Mixing concrete and symbolic execution to improve the performance of dynamic test generation

  • Authors:
  • Gen Li;Kai Lu;Ying Zhang;Xicheng Lu;Wei Zhang

  • Affiliations:
  • School of Computer, National University of Defence Technology, ChangSha, China;School of Computer, National University of Defence Technology, ChangSha, China;School of Computer, National University of Defence Technology, ChangSha, China;School of Computer, National University of Defence Technology, ChangSha, China;School of Computer, National University of Defence Technology, ChangSha, China

  • Venue:
  • NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

Dynamic test generation approach is becoming increasingly popular to find security vulnerabilities in software. However, existing such approaches and tools have bad system performance because they perform slow symbolic execution on all instructions. This paper presents a new dynamic test generation technique and a tool, Hunter that implements this technique. Unlike other such techniques, Hunter combines concrete and symbolic execution, by executing the inputindependent instructions concretely at full speed and performing symbolic execution only on direct or indirect inputdependent instructions, thus greatly accelerating the overall system performance. We have implemented our Hunter and used it to automatically find the bugs in the benchmarks and applications with known bugs. At the same time, we also compared it with a typical dynamic test generation tool, SAGE, by testing the same application with the same bug. Our results indicate that our Hunter can improve the system performance greatly; and Hunter can effectively find bugs located deep within large applications.