If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: checking out GDB with Dtrace support for OS X... (1.9.2). Should be interesting.
- wishinet: RT @bfoo: Worth reading: http://merbist.com/2010/08/22/discussion-with-a-java-switcher/
- wishinet: nächstes Jahr Taikai in Nürnberg (http://www.taikai.de/) - und nu aus Nürnberg total groggy in die Falle! ;)
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
A brief look at KLEE
Mon, 08/17/2009 - 14:36 | wishi
txtAutomated high coverage tests
Software testing - if you do it manually - requires you to reach many implemented functions. The more functions you're able to reach, the better. Manual testing most often is considered to be more effective than general automated black-boxing. In between, if you've got the source, KLEE can help you to generate tests; and generate the code via symbolic execution.
An 2008's OSDI paper sums that up quite nicely.
Installation with LLVM backend
KLEE requires the LLVM suite. The installation is easy enough: check out the LLVM svn rpository, compile and install LLVM and KLEE, and have fun.
If you want to use KLEE on MacOS, you should add "-fexceptions" to the CXXFLAGS, because the libstdc++ 4.0 seems to require it. Maybe soon KLEE will use LLVM map data structures... Let's see.
- llvm[0]: Running unittests test suite
- Debug/ExprTests
- [==========] Running 3 tests from 1 test case.
- [----------] Global test environment set-up.
- [----------] 3 tests from ExprTest
- [ RUN ] ExprTest.BasicConstruction
- [ OK ] ExprTest.BasicConstruction
- [ RUN ] ExprTest.ConcatExtract
- [ OK ] ExprTest.ConcatExtract
- [ RUN ] ExprTest.ExtractConcat
- [ OK ] ExprTest.ExtractConcat
- [----------] Global test environment tear-down
- [==========] 3 tests from 1 test case ran.
- [ PASSED ] 3 tests.
- Debug/SolverTests
- [==========] Running 1 test from 1 test case.
- [----------] Global test environment set-up.
- [----------] 1 test from SolverTest
- [ RUN ] SolverTest.Evaluation
- [ OK ] SolverTest.Evaluation
- [----------] Global test environment tear-down
- [==========] 1 test from 1 test case ran.
- [ PASSED ] 1 test.
If you passed the checks, it's time for testing.
Tests in replay mode
The directory examples/islower - is pretty interesting. In short: Include klee, make the input variable symbolic, compile to LLVM bitcode, generate the test-cases and replay them with gcc or another compiler.
Other frontends
My time is currently limited, however I'll soon check .Net/Java programs with the VMKit LLVM frontend, and Objective C code with clang. Seems to be a great way to put programs in play-mode. :)
Have fun,
wishi
Tags: 
Post new comment