Efficient Binary-Level Coverage Analysis (ESEC/FSE 2020 - Research Papers)

Who

M. Ammar Ben Khadra, Dominik Stoffel, Wolfgang Kunz

Track

ESEC/FSE 2020 Research Papers

Time Zone

The program is currently displayed in (UTC) Coordinated Universal Time.

Use conference time zone: (UTC) Coordinated Universal TimeSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 13 Nov 2020 08:07 - 08:08 at Virtual room 1 - Testing 3

Abstract

Code coverage analysis plays an important role in the software testing process. More recently, the remarkable effectiveness of coverage feedback has triggered a broad interest in feedback-guided fuzzing. In this work, we introduce bcov, a tool for binary-level coverage analysis. Our tool statically instruments x86-64 binaries in the ELF format without compiler support. We implement several techniques to improve efficiency and scale to large real-world software. First, we bring Agrawal’s probe pruning technique to binary-level instrumentation and effectively leverage its superblocks to reduce overhead. Second, we introduce sliced microexecution, a robust technique for jump table analysis which improves CFG precision and enables us to instrument jump table entries. Additionally, smaller instructions in x86-64 pose a challenge for inserting detours. To address this challenge, we aggressively exploit padding bytes and systematically host detours in neighboring basic blocks.

We evaluate bcov on a corpus of 95 binaries compiled from eight popular and well-tested packages like FFmpeg and LLVM. Two instrumentation policies, with different edge-level precision, are used to patch all functions in this corpus - over 1.6 million functions. Our precise policy has average performance and memory overheads of 14% and 22% respectively. Instrumented binaries do not introduce any test regressions. The reported coverage is highly accurate with an average F-score of 99.86%. Finally, our jump table analysis is comparable to that of IDA Pro on gcc binaries and outperforms it on clang binaries.

Link to Preprint

https://arxiv.org/pdf/2004.14191.pdf

DOI

https://doi.org/10.1145/3368089.3409694

M. Ammar Ben Khadra

TU Kaiserslautern, Germany

Dominik Stoffel

TU Kaiserslautern, Germany

Wolfgang Kunz

TU Kaiserslautern, Germany

Efficient Binary-Level Coverage Analysis (Video Talk)

Efficient Binary-Level Coverage Analysis (Slide Deck)

Time Zone

The program is currently displayed in (UTC) Coordinated Universal Time.

Use conference time zone: (UTC) Coordinated Universal TimeSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Fri 13 Nov
Times are displayed in time zone: (UTC) Coordinated Universal Time change

	08:00 - 08:30: Testing 3Paper Presentations / Journal First / Research Papers at Virtual room 1

	08:00 - 08:02 Talk		Baital: An Adaptive Weighted Sampling Approach for Improved t-wise Coverage Research Papers Eduard BaranovUniversité Catholique de Louvain, Belgium, Axel LegayUniversité Catholique de Louvain, Belgium, Kuldeep S. MeelNational University of Singapore, Singapore DOI
	08:03 - 08:04 Research paper		Cost Measures Matter for Mutation Testing Study Validity Research Papers Giovani GuizzoUniversity College London, UK, Federica SarroUniversity College London, UK, Mark HarmanUniversity College London, UK DOI Pre-print
	08:05 - 08:06 Talk		Developing and Evaluating Objective Termination Criteria for Random Testing Journal First Porfirio TramontanaDepartment of Electrical Engineering and Information Technologies, University of Naples Federico II, Italy, Domenico AmalfitanoUniversity of Naples Federico II, Nicola AmatucciDepartment of Civil, Architectural and Environmental Engineering, University of Naples Federico II, Italy, Atif MemonApple Inc., Anna Rita FasolinoFederico II University of Naples
	08:07 - 08:08 Talk		Efficient Binary-Level Coverage Analysis Research Papers M. Ammar Ben KhadraTU Kaiserslautern, Germany, Dominik StoffelTU Kaiserslautern, Germany, Wolfgang KunzTU Kaiserslautern, Germany DOI Pre-print Media Attached
	08:09 - 08:10 Talk		Efficiently Finding Higher-Order Mutants Research Papers Chu-Pan WongCarnegie Mellon University, USA, Jens MeinickeCarnegie Mellon University, USA, Leo ChenCarnegie Mellon University, USA, João P. DinizFederal University of Minas Gerais, Brazil, Christian KästnerCarnegie Mellon University, USA, Eduardo FigueiredoFederal University of Minas Gerais, Brazil DOI
	08:11 - 08:12 Talk		Selecting Fault Revealing Mutants Journal First Thierry Titcheu ChekamUniversity of Luxembourg (SnT), Mike PapadakisUniversity of Luxembourg, Luxembourg, Tegawendé F. BissyandéUniversity of Luxembourg, Luxembourg, Yves Le TraonUniversity of Luxembourg, Luxembourg, Koushik SenUniversity of California at Berkeley
	08:13 - 08:30 Talk		Conversations on Testing 3 Paper Presentations Chu-Pan WongCarnegie Mellon University, USA, Eduard BaranovUniversité Catholique de Louvain, Belgium, Giovani GuizzoUniversity College London, UK, M. Ammar Ben KhadraTU Kaiserslautern, Germany, Porfirio TramontanaDepartment of Electrical Engineering and Information Technologies, University of Naples Federico II, Italy, Thierry Titcheu ChekamUniversity of Luxembourg (SnT), M: Marcel BöhmeMonash University, Australia