A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing
[article]
2020
arXiv
pre-print
Preserved Fulltext
In this paper, we present STORM, a novel blackbox mutational fuzzing technique for detecting critical bugs in SMT solvers. ...
We run our fuzzer on seven mature solvers and find 29 previously unknown critical bugs. STORM is already being used in testing new features of popular solvers before deployment. ...
In this paper, we present a general blackbox fuzzing technique for detecting critical bugs in any SMT solver. ...
arXiv:2004.05934v1
fatcat:a3b2giyepzh4rlcu6brewvak3y
DeepGalaxy: Testing Neural Network Verifiers via Two-Dimensional Input Space Exploration
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Similar to traditional software, neural network verifiers could also contain bugs, which would have a critical and serious impact, especially in safety-critical areas. ...
Deep neural networks (DNNs) are widely developed and applied in many areas, and the quality assurance of DNNs is critical. ...
After DeepGalaxy detects the bugs, we also use the manual inspection to facilitate bug reporting and enhance the quality of the bug report. ...
arXiv:2201.08087v1
fatcat:m75hwzuifzgljfmmzoxf7bu6ja
Billions and billions of constraints: Whitebox fuzz testing in production
2013
2013 35th International Conference on Software Engineering (ICSE)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL.
The file type is application/pdf.
Whitebox fuzzing has found one-third of all file fuzzing bugs during the development of Windows 7, saving millions of dollars in potential security vulnerabilities. ...
Our work represents the largest scale deployment of whitebox fuzzing, including the largest computational usage ever for a Satisfiability Modulo Theories (SMT) solver, to date. ...
We thank the developers of the Z3 SMT solver, including Nikolaj Bjorner and Leonardo de Moura. ...
doi:10.1109/icse.2013.6606558
dblp:conf/icse/BounimovaGM13
fatcat:rnjtmntim5dlbpc4hjvqiv4x3m
FuSeBMC v4: Improving code coverage with smart seeds via fuzzing and static analysis
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Bounded model checking (BMC) and fuzzing techniques are among the most effective methods for detecting errors and security vulnerabilities in software. ...
However, there is still a shortcoming in detecting these errors due to the inability to cover large areas in the target code. ...
In this phase, FuSeBMC tries to achieve synergy between the two engines. The BMC engine uses SMT solvers to produce test cases that circumvent complex mathematical guards. ...
arXiv:2206.14068v1
fatcat:kpqsgvwikbhr3nplw4wqytfsae
NEUZZ: Efficient Fuzzing with Neural Program Smoothing
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2018 pre-print arXiv:1807.05620v3 fatcat:a7ycf7znifhcplt6oaiypx6x7yOther Versions
Such evolutionary algorithms, while fast and simple to implement, often get stuck in fruitless sequences of random mutations. ...
Most popular fuzzers use evolutionary guidance to generate inputs that can trigger different bugs. ...
solving together with traditional SMT solvers. ...
arXiv:1807.05620v4
fatcat:im4fetstu5fwjiw6qrc44dsi34
An Exploratory Survey of Hybrid Testing Techniques Involving Symbolic Execution and Fuzzing
[article]
2017
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Similarly, due to an increase in the performance of cheap multi-core commodity computers, fuzzing as a viable method of random mutation-based testing has also seen promise. ...
Fuzzing could, for example, expedite path-exploration in symbolic execution, and symbolic execution could make seed input generation in fuzzing more efficient. ...
and finding bugs in software. ...
arXiv:1712.06843v1
fatcat:zh6ruli4tjblpgbcou4r7y4tg4
Model-based whitebox fuzzing for program binaries
2016
Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering - ASE 2016
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
We evaluate on 13 vulnerabilities in 8 large program binaries with 6 separate file formats and found that MoWF exposes all vulnerabilities while both, traditional whitebox fuzzing and model-based blackbox ...
Naturally, the time is better spent exploring the functional part of the program where failure with valid input exposes deep and real bugs in the program. ...
MoWF is a marriage of modelbased blackbox fuzzing and whitebox fuzzing that generates valid files efficiently that exercise critical target locations effectively. ...
doi:10.1145/2970276.2970316
dblp:conf/kbse/PhamBR16
fatcat:4oss2xt5w5guzewc76dgwd7pda
Directed Greybox Fuzzing
2017
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Due to its directedness, AFLGo could find 39 bugs in several well-fuzzed, security-critical projects like LibXML2. 17 CVEs were assigned. ...
Existing Greybox Fuzzers (GF) cannot be effectively directed, for instance, towards problematic changes or patches, towards critical system calls or dangerous locations, or towards functions in the stacktrace ...
A satisfiability modulo theory (SMT) solver generates an actual input t as a solution to the path constraint φ(π ) if the constraint is satisfiable. ...
doi:10.1145/3133956.3134020
dblp:conf/ccs/BohmePNR17
fatcat:urp653p3evegzmqfrnsp52kada
GasFuzzer: Fuzzing Ethereum Smart Contract Binaries to Expose Gas-Oriented Exception Security Vulnerabilities
2020
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
together with those which remained non-mutated to fuzz test the smart contract. ...
It applies them to mutate the gas allowances of some of these transactions resulting in the highest gas consumptions produced in the first phase followed by applying these allowance-mutated transactions ...
These techniques construct CFGs form bytecode to perform symbolic execution employing an SMT solver to discover possible execution paths.
VIII. ...
doi:10.1109/access.2020.2995183
fatcat:de354kyy25d4vo74sllabzp6qq
WEIZZ: Automatic Grey-box Fuzzing for Structured Binary Formats
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Fuzzing technologies have evolved at a fast pace in recent years, revealing bugs in programs with ever increasing depth and speed. ...
We show that our techniques performs comparably to structure-aware fuzzing proposals that require human assistance. Our prototype implementation WEIZZ revealed 11 unknown bugs in widely used programs. ...
Then it collects constraints resulting from them, considering however only linear and monotone relationships, as other constraint types would likely require a full-fledged SMT solver. ...
arXiv:1911.00621v1
fatcat:te225howlvduhfnh7nozvzzeuu
Fuzz, Penetration, and AI Testing for SoC Security Verification: Challenges and Solutions
[article]
2022
IACR Cryptology ePrint Archive
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
of the SoC security verification process in this paper. ...
SoC security verification, the definition of security policies, formulation of the security verification, etc., we put forward a realization of the utilization of self-refinement techniques, such as fuzz ...
Gray-box Fuzzing Gray-box fuzzing is a hybrid approach that mixes blackbox and white-box fuzzing. Gray-box fuzzing obtains partial information of the design under verification. ...
dblp:journals/iacr/AzarHVSMRTF22
fatcat:dtj6zn72q5g45aogataevzc42q
A Survey of Symbolic Execution Techniques
2018
ACM Computing Surveys
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
One approach would be to test the program using different, possibly random inputs. ...
Symbolic execution has been incubated in dozens of tools developed over the last four decades, leading to major practical breakthroughs in a number of prominent software reliability applications. ...
SMT solvers map the atoms in an SMT formula to fresh boolean variables: a SAT decision procedure checks the rewritten formula for satisfiability, and a theory solver checks the model generated by the SAT ...
doi:10.1145/3182657
fatcat:h6kadibzkvevxa3lgzdtdokq74
A Survey of Symbolic Execution Techniques
[article]
2018
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
One approach would be to test the program using different, possibly random inputs. ...
Symbolic execution has been incubated in dozens of tools developed over the last four decades, leading to major practical breakthroughs in a number of prominent software reliability applications. ...
SMT solvers map the atoms in an SMT formula to fresh boolean variables: a SAT decision procedure checks the rewritten formula for satisfiability, and a theory solver checks the model generated by the SAT ...
arXiv:1610.00502v3
fatcat:zez6xtyiuna6rgv7ola3nzxmty
Test Case Generation Assisted by Control Dependence Analysis
unpublished
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
The test cases will be generated from possible counterexamples in constraint solving. ...
If a security sink is reached, SYTA builds a constraint, path conditions and equivalence relationship asserts, which are to be sent to a constraints solver. ...
The work has been supported in part by the National Natural Science Foundation of China ...
fatcat:7ck7jhxgqbdxtjzbvqckjiz3bi
DBStorm: A Cost-effective Approach for Generating Valid Workload to Test Transaction Processing
2022
Zenodo
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
/Bugs.zip demonstrates the bugs found by DBStorm. 5. ./BugReporducer.zip is the detailed reproduce step for several bugs found in TDB. ...
Cobra [44] uses SMT solver to verify only the serializablity in key-value stores under a special workload by injecting fence transactions, which leads to critital usage limitations. ...
In practice, DBStorm has exposed a list of critical bugs in commercial database systems. ...
doi:10.5281/zenodo.6477545
fatcat:4ah5icaqircvderncr4gb5vsrm
« Previous
Showing results 1 — 15 out of 27 results