An Empirical Investigation into Path Divergences for Concolic Execution Using CREST.
Ting Chen,Xiaodong Lin,Jin Huang,Abel Bacchus,Xiaosong Zhang
DOI: https://doi.org/10.1002/sec.1290
IF: 1.968
2015-01-01
Security and Communication Networks
Abstract:Recently, concolic execution has become a hotspot in the domain of software testing and program analysis. However, a practical challenge, called path divergence, impairs the soundness and completeness of concolic execution. A path divergence indicates the tested program runs an unpredicted path. In this work, we carry out a comprehensive empirical study on path divergences using an open-source concolic execution tool, named CREST. To make the investigation representative, we select 120 test units randomly from 21 different open-source programs. The results are interesting, and will provide insight to solve the challenging path-divergence problem. First, about one-half of test units suffer frompath divergences, indicating path divergences are so prevalent that the issue isworthy of great attention. Second, quite a number of generated test inputs drive test units to take divergent paths. This means testers need considerable effort to eliminate the misleading test inputs before aggregating them to a test suite. Third, we dig out ten divergent patterns through manual analysis of each path divergence. Among them, the threemost prevalent ones, which are exceptions, external calls, and type casts, lead to almost 82% of path divergences. Finally, we discuss several countermeasures to overcome path divergences. Copyright (C) 2015 John Wiley & Sons, Ltd.