Saffron-Reference-Cited by-同舟云学术

Saffron

Published:2019-12-02 Issue:4 Volume:44 Page:14-14
ISSN:0163-5948
Container-title:ACM SIGSOFT Software Engineering Notes
language:en
Short-container-title:SIGSOFT Softw. Eng. Notes

Author:

Le Xuan-Bach D.¹,Pasareanu Corina²,Padhye Rohan³,Lo David⁴,Visser Willem⁵,Sen Koushik³

Affiliation:

1. The University of Melbourne, Melbourne, Australia

2. Carnegie Mellon University, Pittsburgh, PA, USA

3. University of California, Berkeley, Berkeley, CA, USA

4. Singapore Management University, Singapore, Singapore

5. Stellenbosch University,, Stellenbosch, South Africa

Abstract

Fuzz testing has been gaining ground recently with substantial e orts devoted to the area. Typically, fuzzers take a set of seed inputs and leverage random mutations to continually improve the inputs with respect to a cost, e.g. program code coverage, to discover vulnerabilities or bugs. Following this methodology, fuzzers are very good at generating unstructured inputs that achieve high coverage. However fuzzers are less e ective when the inputs are structured, say they conform to an input grammar. Due to the nature of random mutations, the overwhelming abundance of inputs generated by this common fuzzing practice often adversely hinders the effectiveness and efficiency of fuzzers on grammar-aware applications. The problem of testing becomes even harder, when the goal is not only to achieve increased code coverage, but also to nd complex vulnerabilities related to other cost measures, say high resource consumption in an application. We propose Saffron an adaptive grammar-based fuzzing approach to effectively and efficiently generate inputs that expose expensive executions in programs. Saffron takes as input a user-provided grammar, which describes the input space of the program under analysis, and uses it to generate test inputs. Saffron assumes that the grammar description is approximate since precisely describing the input program space is often difficult as a program may accept unintended inputs due to e.g., errors in parsing. Yet these inputs may reveal worst-case complexity vulnerabilities. The novelty of Saffron is then twofold: (1) Given the user-provided grammar, Saffron attempts to discover whether the program accepts unexpected inputs outside of the provided grammar, and if so, it repairs the grammar via grammar mutations. The repaired grammar serves as a speci cation of the actual inputs accepted by the application. (2) Based on the re ned grammar, it generates concrete test inputs. It starts by treating every production rule in the grammar with equal probability of being used for generating concrete inputs. It then adaptively re nes the probabilities along the way by increasing the probabilities for rules that have been used to generate inputs that improve a cost, e.g., code coverage or arbitrary user-de ned cost. Evaluation results show that Saffron signi cantly outperforms state-of-the-art baselines.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3364452.3364455

Reference30 articles.

1. http://stackstatus.net/post/147710624694/outagepostmortem- july-20--2016. http://stackstatus.net/post/147710624694/outagepostmortem- july-20--2016.

2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2011--5021. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2011--5021.

3. https://www.phpclasses.org/blog/post/171-PHPVulnerability- May-Halt-Millions-of-Servers.html. https://www.phpclasses.org/blog/post/171-PHPVulnerability- May-Halt-Millions-of-Servers.html.

4. https://meta.stackover ow.com/questions/32837/why-doesstack- over ow-use-a-backtracking-regex-implementation. https://meta.stackover ow.com/questions/32837/why-doesstack- over ow-use-a-backtracking-regex-implementation.

5. https://github.com/codehaus-plexus/plexus-util/issues/57. https://github.com/codehaus-plexus/plexus-util/issues/57.

Cited by 19 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. AsFuzzer: Differential Testing of Assemblers with Error-Driven Grammar Inference;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11

2. Fuzzing-based grammar learning from a minimal set of seed inputs;Journal of Computer Languages;2024-03

3. A Generative and Mutational Approach for Synthesizing Bug-Exposing Test Cases to Guide Compiler Fuzzing;Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering;2023-11-30

4. Performance Fuzzing with Reinforcement-Learning and Well-Defined Constraints for the B Method;iFM 2023;2023-11-06

5. Enabling BPF Runtime policies for better BPF management;Proceedings of the 1st Workshop on eBPF and Kernel Extensions;2023-09-10