No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
SeongjoonHong
Latest commit 8fd242e Oct 15, 2018
Permalink
Failed to load latest commit information.
benchmarks modify clean script Dec 7, 2017
bin minor Feb 6, 2018
cil initial commit Nov 8, 2017
include initial commit Nov 8, 2017
lib initial commit Nov 8, 2017
scripts minor Feb 6, 2018
src ignore warning on narrowing conversion: -Wno-narrowing Oct 15, 2018
LICENSE initial commit Nov 8, 2017
README.md minor Feb 8, 2018

README.md

ParaDySE

ParaDySE (Parametric Dynamic Symbolic Execution) is a tool that automatically generates search heuristics for concolic testing. The tool is implemented on top of CREST, a publicly available concolic testing tool for C.

Install ParaDySE.

You need to install Ubuntu 16.04.3(64 bit). Then follow the steps:

$ sudo apt-get install ocaml #(if not installed) 
$ git clone https://github.com/kupl/ParaDySE.git 
$ cd ParaDySE/cil
$ ./configure
$ make
$ cd ../src
$ make

Run a benchmark.

Please read README_ParaDySE file located in each benchmark directory. In README_ParaDySE file, we explain how to compile each benchmark and run ParaDySE. For instance, we can compile grep-2.2 and run ParaDySE as follows:

$ cd ~/ParaDySE/benchmarks/grep-2.2 
# vi README_ParaDySE
$ ./configure
$ cd src
$ make
$ ../../../bin/run_crest './grep aaaaaaaaaa /dev/null' grep.input log 4000 -param grep.w

Each argument of the last command means:

  • './grep aaaaaaaaaa /dev/null' : a subject program under test.
  • grep.input : an initial input.
  • log : a file which stores the result of testing.
  • 4000 : the number of executions of the program.
  • -param : search heuristic (e.g., -dfs, -cfg, -random, -cgs, -generational)

In particular, our heuristic (param) additionally takes the parameter (e.g., gawk.w) as argument which is a 40-dimensional vector of real numbers. Note that the implementation of CGS(Context-Guided Search) and Generational search came from the author of FSE'14 paper.

If you want to run another benchmark (e.g., sed-1.17), read the README_ParaDySE file in the directory:

$ cd ParaDySE/benchmarks/sed-1.17 
$ vi README_ParaDySE

Automatically generate a search heuristic.

The script for automatically generating a search heuristic is run on an instrumented program. For instance, we can generate a search heuristic for tree-1.6.0 as follows:

$ screen 
# Initially, each benchmark should be compiled with ParaDySE:
$ cd ParaDySE/benchmarks/tree-1.6.0
$ make
# Run a script
$ cd ~/ParaDySE/scripts
$ python fullauto.py pgm_config/tree.json 1000 20 

Each argument of the last command means:

  • pgm_config/tree.json : a json file to describe the benchmark.
  • 1000 : the number of parameters to evaluate in Find Phase
  • 20 : the number of cpu cores to use in parallel

If the script successfully ends, you can see the following command:

#############################################
Successfully Generate a Search Heuristic!!!!!
#############################################

Then, you can find the generated search heuristic (i.e. parameter values) as follows:

$ cd ~/ParaDySE/experiments/1tree-1.6.0__all__logs
$ vi best.w # (Automatically Generated Search Heuristic)

You can run tree-1.6.0 with the generated heuristic as follows:

$ cd ~/ParaDySE/experiments/1tree-1.6.0__all__logs
$ cp best.w ~/ParaDySE/benchmarks/tree-1.6.0/best.w 
$ cd ~/ParaDySE/benchmarks/tree-1.6.0 
$ ../../bin/run_crest './tree aaaaaaaaaa aaaaaaaaaa' tree.input log 4000 -param best.w

we run ParaDySE on a linux machine with two Intel Xeon Processor E5-2630 and 192GB RAM. Time for obtaining the search heuristic for tree-1.6.0 is approximately 3 hours.