[연구] [차수영 교수] 소프트웨어분석 연구실, FSE 2024 논문 게재 승인
- 소프트웨어학과
- 조회수2538
- 2024-04-17
소프트웨어 분석 연구실 (지도교수: 차수영)의 윤재한 학생 (석사과정)의 논문이 소프트웨어공학 분야 최우수 학회 (IF=4)인 FSE 2024 (ACM International Conference on the Foundations of Software Engineering)에 게재 승인(Accept) 되었습니다. 해당 논문은 2024년 7월에 브라질 Porto de Galinhas에서 발표될 예정입니다.
본 논문 "FeatMaker: Automated Feature Engineering for Search Strategy of Symbolic Execution"에서 탐색전략(Search strategy)은 테스팅을 수행하는 동안 오류 검출을 위해 우선적으로 탐험할 프로그램 상태(Program state)를 선택하는 기술이다. 기존 탐색전략들은 탐험할 프로그램 상태들을 구분하기 위해 각자의 피처(feature)들을 수작업으로 고안하였지만, 이 손수 고안된 피처들은 테스팅 성능을 효과적으로 높이는데 실패하였다. 본 논문에서는 프로그램 상태를 기술하는 피처들을 자동으로 고안하여 테스팅의 효과성을 높이는 FeatMaker를 제안한다. 실험적으로, FeatMaker는 다수의 오픈소스-C 프로그램들에 대해 수작업으로 고안된 탐색 전략들보다 약 35% 많은 코드 영역을 커버했으며 기존 전략들은 검출하지 못한 6개의 오류를 찾을 수 있었다.
[논문 정보]
- - 제목: FeatMaker: Automated Feature Engineering for Search Strategy of Symbolic Execution
- - 저자: 윤재한, 차수영
- - 학회: ACM International Conference on the Foundations of Software Engineering (FSE 2024)
Abstract:
We present FeatMaker, a novel technique that automatically generates state features to enhance the search strategy of symbolic execution. Search strategies, designed to address the well-known state-explosion problem, prioritize which program states to explore. These strategies typically depend on a "state feature" that describes a specific property of program states, using this feature to score and rank them. Recently, search strategies employing multiple state features have shown superior performance over traditional strategies that use a single, generic feature. However, the process of designing these features remains largely manual. Moreover, manually crafting state features is both time-consuming and prone to yielding unsatisfactory results. The goal of this paper is to fully automate the process of generating state features for search strategies from scratch. The key idea is to leverage path-conditions, which are basic but vital information maintained by symbolic execution, as state features. A challenge arises when employing all path-conditions as state features, as it results in an excessive number of state features. To address this, we present a specialized algorithm that iteratively generates and refines state features based on data accumulated during symbolic execution. Experimental results on 15 open-source C programs show that FeatMaker significantly outperforms existing search strategies that rely on manually-designed features, both in terms of branch coverage and bug detection. Notably, FeatMaker achieved an average of 35.3% higher branch coverage than state-of-the-art strategies and discovered 15 unique bugs. Of these, six were detected exclusively by FeatMaker.