Paper Info
Title
Using Metamorphic Testing to Improve Dynamic Symbolic Execution
Abstract
Dynamic symbolic execution (DSE) is an approach for automatically generating test inputs from source code using constraint information. It is used in fuzzing: the execution of tests while monitoring for generic properties such as buffer overflows and other security violations. Limitations of DSE for fuzzing are two-fold: (1) only generic properties are checked: many deviations from specified behaviour are not found, and (2) many programs are not entirely amenable to DSE because they give rise to hard constraints, so that some parts of a program remain uncovered. In this paper, we discuss how to mitigate these problems using metamorphic testing (MT). Metamorphic testing uses domain-specific properties about program behaviour, relating pairs of inputs to pairs of outputs. From a given test suite, follow-up tests inputs are generated, and their outputs are compared to outputs from the original tests, using metamorphic relations. Our hypothesis is that using metamorphic testing increases the ability of a DSE test suite to find faults, and that the follow-up tests execute some previously-uncovered segments. We have experimented with seven small but non-trivial libraries, comparing DSE test suites with DSE+MT test suites, demonstrating that DSE+MT test suites improve coverage marginally, but find more faults.
Year
DOI
Venue
2015
10.1109/ASWEC.2015.16
ASWEC
Keywords
Field
DocType
automated test input generation,software testing,test suite effectiveness,dynamic symbolic execution,test oracle,metamorphic testing,metamorphic relation
Test suite,Fuzz testing,Computer science,Source code,Oracle,Software,Symbolic execution,Metamorphic testing,Computer engineering,Embedded system,Buffer overflow
Conference
ISSN
Citations 
PageRank 
1530-0803
1
0.37
References 
Authors
31
3
Name
Order
Citations
PageRank
Eman Alatawi161.82
Tim Miller2778.34
Harald Søndergaard385879.52