Download as PDF, PPTX
![Symbolic Execution
PC: {True} [x1 = i1]](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-7-320.jpg)
![Symbolic Execution
PC: {True} [x1 = i1, y1 = i2]](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-8-320.jpg)
![Symbolic Execution
PC: { x1 > 80 ?} [x1 = i1, y1 = i2]](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-9-320.jpg)
![Symbolic Execution
PC: { x1 > 80} [x2 = y1 * 2, y1 = i2]](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-10-320.jpg)
![Symbolic Execution
PC: { x1 > 80} [x2 = y1 * 2, y2 = 0]](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-11-320.jpg)
![Symbolic Execution
PC: { x1 > 80 ∧ x2 == 256 ?} [x2 = y1 * 2, y2 = 0]](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-12-320.jpg)
![Symbolic Execution
PC: { x1 > 80 ∧ x2 == 256} [x2 = y1 * 2, y2 = 0]
(x1 > 80) ∧ (x2 == 256)](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-13-320.jpg)
![Symbolic Execution
PC: { x1 <= 80} [x1 = i1, y1 = i2]](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-14-320.jpg)
![Symbolic Execution
PC: { x1 <= 80} [x2 = 0, y1 = i2]](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-15-320.jpg)
![Symbolic Execution
PC: { x1 <= 80} [x2 = 0, y2 = 0]](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-16-320.jpg)
![Symbolic Execution
PC: { (x1 <= 80) ∨ ((x1 > 80) ∧ (x2 != 256)) }
[ (x2 = 0, y2 = 0) ∨ (x2 = y1 * 2, y2 = 0) ]](https://image.slidesharecdn.com/monsterz-180120203702/85/slide-17-320.jpg)
Uploaded byDongsam Byun
화이트박스 테스팅
This document provides an overview of symbolic execution and concolic testing techniques. It introduces the author and their background. It then discusses black-box versus white-box testing approaches. Several symbolic execution and concolic testing tools are described, including CUTE, KLEE, CREST, CREST-BV, Mayhem, BitBlaze, BuzzFuzz, and AEG. Finally, it briefly mentions code reuse and clone detection techniques.
화이트박스 테스팅
- 1.
- 2. Who am I •@dongsamb •BoB 1st •SW Maestro 4th •Korea Univ. M.S./Ph.D Integrated Course Student
- 3. Black-box Testing vsWhite-box Testing
- 4.
- 6.
- 7. Symbolic Execution PC: {True}[x1 = i1]
- 8. Symbolic Execution PC: {True}[x1 = i1, y1 = i2]
- 9. Symbolic Execution PC: {x1 > 80 ?} [x1 = i1, y1 = i2]
- 10. Symbolic Execution PC: {x1 > 80} [x2 = y1 * 2, y1 = i2]
- 11. Symbolic Execution PC: {x1 > 80} [x2 = y1 * 2, y2 = 0]
- 12. Symbolic Execution PC: {x1 > 80 ∧ x2 == 256 ?} [x2 = y1 * 2, y2 = 0]
- 13. Symbolic Execution PC: {x1 > 80 ∧ x2 == 256} [x2 = y1 * 2, y2 = 0] (x1 > 80) ∧ (x2 == 256)
- 14. Symbolic Execution PC: {x1 <= 80} [x1 = i1, y1 = i2]
- 15. Symbolic Execution PC: {x1 <= 80} [x2 = 0, y1 = i2]
- 16. Symbolic Execution PC: {x1 <= 80} [x2 = 0, y2 = 0]
- 17. Symbolic Execution PC: {(x1 <= 80) ∨ ((x1 > 80) ∧ (x2 != 256)) } [ (x2 = 0, y2 = 0) ∨ (x2 = y1 * 2, y2 = 0) ]
- 18. •CUTE ( 2005) •CONCrete + symbOLIC •dynamic symbolic execution • (Feasible) , - , , • , Concolic Testing
- 19. •KLEE ( Stanford,2008 ) •LLVM •Constraint Solver Concolic Testing
- 20. •CREST (Heuristics forDynamic Test Generation,2008) •Yices2 •Z3 - Microsoft Concolic Testing + SMT Solver
- 21. CREST-BV (2013, KAIST) ConcolicTesting + SMT Solver
- 23. Concolic + @ Mayhem(2012, CMU)
- 24. •BitBlaze(2008, UC Berkeley) •BuzzFuzz(2009,MIT) •AEG:Automatic Exploit Generation(2011, CMU) •Enhancing Symbolic Execution with Veritesting(2014, CMU) Concolic + @
- 25.
- 26.
- 28. •Metadata analysis •Static sourcecode analysis •Source code differencing and analysis Software metrics •Visualization •Clone detection •Frequent-pattern mining •Social network analysis Code reuse ( code clone)
- 29.
- 30.
- 31.
- 32.
- 36.