TY - GEN
T1 - Improving function coverage with munch
T2 - 33rd Annual ACM Symposium on Applied Computing, SAC 2018
AU - Ognawala, Saahil
AU - Hutzelmann, Thomas
AU - Psallida, Eirini
AU - Pretschner, Alexander
N1 - Publisher Copyright:
© 2018 ACM.
PY - 2018/4/9
Y1 - 2018/4/9
N2 - Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all paths in the program. Due to the path-explosion problem and dependence on SMT solvers, symbolic execution may also not achieve high path coverage. A hybrid technique involving fuzzing and symbolic execution may achieve better function coverage than fuzzing or symbolic execution alone. In this paper, we present Munch, an open-source framework implementing two hybrid techniques based on fuzzing and symbolic execution. We empirically show using nine large open-source programs that overall, Munch achieves higher (in-depth) function coverage than symbolic execution or fuzzing alone. Using metrics based on total analyses time and number of queries issued to the SMT solver, we also show that Munch is more efficient at achieving better function coverage.
AB - Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all paths in the program. Due to the path-explosion problem and dependence on SMT solvers, symbolic execution may also not achieve high path coverage. A hybrid technique involving fuzzing and symbolic execution may achieve better function coverage than fuzzing or symbolic execution alone. In this paper, we present Munch, an open-source framework implementing two hybrid techniques based on fuzzing and symbolic execution. We empirically show using nine large open-source programs that overall, Munch achieves higher (in-depth) function coverage than symbolic execution or fuzzing alone. Using metrics based on total analyses time and number of queries issued to the SMT solver, we also show that Munch is more efficient at achieving better function coverage.
KW - Compositional analysis
KW - Function coverage
KW - Fuzzing
KW - Software testing
KW - Symbolic execution
UR - http://www.scopus.com/inward/record.url?scp=85050514369&partnerID=8YFLogxK
U2 - 10.1145/3167132.3167289
DO - 10.1145/3167132.3167289
M3 - Conference contribution
AN - SCOPUS:85050514369
T3 - Proceedings of the ACM Symposium on Applied Computing
SP - 1475
EP - 1482
BT - Proceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC 2018
PB - Association for Computing Machinery
Y2 - 9 April 2018 through 13 April 2018
ER -