Affiliation:
1. University of Central Florida Dept. of Computer Science, USA
2. Carnegie Mellon University/ NASA Ames Research Center, USA
3. National University of Singapore, Singapore
Abstract
Testing to detect semantic bugs is essential, especially for critical systems. Coverage-guided fuzzing (CGF) and runtime assertion checking (RAC) are two well-known approaches for detecting semantic bugs. CGF aims to generate test inputs with high code coverage. However, while CGF tools can be equipped with sanitizers to detect a fixed set of semantic bugs, they can otherwise only detect bugs that lead to a crash. Thus, the first problem we address is how to help fuzzers detect previously unknown semantic bugs that do not lead to a crash. Moreover, a CGF tool may not necessarily cover all branches with valid inputs, although invalid inputs are useless for detecting semantic bugs. So, the second problem is how to guide a fuzzer to maximize coverage using only valid inputs. On the other hand, RAC monitors the expected behavior of a program dynamically and can only detect a semantic bug when a valid test input shows that the program does not satisfy its specification. Thus, the third problem is how to provide high-quality test inputs for a RAC that can trigger potential bugs. The combination of a CGF tool and RAC solves these problems and can cover branches with valid inputs and detect semantic bugs effectively. Our study uses RAC to guarantee that only valid inputs reach the program under test using the program’s specified preconditions and it also uses RAC to detect semantic bugs using specified postconditions. A prototype tool was developed for this study, named JMLKelinci+. Our results show that combining a CGF tool with RAC will lead to executing the program under test only with valid inputs and that this technique can effectively detect semantic bugs. Also, this idea improves the feedback given to a CGF tool, enabling it to cover all branches faster in programs with non-trivial preconditions.
Publisher
Association for Computing Machinery (ACM)
Subject
Theoretical Computer Science,Software
Reference135 articles.
1. Wolfgang Ahrendt , Bernhard Beckert , Richard Bubel , Reiner Hähnle , Peter H Schmitt , and Mattias Ulbrich . 2016. Deductive software verification-the KeY book. Lecture notes in computer science 10001 ( 2016 ). Wolfgang Ahrendt, Bernhard Beckert, Richard Bubel, Reiner Hähnle, Peter H Schmitt, and Mattias Ulbrich. 2016. Deductive software verification-the KeY book. Lecture notes in computer science 10001 (2016).
2. Fifty Years of Hoare’s Logic;Apt R.;Form. Asp. Comput.,2019
3. Combining test case generation and runtime verification;Artho Cyrille;Theoretical Computer Science,2005
4. Formal Verification of Security Protocol Implementations: A Survey;Avalle Matteo;Form. Asp. Comput.,2014
5. A survey of symbolic execution techniques;Baldoni Roberto;ACM Computing Surveys (CSUR),2018
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Automated Reasoning Repair;Proceedings of the 24th ACM International Workshop on Formal Techniques for Java-like Programs;2022-06-07