do not address the problem of the oracle. Conceptual ... combination of concolic execution and static analysis implementation of the tool ... certification of third-party software .... Recent approach for programs : PathCrawler, Dart, Cute, Exe.
Structural Testing of Executables Motivations Machine code The Osmose Tool Test data generation
S´ebastien Bardin
Philippe Herrmann
CEA-LIST, Software Reliability Lab.
Bit-vector solver IR recovery Experiments Related work Conclusion
S.Bardin, P.Herrmann
Structural Testing of Executables
1/ 29
Overview Structural testing at the machine code level automatic test data generation goal: structural coverage or bug finding do not address the problem of the oracle Motivations
Conceptual framework: symbolic/concolic execution
Machine code The Osmose Tool Test data generation Bit-vector solver IR recovery Experiments
Three main contributions show how to adapt existing techniques to machine code combination of concolic execution and static analysis implementation of the tool Osmose
Related work Conclusion
Limitations no floating-point numbers, no interruptions
S.Bardin, P.Herrmann
Structural Testing of Executables
2/ 29
Why binary-level analysis? No source code available Components Off the Shelf (COTS) legacy code mobile code, malware certification of third-party software Motivations Machine code
Low confidence in the compiling process
The Osmose Tool Test data generation Bit-vector solver IR recovery
compilers may contain bugs optimisations preserve (?) correctness, what about security? What You See Is Not What You eXecute
Experiments Related work Conclusion
High precision of the analysis quality of service (QoS): wcet, maximal stack height, etc. security
S.Bardin, P.Herrmann
Structural Testing of Executables
3/ 29
Outline
Motivations About machine code The Osmose tool Motivations Machine code The Osmose Tool
Test data generation Bit-level constraint solving
Test data generation
IR recovery
Bit-vector solver
Experiments
IR recovery
Related work
Experiments
Conclusion
Related work Conclusion
S.Bardin, P.Herrmann
Structural Testing of Executables
4/ 29
Outline
Motivations About machine code The Osmose tool Motivations Machine code The Osmose Tool
Test data generation Bit-level constraint solving
Test data generation
IR recovery
Bit-vector solver
Experiments
IR recovery
Related work
Experiments
Conclusion
Related work Conclusion
S.Bardin, P.Herrmann
Structural Testing of Executables
4/ 29
About machine code The machine code is interpreted: 1. PC is the entry-point 2. decode instr at address PC 3. execute instr, update PC Motivations
4. goto 2
Machine code The Osmose Tool Test data generation Bit-vector solver IR recovery Experiments Related work Conclusion
appeared in Sport Aviation many times in the ... not supplying all answers to all questions, will nevertheless tell the builder a great deal about the strength .... built in such a way that in an extreme ... what "load factor" he designed his aircraf
writings and aircraft designs have appeared in Sport ... his classified ad in this issue under ... people, Alex says that load testing ... all the way up to the breaking point ... What would you say about a chair .... constant throughout the cross-se
complex wing testing project, a great deal can be accomplished with very ... (French Cricket) and 3(b) the compos- ite (wood?) solution. Wings of this kind should ...
the compiling process cannot be trusted or when the increase of precision is essential. It is quite .... solution (implemented in OSMOSE) is to let the user specify ...
KEY WORDS: machine code analysis ; automatic testing ; IR recovery ..... form: opcode arg1 arg2 ... argn, where opcode is the encoding of a basic command of the ...... three translation modules), 3.5 kloc of ECLIPSE and 1.5 kloc of glue in C.
Maneuvering load factors are arbitrary for different classes of airplanes. 3.8 "G's" are usually sufficient to demonstrate structural integrity of airplanes which are.
complex wing testing project, a great deal can be accomplished with very ... (French Cricket) and 3(b) the compos- ite (wood?) solution. Wings of this kind should ...
By John W. Thorp. The ever increasing amount of structural .... 3. Cress sections of propellers. Control SurfacesâWood, steel tube am* metal. 1. Ailerons; 2.
This is indeed a remark- able feat ... Beach in Santa Monica and I had very fond memories of those days. A friend, ... like aluminum, do not have a yield point.
(loc1, true) -â (loc3, true). Example 4 (Non-interference) Last, we present a more de- ..... 3rd ed. Wiley, 2011. [2] A. P. Mathur, Foundations of Software Testing.
Nicky Williams. CEA LIST, Software Reliability Laboratory ... Email: [email protected] ..... addresses that can change with each execution; they cannot.
PathCrawler-online structural testing tool, the user must pro- vide not only the full source code, but also must set the test parameters and program the oracle.
War II he was back on active duty with the Navy and was assigned to the Naval ... the war he formed his own company and spent 23 years developing his ... Why structural test a homebuilt? To ascertain if it is .... Even a cold day when cables ...
Testing with a wrong (incomplete or too strong) precondition, or without a precondition .... for download and require installation on the user's platform. In the domain ... Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. I
We have always done a lot of testing at RotorWay. ... zen. Because of RotorWay's decision the Scorpion is a much improved craft today over what it was 5 years ...
... and B1 are (2Ã2) parameter matrices and C0 is an upper triangular matrix. ..... Financial Markets,'' Journal of International Money and Finance, 16, 561-579.
CEA, LIST, Software Reliability Laboratory, PC 174, 91191 Gif-sur-Yvette, France ... programs, and discusses various issues encountered in our .... Cryptography: use of protected channels (such as https) ... Finally, PathCrawler-online deactivates ne
Nov 26, 2002 - repeats of Drosophila melanogaster rRNA genes function as · X-Y pairing sites in ... intergenic spacers of ribosomal DNA in Drosophila mela-.
Received21 July 2004; accepted 10 March 2005. Abstract .... The works about these processings have been published in [2] ... build different graph types according to the recognition problem (with the inclusion links, and the neighboring.
Nov 26, 2002 - phoresis, chemical and enzymatic probing, and direct im- aging using .... Figure 4 shows the result of an experiment where hcDNA was probed with .... imply that all the bands share the same basic structure, es- pecially in ...
