Ad hoc Test Generation Through Binary Rewriting

  title={Ad hoc Test Generation Through Binary Rewriting},
  author={Anthony Saieva and Shirish Kumar Singh and Gail E. Kaiser},
  journal={2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM)},
  • Anthony Saieva, S. Singh, G. Kaiser
  • Published 1 September 2020
  • Computer Science
  • 2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM)
When a security vulnerability or other critical bug is not detected by the developers’ test suite, and is discovered post-deployment, developers must quickly devise a new test that reproduces the buggy behavior. Then the developers need to test whether their candidate patch indeed fixes the bug, without breaking other functionality, while racing to deploy before attackers pounce on exposed user installations. This can be challenging when factors in a specific user environment triggered the bug… 
2 Citations

Production Monitoring to Improve Test Suites

Pankti, an approach which monitors applications as they execute in production and then automatically generates differential unit tests, as well as derived oracles, from the collected data, focuses on one single programming language, Java.



How do fixes become bugs?

A comprehensive characteristic study on incorrect bug-fixes from large operating system code bases including Linux, OpenSolaris, FreeBSD and also a mature commercial OS developed and evolved over the last 12 years, investigating not only themistake patterns during bug-fixing but also the possible human reasons in the development process when these incorrect bugs were introduced.

Shadow Symbolic Execution for Testing Software Patches

A symbolic execution-based technique that is designed to generate test inputs that cover the new program behaviours introduced by a patch and evaluated on the Coreutils patches from the CoREBench suite of regression bugs shows that it is able to generatetest inputs that exercise newly added behaviours and expose some of the regression bugs.

iFixR: bug report driven program repair

This work investigates a new repair pipeline, iFixR, driven by bug reports, where bug reports are fed to an IR-based fault localizer; patches are generated from fix patterns and validated via regression testing; and a prioritized list of generated patches is proposed to developers.

Feasibility of Mutable Replay for Automated Regression Testing of Security Updates

A new type of “mutable” deterministic execution replay is considered, which would allow us to run the software before and after the patch and to compare the behavior of the two versions in a manner that tolerates legitimate differences that arise from security patches.

Replay without Recording of Production Bugs for Service Oriented Applications

Parikshan is an application monitoring framework that leverages user-space virtualization and network proxy technologies to provide a sandbox “debug” environment that allows developers to attach debuggers and analysis tools without impacting performance or correctness of the production environment.

KATCH: high-coverage testing of software patches

The results show that KATCH can automatically synthesise inputs that significantly increase the patch coverage achieved by the existing manual test suites, and find bugs at the moment they are introduced.

Efficient online validation with delta execution

Delta execution can allow administrators to use on-line validation to confidently ensure the correctness of the changes they apply, allowing them to effectively validate changes.

Engineering Record and Replay for Deployability

The ability to record and replay program executions with low overhead enables many applications, such as reverse-execution debugging, debugging of hard-toreproduce test failures, and “black box”

Engineering Record And Replay For Deployability: Extended Technical Report

The design and implementation of 'rr', which forms the basis of an open-source reverse-execution debugger seeing significant use in practice, are presented, and constraints on hardware and operating system design required are identified.

Target-driven compositional concolic testing with function summary refinement for effective bug detection

A focused compositional concolic testing technique for effective bug detection, FOCAL, which showed high system-level bug detection ability by detecting 71 out of the 100 real-world target bugs in the SIR benchmark, while other relevant cutting edge techniques detected at most 40 bugs.