S-Looper: Automatic summarization for multipath string loops

Xiaofei Xie, Yang Liu, Wei Le, Xiaohong Li, Hongxu Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

26 Citations (Scopus)

Abstract

Loops are important yet most challenging program constructs to analyze for various program analysis tasks. Existing loop analysis techniques mainly handle well loops that contain only integer variables with a single path in the loop body. The key challenge in summarizing a multiple-path loop is that a loop traversal can yield a large number of possibilities due to the different execution orders of these paths located in the loop; when a loop contains a conditional branch related to string content, we potentially need to track every character in the string for loop summarization, which is expensive. In this paper, we propose an approach, named S-Looper, to automatically summarize a type of loops related to a string traversal. This type of loops can contain multiple paths, and the branch conditions in the loop can be related to string content. Our approach is to identify patterns of the string based on the branch conditions along each path in the loop. Based on such patterns, we then generate a loop summary that describes the path conditions of a loop traversal as well as the symbolic values of each variable at the exit of a loop. Combined with vulnerability conditions, we are thus able to generate test inputs that traverse a loop in a specific way and lead to exploitation. Our experiments show that handling such string loops can largely improve the buffer overflow detection capabilities of the existing symbolic analysis tool. We also compared our techniques with KLEE and PEX, and show that we can generate test inputs more effectively and efficiently.

Original languageEnglish
Title of host publication2015 International Symposium on Software Testing and Analysis, ISSTA 2015 - Proceedings
PublisherAssociation for Computing Machinery, Inc
Pages188-198
Number of pages11
ISBN (Electronic)9781450336208
DOIs
Publication statusPublished - Jul 13 2015
Externally publishedYes
Event24th International Symposium on Software Testing and Analysis, ISSTA 2015 - Baltimore, United States
Duration: Jul 13 2015Jul 17 2015

Publication series

Name2015 International Symposium on Software Testing and Analysis, ISSTA 2015 - Proceedings

Conference

Conference24th International Symposium on Software Testing and Analysis, ISSTA 2015
Country/TerritoryUnited States
CityBaltimore
Period7/13/157/17/15

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint

Dive into the research topics of 'S-Looper: Automatic summarization for multipath string loops'. Together they form a unique fingerprint.

Cite this