Finding Short Slow Inputs Faster with Grammar-Based Search
Recent research has shown that mutational search with appropriate instrumentation can generate short inputs that demonstrate performance issues. Another thread of fuzzing research has shown that substituting subtrees from a forest of derivation trees is an effective grammar-based fuzzing technique for finding deep semantic bugs. We combine performance fuzzing with grammar-based search by generating length-limited derivation trees in which each subtree is labeled with its length. In addition we use performance instrumentation feedback to guide search. In contrast to fuzzing for security issues, for which fuzzing campaigns of many hours or even weeks can be appropriate, we focus on searches that are short enough (up to an hour with modest computational resources) to be part of a routine incremental test process. We have evaluated combinations of these approaches, with baselines including the best prior performance fuzzer. No single search technique dominates across all examples, but both Monte Carlo tree search and length-limited tree hybridization perform consistently well on example applications in which semantic performance bugs can be found with syntactically correct input. In the course of our evaluation we discovered a hang bug in LunaSVG, which the developers have acknowledged and corrected.
Wed 19 JulDisplayed time zone: Pacific Time (US & Canada) change
13:30 - 15:00 | ISSTA 8: Fuzzing 2Technical Papers at Habib Classroom (Gates G01) Chair(s): Marcel Böhme MPI-SP; Monash University | ||
13:30 15mTalk | Guiding Greybox Fuzzing with Mutation TestingACM SIGSOFT Distinguished Paper Technical Papers Vasudev Vikram Carnegie Mellon University, Isabella Laybourn Carnegie Mellon University, Ao Li Carnegie Mellon University, Nicole Nair Swarthmore College, Kelton OBrien University of Minnesota, Rafaello Sanna University of Rochester, Rohan Padhye Carnegie Mellon University DOI Pre-print Media Attached | ||
13:45 15mTalk | Rare Path Guided Fuzzing Technical Papers Seemanta Saha University of California at Santa Barbara, Laboni Sarker University of California at Santa Barbara, Md Shafiuzzaman University of California at Santa Barbara, Chaofan Shou University of California at Santa Barbara, Albert Li University of California at Santa Barbara, Ganesh Sankaran University of California at Santa Barbara, Tevfik Bultan University of California at Santa Barbara DOI | ||
14:00 15mTalk | Finding Short Slow Inputs Faster with Grammar-Based Search Technical Papers DOI | ||
14:15 15mTalk | Fuzzing Embedded Systems using Debug Interfaces Technical Papers Max Eisele Robert Bosch; Saarland University, Daniel Ebert Robert Bosch, Christopher Huth Robert Bosch, Andreas Zeller CISPA Helmholtz Center for Information Security DOI Pre-print | ||
14:30 15mTalk | GrayC: Greybox Fuzzing of Compilers and Analysers for CACM SIGSOFT Distinguished Paper Technical Papers Karine Even-Mendoza King’s College London, Arindam Sharma Imperial College London, Alastair F. Donaldson Imperial College London, Cristian Cadar Imperial College London DOI | ||
14:45 15mTalk | Fuzzing Deep Learning Compilers with HirGen Technical Papers Haoyang Ma Hong Kong University of Science and Technology, Qingchao Shen Tianjin University, Yongqiang Tian University of Waterloo, Junjie Chen Tianjin University, Shing-Chi Cheung Hong Kong University of Science and Technology DOI | ||