| Programmers, software testers, and cyber-security analysts have a need to understand the behaviors that their programs might exhibit. We consider a program's behaviors to be its actions manifesting some effect beyond its own internal state. A program generally exhibits such behaviors by making API calls. One particularly powerful strategy for gaining an understanding of a program's behaviors is to witness their exhibition as the program runs. However, in order to witness a program's behaviors, one must first be able to elicit the program into exhibiting them. In the present work, a method is presented that serves to automatically and efficiently elicit a program into exhibiting many or all of its potential behaviors. The method works by guiding concolic execution towards the control flow paths along which a program's behaviors are more likely to be exhibited. First, an upfront interprocedural data flow analysis is employed to compute how API call statements reach one another and various other program points with respect to the program's control flow. The resulting information is then used to guide the path selection of concolic execution so as to give preference to paths along which more API call statements can be reached. An evaluation of the presented method shows that it more efficiently elicits program behaviors than does usage of non-guided concolic execution. In particular, the percentage increase in API call statements executed using our behavior elicitation method as compared to a common non-guided strategy ranged from 2% up to 287%, with a median percentage gain of 69.74%. |
