CFP last date
21 October 2024
Reseach Article

Symbolic Execution-based Code Coverage Framework for Augmented Software Testing

by Rachel Glockenmeier, Varghese Vaidyan, Yong Wang
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 186 - Number 37
Year of Publication: 2024
Authors: Rachel Glockenmeier, Varghese Vaidyan, Yong Wang
10.5120/ijca2024923951

Rachel Glockenmeier, Varghese Vaidyan, Yong Wang . Symbolic Execution-based Code Coverage Framework for Augmented Software Testing. International Journal of Computer Applications. 186, 37 ( Sep 2024), 1-7. DOI=10.5120/ijca2024923951

@article{ 10.5120/ijca2024923951,
author = { Rachel Glockenmeier, Varghese Vaidyan, Yong Wang },
title = { Symbolic Execution-based Code Coverage Framework for Augmented Software Testing },
journal = { International Journal of Computer Applications },
issue_date = { Sep 2024 },
volume = { 186 },
number = { 37 },
month = { Sep },
year = { 2024 },
issn = { 0975-8887 },
pages = { 1-7 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume186/number37/symbolic-execution-based-code-coverage-framework-for-augmented-software-testing/ },
doi = { 10.5120/ijca2024923951 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-09-10T23:18:25+05:30
%A Rachel Glockenmeier
%A Varghese Vaidyan
%A Yong Wang
%T Symbolic Execution-based Code Coverage Framework for Augmented Software Testing
%J International Journal of Computer Applications
%@ 0975-8887
%V 186
%N 37
%P 1-7
%D 2024
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Although extensive research has been done on automated software comprehension, no analysis framework exists that is free of limitations and constraints to address the challenge of comprehending software without manually investigating it. This introduces several challenges. One important task to software researchers is to identify all the sets of paths inside a target program. Answering this will offer further information about the target program and allow for understanding, and ultimately further security and quality analysis. Introducing a comprehensive framework for code coverage analysis, a notable gap in the existing works, is addressed by offering empirical evidence and an analysis framework to evaluate the impacts of enhancements to symbolic execution techniques in target programs. Using angr as the symbolic execution engine, several code exploration approaches based on prior research and angr’s capabilities are implemented. To analyze the implications of these changes on code coverage, the proposed approach performs a comparative investigation over a wide variety of binary programs, accounting for varying complexity levels and memory restrictions. The experimental findings show a wide coverage range ranging from 0.3185% to 16.7093%, depending on the testing circumstances. By developing a benchmark for code coverage under symbolic execution, the framework not only elucidates the interaction of testing variables, but also offers a full analytical framework for assessing coverage expectations in respective contexts.

References
  1. Thanassis Avgerinos, Sang Kil Cha, Alexandre Rebert, Edward J. Schwartz, Maverick Woo, and David Brumley. Automatic exploit generation. Commun. ACM, 57(2):74–84, feb 2014.
  2. Roberto Baldoni, Emilio Coppa, Daniele Cono D’elia, Camil Demetrescu, and Irene Finocchi. A survey of symbolic execution techniques. ACM Comput. Surv., 51(3), May 2018.
  3. Cristian Cadar, Daniel Dunbar, and Dawson Engler. KLEE: Unassisted and automatic generation of High-Coverage tests for complex systems programs. In 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI 08), San Diego, CA, dec 2008. USENIX Association.
  4. Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, and Dawson R. Engler. Exe: Automatically generating inputs of death. ACM Trans. Inf. Syst. Secur., 12(2), dec 2008.
  5. Cristian Cadar and Koushik Sen. Symbolic execution for software testing: Three decades later. Commun. ACM, 56(2):82–90, feb 2013.
  6. Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert, and David Brumley. Unleashing mayhem on binary code. In 2012 IEEE Symposium on Security and Privacy, pages 380–394, 2012.
  7. Simulation managers. https://docs.angr.io/en/latest/coreconcepts/ pathgroups.htmlexploration-techniques.
  8. Xueshuai Ge, Tieming Liu, Yaobin Xie, and Yuanyuan Zhang. A vulnerability automation exploitation method based on symbolic execution. In International Conference on Electroning Information Engineering and Data Processing (EIEDP 2023), volume 12700 of Society of Photo-Optical Instrumentation Engineers (SPIE) Conference Series, May 2023.
  9. Xueshuai Ge, Tieming Liu, Yaobin Xie, and Yuanyuan Zhang. A survey of automatic exploitation of binary vulnerabilities. In Xiaohao Cai and Badrul Hisham bin Ahmad, editors, International Conference on Computer Network Security and Software Engineering (CNSSE 2023), volume 12714 of Society of Photo-Optical Instrumentation Engineers (SPIE) Conference Series, Jun 2023.
  10. Patrice Godefroid, Michael Y. Levin, and David Molnar. Sage: Whitebox fuzzing for security testing. Commun. ACM, 55(3):40–44, mar 2012.
  11. James C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385–394, jul 1976.
  12. Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. Efficient state merging in symbolic execution. SIGPLAN Not., 47(6):193–204, Jun 2012.
  13. Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. Sok: (state of) the art of war: Offensive techniques in binary analysis. In 2016 IEEE Symposium on Security and Privacy (SP), pages 138–157, 2016.
  14. Api reference. https://docs.angr.io/en/latest/api.htmlangr.sim manager.SimulationManager.
  15. Haoxin Tu. Boosting symbolic execution for heap-based vulnerability detection and exploit generation. In 2023 IEEE/ACM 45th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pages 218–220, 2023.
  16. Varghese Vaidyan and Bhaskar Rimal. Hybrid quantum artificial intelligence electromagnetic spectrum analysis framework for transportation system security. Journal of Hardware and System Security, December 2023.
  17. Varghese Mathew Vaidyan and Akhilesh Tyagi. Hybrid classical-quantum artificial intelligence models for electromagnetic control system processor fault analysis. In 2022 IEEE IAS Global Conference on Emerging Technologies (GlobConET), pages 798–803, 2022.
Index Terms

Computer Science
Information Sciences
Software analysis
code coverage

Keywords

Symbolic execution angr AEG