Symbolic Testing

COYOTE a fully automated unit testing tool automatically creates test cases for each function of software and automatically executes it.

When full automatic testing is executed, the most difficult part is the automatic creation of test cases. Although diverse techniques have been devised for scores of years, there have been many stumbles along the way.

Even though many test automation tools are advertised to have the automatic creation function of test cases, they have been shunned due to the above reason.

We have developed a symbolic testing engine enabling the automatic creation of test cases at the commercialization level with our technology. The symbolic testing technology performs white box testing using the symbolic execution or concolic execution techniques and it exerts outstanding capabilities for the automatic creation of test cases.

The symbolic testing engine explores all execution paths of a given function and calculates the conditions under which each execution path is executed (path condition).

To this end, Insert the code to perform the symbolic operation into the given function, and generate driver code to drive the function and stub code of other functions called by that function to automatically generating test executables. When running the test, the actual execution and the symbolic execution are performed simultaneously, and it calculates the path conditions and test cases. At this time, to solve the conditional equation, an automatic theorem-proof such as an SMT solver is used.

Automatic Verification Team

“We develop fully automated testing tools by fusing technologies such as concolic execution, automatic proof, static analysis, machine learning, and more.”
“For the development environment, we mainly use functional languages such as F# and object-oriented languages such as Java.”
“The source code analysis, SMT solver, and code generation technology play a pivotal role in the automation of various factors required for automated testing, as well as the symbolic testing technology.”
“We will do our utmost to ensure a fully automated testing tool, COYOTE, be a reliable partner in areas where software reliability is particularly important, such as automobiles and aviation.”

Static Analysis

CODEMIND CSI/CQI, a source code diagnostic tool, detects security weaknesses inherent in the source code and detects possible errors during execution in advance.

The technology that predicts software’s behavior beforehand without execution of the software is so-called static analysis. Static analysis can be presented in a variety of techniques, including type analysis, data flow analysis, control flow analysis, information flow analysis, and memory shape analysis.

The abstract interpretation technology is the one devised to design various static analysis techniques within one framework. It has established itself as a standard of the static analysis as it can systematically implement various semantic analysis based on summary analysis.

The principle of the abstract interpretation is to compute abstracted values through abstracted arithmetic operation of a given program. For example, a simultaneous equation that can calculate the scope that each position’s x value can have with the simple program below. The solution of the simultaneous equation is called the “fixed point,” and the fixed point is calculated with a repetitive method.

In this way, variable values are computed, or memory allocation configuration is predicted. The second figure is the process of calculating the memory shape of a given program through summary analysis. Here is an example of detecting a use after free error returned from a memory analysis result.

Beside, CODEMIND has implemented a static analysis engine using graph DB. The analysis result can be checked during analysis in an on-the-fly method, and it is also useful for creating convenient defect tracking graphs.

Static Analysis Team

“We develop summary interpretation-based static analysis tools. We provide secure coding diagnosis and quality diagnosis using the syntax analysis, flow analysis, memory analysis, and value analysis.”
“For the development environment, we use a function language such as Scala and object-oriented language including Java in a complex way.”
“We were very first in Korea to integrate graph DB-based analysis and semantic-based analysis to implement on-the-fly diagnosis and provide defect tracking graphs.
“As each customer presents various development environments and diagnosis requirements recently, offering a customized tool becomes important. We will do our best to meet customer needs on software security and safety.”