On 10/09/16 19:24, Reinout Heeck wrote: > >> Abstract: >> >> We present a new symbolic execution tool, KLEE, capable of automatically >> generating tests that achieve high coverage on a diverse set of complex and >> environmentally-intensive programs. We used KLEE to thoroughly check all 89 >> stand-alone programs in the GNU COREUTILS utility suite, which form the core >> user-level environment installed on millions of Unix systems, and arguably >> are the single most heavily tested set of open-source programs in existence. >> KLEE-generated tests achieve high line coverage ā on average over 90% per >> tool (median: over 94%) ā and significantly beat the coverage of the >> developers' own hand-written test suites. When we did the same for 75 >> equivalent tools in the BUSYBOX embedded system suite, results were even >> better, including 100% coverage on 31 of them. We also used KLEE as a bug >> finding tool, applying it to 452 applications (over 430K total lines of >> code), where it found 56 serious bugs, including three in COREUTILS that had >> been missed for over 15 years. Finally, we used KLEE to cross-check >> purportedly identical BUSY-BOX and COREUTILS utilities, finding functional >> correctness errors and a myriad of inconsistencies. > Iām sure more recent work can be found by now, KLEE just happens to have > stuck in my memory :-) >
Sounds like fuzzing to me! State of the art there would probably be American Fuzzy Lop (AFL). http://lcamtuf.coredump.cx/afl/ Regards, Frank _______________________________________________ Fonc mailing list Fonc@mailman.vpri.org http://mailman.vpri.org/mailman/listinfo/fonc_mailman.vpri.org
