An empirical investigation into path divergences for concolic execution using CREST

摘要

Recently, concolic execution has become a hotspot in the domain of software testing and program analysis. However, a practical challenge, called path divergence, impairs the soundness and completeness of concolic execution. A path divergence indicates the tested program runs an unpredicted path. In this work, we carry out a comprehensive empirical study on path divergences using an open‐source concolic execution tool, named CREST. To make the investigation representative, we select 120 test units randomly from 21 different open‐source programs. The results are interesting, and will provide insight to solve the challenging path‐divergence problem. First, about one‐half of test units suffer from path divergences, indicating path divergences are so prevalent that the issue is worthy of great attention. Second, quite a number of generated test inputs drive test units to take divergent paths. This means testers need considerable effort to eliminate the misleading test inputs before aggregating them to a test suite. Third, we dig out ten divergent patterns through manual analysis of each path divergence. Among them, the three most prevalent ones, which are exceptions, external calls, and type casts, lead to almost 82% of path divergences. Finally, we discuss several countermeasures to overcome path divergences. Copyright ? 2015 John Wiley & Sons, Ltd. Comprehensive empirical study is carried out on path divergences. One hundred twenty test units, which are randomly selected from 21 different open‐source programs, are tested concolically by CREST. The prevalence of the issue and the ratio of misleading test inputs are calculated. Ten divergent patterns are revealed by hand. Suggestions for battling against path divergences are also provided.