Lightweight Concolic Testing via Path-Condition Synthesis for Deep Learning Libraries

Many techniques have been recently developed for testing deep learning (DL) libraries. Although these techniques have effectively improved API and code coverage and detected unknown bugs, they rely on blackbox fuzzing for input generation. Concolic testing (also known as dynamic symbolic execution)...

Full description

Saved in:
Bibliographic Details
Published inProceedings / International Conference on Software Engineering pp. 2957 - 2969
Main Authors Kim, Sehoon, Kim, Yonghyeon, Park, Dahyeon, Jeon, Yuseok, Yi, Jooyong, Kim, Mijung
Format Conference Proceeding
LanguageEnglish
Published IEEE 26.04.2025
Subjects
Closed box
Codes
Complexity theory
Computer bugs
Concolic Testing
Deep learning
Deep Learning Libraries
Fuzzing
Libraries
Software engineering
Testing
Online AccessGet full text

Cover

More Information
Summary:Many techniques have been recently developed for testing deep learning (DL) libraries. Although these techniques have effectively improved API and code coverage and detected unknown bugs, they rely on blackbox fuzzing for input generation. Concolic testing (also known as dynamic symbolic execution) can be more effective in exploring diverse execution paths, but applying it to DL libraries is extremely challenging due to their inherent complexity. In this paper, we introduce the first concolic testing technique for DL libraries. Our technique offers a lightweight approach that significantly reduces the heavy overhead associated with traditional concolic testing. While symbolic execution maintains symbolic expressions for every variable with non-concrete values to build a path condition, our technique computes approximate path conditions by inferring branch conditions via inductive program synthesis. Despite potential imprecision from approximation, our method's light overhead allows for effective exploration of diverse execution paths within the complex implementations of DL libraries. We have implemented our tool, Pathfinder, and evaluated it on PyTorch and TensorFlow. Our results show that Pathfinder outperforms existing API-level DL library fuzzers by achieving 67% more branch coverage on average; up to 63% higher than TitanFuzz and 120% higher than FreeFuzz. Pathfinder is also effective in bug detection, uncovering 61 crash bugs, 59 of which were confirmed by developers as previously unknown, with 32 already fixed.
ISSN:1558-1225
DOI:10.1109/ICSE55347.2025.00202