Title: Industrial Application of Concolic Testing to Detect Crash Bugs: A Case Study on libexif
Speaker: 김 문주 (Moonzoo Kim)
Date: 2013.07.03 4:00 pm
Location: 과학 도서관 (Science Library), 614A lecture room, Korea University
Bio:
Moonzoo Kim is an associate professor in the department of computer science
at KAIST. He received his Ph.D. degree on runtime verification system at
Univ. of Pennsylvania in 2001. After working as a researcher at Samsung
SECUi.COM and POSTECH, he joined the faculty of KAIST in 2006. He focuses
on automated software testing and debugging techniques through model
checking, symbolic execution, and concurrent program analysis. In addition,
he has closely collaborated with Samsung Electronics since 2006 to apply
advanced testing techniques to commercial flash memory and smartphone
platforms. He has served research communities actively as program co-
chairs (ATVA 2008, VALID 2009), an invited speaker (ATVA 2011), and PC
members (ICSE 2014, ASE tool track 2013, etc).
Home page: http://pswlab.kaist.ac.kr/~moonzoo
Abstract:
As smartphones become popular, manufacturers such as Samsung Electronics
are developing smartphones with rich functionality such as a camera and
photo editing quickly, which accelerates the adoption of open source
applications. However, industrial developers often do not know the detail
of open source applications and it is a challenging problem to test open
source applications effectively and quickly.
This talk shares our experience of applying concolic testing (a.k.a.,
dynamic symbolic execution, white-box fuzzing) as an automated test case
generation technique to test libexif, which is an open source library to
manipulate EXIF information in image files. In this case study, we detected
a memory access bug, a null pointer dereference bug, and four divide-by-
zero bugs, which are reported to CVE. Furthermore, we compare the concolic
testing results with the analysis result of a commercial static analyzer,
which failed to detect none of these bugs.