Precise concolic unit testing of C programs using extended units and symbolic alarm filtering

Automated unit testing reduces manual effort to write unit test drivers/stubs and generate unit test inputs. However, automatically generated unit test drivers/stubs raise false alarms because they often over-approximate real contexts of a target function f and allow infeasible executions of f . To solve this problem, we have developed a concolic unit testing technique CONBRIO. To provide realistic context to f , it constructs an extended unit of f that consists of f and closely relevant functions to f . Also, CONBRIO filters out a false alarm by checking feasibility of a corresponding symbolic execution path with regard to f 's symbolic calling contexts obtained by combining symbolic execution paths of f' s closely related predecessor functions. In the experiments on the crash bugs of 15 real-world C programs, CONBRIO shows both high bug detection ability (i.e. 91.0% of the target bugs detected) and high precision (i.e. a true to false alarm ratio is 1:4.5). Also, CONBRIO detects 14 new bugs in 9 target C programs studied in papers on crash bug detection techniques.