skip to main content
10.1145/3092703.3098233acmconferencesArticle/Chapter ViewAbstractPublication PagesisstaConference Proceedingsconference-collections
short-paper

Dynamic tainting for automatic test case generation

Published: 10 July 2017 Publication History

Abstract

Dynamic tainting is an important part of modern software engineering research. State-of-the-art tools for debugging, bug detection and program analysis make use of this technique. Nonetheless, the research area based on dynamic tainting still has open questions, among others the automatic generation of program inputs.
My proposed work concentrates on the use of dynamic tainting for test case generation. The goal is the generation of complex and valid test inputs from scratch. Therefore, I use byte level taint information enhanced with additional static and dynamic program analysis. This information is used in an evolutionary algorithm to create new offsprings and mutations. Concretely, instead of crossing and mutating the whole input randomly, taint information can be used to define which parts of the input have to be mutated. Furthermore, the taint information may also be used to define evolutionary operators.
Eventually, the evolutionary algorithm is able to generate valid inputs for a program. Such inputs can be used together with the taint information for further program analysis, e.g. the generation of input grammars.

References

[1]
afl. 2017. american fuzzy lop. (2017). http://lcamtuf.coredump.cx/afl/
[2]
M. Böhme and S. Paul. 2016. A Probabilistic Analysis of the Efficiency of Automated Software Testing. IEEE Transactions on Software Engineering 42, 4 (April 2016), 345–360. https://
[3]
Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI’08). USENIX Association, Berkeley, CA, USA, 209–224. http://dl.acm.org/citation.cfm?id=1855741.1855756
[4]
James Clause and Alessandro Orso. 2009. Penumbra: Automatically Identifying Failure-relevant Inputs Using Dynamic Tainting. In Proceedings of the Eighteenth International Symposium on Software Testing and Analysis (ISSTA ’09). ACM, New York, NY, USA, 249–260. https://
[5]
Dave Gamble. 2017.
[6]
cJson - Ultralightweight JSON parser in ANSI C. (2017).
[7]
https://github.com/DaveGamble/cJSON
[8]
Patrice Godefroid, Adam Kiezun, and Michael Y Levin. 2008. Grammar-based whitebox fuzzing. In ACM Sigplan Notices, Vol. 43. ACM, 206–215.
[9]
Nikolas Havrikov, Matthias Höschele, Juan Pablo Galeotti, and Andreas Zeller. 2014. XMLMate: Evolutionary XML Test Generation. In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014). ACM, New York, NY, USA, 719–722. https://
[10]
[11]
Matthias Höschele and Andreas Zeller. 2016.
[12]
Mining Input Grammars from Dynamic Taints. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering (ASE 2016). ACM, 720–725. https://
[13]
Min Gyung Kang, Stephen McCamant, Pongsin Poosankam, and Dawn Song. 2011. DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation. In NDSS.
[14]
Sean Luke. 2013.
[15]
Essentials of Metaheuristics (second ed.). Lulu. Available for free at http://cs.gmu.edu/ ∼sean/book/metaheuristics/.
[16]
Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2007.
[17]
Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In In Proceeding of the Network and Distributed System Security Symposium (NDSS’07).
[18]
Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010.
[19]
All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP ’10). IEEE Computer Society, Washington, DC, USA, 317–331. https://
[20]
Petar Tsankov, Marco Pistoia, Omer Tripp, Martin Vechev, and Pietro Ferrara. 2016.

Cited By

View all
  • (2019)Automatic Test Data Generation for a Given Set of Applications Using Recurrent Neural NetworksSoftware Technologies10.1007/978-3-030-29157-0_14(307-326)Online publication date: 13-Aug-2019

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ISSTA 2017: Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis
July 2017
447 pages
ISBN:9781450350761
DOI:10.1145/3092703
  • General Chair:
  • Tevfik Bultan,
  • Program Chair:
  • Koushik Sen
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 July 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Dynamic tainting
  2. input generation

Qualifiers

  • Short-paper

Conference

ISSTA '17
Sponsor:

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)1
Reflects downloads up to 09 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2019)Automatic Test Data Generation for a Given Set of Applications Using Recurrent Neural NetworksSoftware Technologies10.1007/978-3-030-29157-0_14(307-326)Online publication date: 13-Aug-2019

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media