristics. We define a class of search heuristics, namely a parameterized heuristic, and present an algorithm that efficiently finds an optimal heuristic for each subject program. Experimental results with open-source C programs show that our technique successfully generates search heuristics that significantly outperform existing manually-crafted heuristics in terms of branch coverage and bug-finding.

UR - http://www.scopus.com/inward/record.url?scp=85049414020&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85049414020&partnerID=8YFLogxK

U2 - 10.1145/3180155.3180166

DO - 10.1145/3180155.3180166

M3 - Conference contribution

AN - SCOPUS:85049414020

T3 - Proceedings - International Conference on Software Engineering

SP - 1244

EP - 1254

BT - Proceedings of the 40th International Conference on Software Engineering, ICSE 2018

PB - IEEE Computer Society

T2 - 40th International Conference on Software Engineering, ICSE 2018

Y2 - 27 May 2018 through 3 June 2018

ER -

Automatically generating search heuristics for concolic testing

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this