Symbolic Execution of Network Software Based on Unit Testing

Abstract

Complex interactions and the distributed nature of network software make automated testing and debugging before deployment a necessity. Symbolic execution is a systematic program analysis technique that has become increasingly popular in network software testing, due to algorithmic advances and availability of computational power and constraint solving technology. However, A main challenge is to detect determining symbolic values for program variables related to library, loops and cryptograph algorithms which are widely used in network software. In this paper, we propose a unit symbolic analysis, a hybrid technique that enables fully automatic symbolic analysis even for the traditionally challenging code. The novelties of this work are threefold: 1) we flexibly employs static symbolic execution to amplify the effect of dynamic symbolic execution on demand, 2) dynamic executions and regression analysis are performed on the unit tests constructed from the code segments to infer program semantics needed by static analysis, and 3) symbolic analysis is utilized to tackle loop structure and cryptograph algorithm module. We developed the Net Sym framework, consisting of a static component that performs symbolic analysis and partitions a program, a dynamic analysis that synthesizes unit tests and automatically infers symbolic values for program variables, and a protocol that enables static and dynamic analyses to be run interactively and concurrently. Our experimental results show that by handling cryptograph algorithms, loops and library calls that a traditional symbolic analysis cannot process, unit symbolic analysis detects more vulnerabilities in less time. The technique is scalable for real-world programs such as GHttpd, SQL Server and GDI.