Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Dynamic Compilers for Software Testing Ben Breech Lori Pollock John Cavazos.

Published byAbner McDowell Modified over 9 years ago

Similar presentations

Presentation on theme: "Using Dynamic Compilers for Software Testing Ben Breech Lori Pollock John Cavazos."— Presentation transcript:

1 Using Dynamic Compilers for Software Testing Ben Breech Lori Pollock John Cavazos

2 Background: Static Compilers source code Lexical, syntactic, Semantic analysis Inter. Rep. (basic blocks) Static Analysis Optimization Code generation Executable Code Static Compiler

3 Background: Software Testing  Assesses quality of software Correctness, performance, security Correctness, performance, security  Most testing performed by executing code Executable Code Test Input Execute Program Results Expected Results Check Results (oracle)

4 Motivating Example if ((sptr = malloc (size + 1)) == NULL) { findmem (); findmem (); if ((sptr = malloc (size + 1)) == NULL) xlfail (“insufficient string space”); } How do I test this callsite?  Make the machine run out of memory?  Flip the conditional, recompile, flip back?  Pretend it doesn’t exist during testing?

5 Generalizing the Problem  Code to handle uncommon situations Difficult to test Difficult to test May need external environment event to trigger May need external environment event to trigger  Examples: Error handling code Error handling code Testing program security mechanisms Testing program security mechanisms

6 Observation  Hard to reach code executes when program thinks something uncommon has occurred if ((sptr = malloc (size + 1)) == NULL) { findmem (); findmem (); xlfail (“insufficient string space”); } if ((sptr = malloc (size + 1)) == NULL)  Could test findmem() by simulating error E.g., could add instructions to program so program believes malloc failed E.g., could add instructions to program so program believes malloc failed

7 RUGRAT Approach Use Dynamic Compilers to generate test cases for hard to reach code. Automatically add instructions to program during execution to simulate uncommon situation.

8 Dynamic Compilers  Dynamic compilers perform compilation tasks during program execution code Analysis & optimization Create basic block translate Basic block Mod. Basic block Execute on CPU Dynamic Compiler

9 RUGRAT Architecture code Analysis & optimization Create basic block translate Basic block Mod. Basic block Execute on CPU Dynamic Compiler Create basic block Dynatest Generator Test spec Test Oracle Test Report

10 Dynatest Generator  Decides when/where/how to add test Decision based on test specification Decision based on test specification  Test spec examples “test all mallocs in program” “test all mallocs in program” “test 2nd malloc call in function foo” “test 2nd malloc call in function foo”

11 Example if ((sptr = malloc (size + 1)) == NULL) { findmem (); findmem (); xlfail (“insufficient string space”); } if ((sptr = malloc (size + 1)) == NULL) call malloc (code for malloc) movl sptr cmpl sptr, 0 jnz L1 call findmem …. L1: … Dynatest Generator call malloc (code for malloc) movl 0, movl ENOMEM, errno movl sptr cmpl sptr, 0 jnz L1 call findmem …. L1: …

12 Good Times, Bad Times The Bad:  Not a perfect simulation The Good:  Adequate simulation  Can target system or appl calls  Saves quite a lot of tester effort

13 Security Mechanism Testing: Encrypting Function Pointers  Protects progs against func pointer attacks  Difficult to test (need vulnerable program and attack)  RUGRAT can simulate attack by adding instructions Very different from error handling code case Very different from error handling code case RUGRAT can be used for variety of testing tasks.

14 Experiments Summary  Tested variety programs with RUGRAT  120+ error code handling callsites covered Both application and system calls Both application and system calls  Increased error code coverage ~ 50% over regular test cases Not all error code statements could be covered Not all error code statements could be covered Different options, etcDifferent options, etc  Reasonable time overhead

15 Some related work  Holodeck [1], FIG [2] Require tester provide alternative “stub” functions to do testing Require tester provide alternative “stub” functions to do testing Miss application calls Miss application calls  Dynamic branch switching [3] Not originally intended for testing error code Not originally intended for testing error code Need to know which branch to change Need to know which branch to change Far less accurate simulation Far less accurate simulation [1] Thompson et al., SAC 2002 [2] Broadwell et al., SHAMAN 2002 [3] Zhang et al., ICSE 2006

16 Conclusions and Summary  Presented RUGRAT architecture Can test hard to reach (and seldom tested) code by using dynamic compilers Can test hard to reach (and seldom tested) code by using dynamic compilers Saves tester effort Saves tester effort  RUGRAT is a general tool

17 RUGRAT Architecture code Basic block Mod. Basic block Execute on CPU Dynamic Compiler Create basic block Dynatest Generator Test spec Test Oracle Test Report

Download ppt "Using Dynamic Compilers for Software Testing Ben Breech Lori Pollock John Cavazos."

Similar presentations

Automating Software Module Testing for FAA Certification Usha Santhanam The Boeing Company.

Automating Software Module Testing for FAA Certification Usha Santhanam The Boeing Company.
GCSE Computing Lesson 5.

GCSE Computing Lesson 5.
CS 11 C track: lecture 7 Last week: structs, typedef, linked lists This week: hash tables more on the C preprocessor extern const.

CS 11 C track: lecture 7 Last week: structs, typedef, linked lists This week: hash tables more on the C preprocessor extern const.
Chapter 15 Debugging. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15-2 Debugging with High Level Languages.

Chapter 15 Debugging. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Debugging with High Level Languages.
Memory Protection: Kernel and User Address Spaces  Background  Address binding  How memory protection is achieved.

Memory Protection: Kernel and User Address Spaces  Background  Address binding  How memory protection is achieved.
Overcoming an UNTRUSTED COMPUTING BASE: Detecting and Removing Malicious Hardware Automatically Matthew Hicks Murph Finnicum Samuel T. King University.

Overcoming an UNTRUSTED COMPUTING BASE: Detecting and Removing Malicious Hardware Automatically Matthew Hicks Murph Finnicum Samuel T. King University.
Anshul Kumar, CSE IITD CSL718 : VLIW - Software Driven ILP Hardware Support for Exposing ILP at Compile Time 3rd Apr, 2006.

Anshul Kumar, CSE IITD CSL718 : VLIW - Software Driven ILP Hardware Support for Exposing ILP at Compile Time 3rd Apr, 2006.
Autonomic Systems Justin Moles, Winter 2006 Enabling autonomic behavior in systems software with hot swapping Paper by: J. Appavoo, et al. Presentation.

Autonomic Systems Justin Moles, Winter 2006 Enabling autonomic behavior in systems software with hot swapping Paper by: J. Appavoo, et al. Presentation.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.

David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.
Countering Trusting Trust with Diverse Double-Compiling (by David A Wheeler) Dan Frohlich.

Countering Trusting Trust with Diverse Double-Compiling (by David A Wheeler) Dan Frohlich.
Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.

Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.
Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.

Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.
1 Integrating Influence Mechanisms into Impact Analysis for Increased Precision Ben Breech Lori Pollock Mike Tegtmeyer University of Delaware Army Research.

1 Integrating Influence Mechanisms into Impact Analysis for Increased Precision Ben Breech Lori Pollock Mike Tegtmeyer University of Delaware Army Research.
A Comparison of Online and Dynamic Impact Analysis Algorithms Ben Breech Mike Tegtmeyer Lori Pollock University of Delaware.

A Comparison of Online and Dynamic Impact Analysis Algorithms Ben Breech Mike Tegtmeyer Lori Pollock University of Delaware.
RUGRAT: Runtime Test Case Generation using Dynamic Compilers Ben Breech NASA Goddard Space Flight Center Lori Pollock John Cavazos University of Delaware.

RUGRAT: Runtime Test Case Generation using Dynamic Compilers Ben Breech NASA Goddard Space Flight Center Lori Pollock John Cavazos University of Delaware.
Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware.

Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection S. Lu, P. Zhou, W. Liu, Y. Zhou, J. Torrellas University.

PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection S. Lu, P. Zhou, W. Liu, Y. Zhou, J. Torrellas University.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Similar presentations

Ads by Google