Filters








27 Hits in 4.5 sec

Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing [article]

Muhammad Numair Mansur, Maria Christakis, Valentin Wüstholz, Fuyuan Zhang
2020 arXiv   pre-print
In this paper, we present STORM, a novel blackbox mutational fuzzing technique for detecting critical bugs in SMT solvers.  ...  We run our fuzzer on seven mature solvers and find 29 previously unknown critical bugs. STORM is already being used in testing new features of popular solvers before deployment.  ...  In this paper, we present a general blackbox fuzzing technique for detecting critical bugs in any SMT solver.  ... 
arXiv:2004.05934v1 fatcat:a3b2giyepzh4rlcu6brewvak3y

DeepGalaxy: Testing Neural Network Verifiers via Two-Dimensional Input Space Exploration [article]

Xuan Xie, Fuyuan Zhang
2022 arXiv   pre-print
Similar to traditional software, neural network verifiers could also contain bugs, which would have a critical and serious impact, especially in safety-critical areas.  ...  Deep neural networks (DNNs) are widely developed and applied in many areas, and the quality assurance of DNNs is critical.  ...  After DeepGalaxy detects the bugs, we also use the manual inspection to facilitate bug reporting and enhance the quality of the bug report.  ... 
arXiv:2201.08087v1 fatcat:m75hwzuifzgljfmmzoxf7bu6ja

Billions and billions of constraints: Whitebox fuzz testing in production

Ella Bounimova, Patrice Godefroid, David Molnar
2013 2013 35th International Conference on Software Engineering (ICSE)  
Whitebox fuzzing has found one-third of all file fuzzing bugs during the development of Windows 7, saving millions of dollars in potential security vulnerabilities.  ...  Our work represents the largest scale deployment of whitebox fuzzing, including the largest computational usage ever for a Satisfiability Modulo Theories (SMT) solver, to date.  ...  We thank the developers of the Z3 SMT solver, including Nikolaj Bjorner and Leonardo de Moura.  ... 
doi:10.1109/icse.2013.6606558 dblp:conf/icse/BounimovaGM13 fatcat:rnjtmntim5dlbpc4hjvqiv4x3m

FuSeBMC v4: Improving code coverage with smart seeds via fuzzing and static analysis [article]

Kaled M. Alshmrany, Mohannad Aldughaim, Ahmed Bhayat, Fedor Shmarov, Fatimah Aljaafari, Lucas C. Cordeiro
2022 arXiv   pre-print
Bounded model checking (BMC) and fuzzing techniques are among the most effective methods for detecting errors and security vulnerabilities in software.  ...  However, there is still a shortcoming in detecting these errors due to the inability to cover large areas in the target code.  ...  In this phase, FuSeBMC tries to achieve synergy between the two engines. The BMC engine uses SMT solvers to produce test cases that circumvent complex mathematical guards.  ... 
arXiv:2206.14068v1 fatcat:kpqsgvwikbhr3nplw4wqytfsae

NEUZZ: Efficient Fuzzing with Neural Program Smoothing [article]

Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, Suman Jana
2019 arXiv   pre-print
Such evolutionary algorithms, while fast and simple to implement, often get stuck in fruitless sequences of random mutations.  ...  Most popular fuzzers use evolutionary guidance to generate inputs that can trigger different bugs.  ...  solving together with traditional SMT solvers.  ... 
arXiv:1807.05620v4 fatcat:im4fetstu5fwjiw6qrc44dsi34

An Exploratory Survey of Hybrid Testing Techniques Involving Symbolic Execution and Fuzzing [article]

Saahil Ognawala, Ana Petrovska, Kristian Beckers
2017 arXiv   pre-print
Similarly, due to an increase in the performance of cheap multi-core commodity computers, fuzzing as a viable method of random mutation-based testing has also seen promise.  ...  Fuzzing could, for example, expedite path-exploration in symbolic execution, and symbolic execution could make seed input generation in fuzzing more efficient.  ...  and finding bugs in software.  ... 
arXiv:1712.06843v1 fatcat:zh6ruli4tjblpgbcou4r7y4tg4

Model-based whitebox fuzzing for program binaries

Van-Thuan Pham, Marcel Böhme, Abhik Roychoudhury
2016 Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering - ASE 2016  
We evaluate on 13 vulnerabilities in 8 large program binaries with 6 separate file formats and found that MoWF exposes all vulnerabilities while both, traditional whitebox fuzzing and model-based blackbox  ...  Naturally, the time is better spent exploring the functional part of the program where failure with valid input exposes deep and real bugs in the program.  ...  MoWF is a marriage of modelbased blackbox fuzzing and whitebox fuzzing that generates valid files efficiently that exercise critical target locations effectively.  ... 
doi:10.1145/2970276.2970316 dblp:conf/kbse/PhamBR16 fatcat:4oss2xt5w5guzewc76dgwd7pda

Directed Greybox Fuzzing

Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
Due to its directedness, AFLGo could find 39 bugs in several well-fuzzed, security-critical projects like LibXML2. 17 CVEs were assigned.  ...  Existing Greybox Fuzzers (GF) cannot be effectively directed, for instance, towards problematic changes or patches, towards critical system calls or dangerous locations, or towards functions in the stacktrace  ...  A satisfiability modulo theory (SMT) solver generates an actual input t as a solution to the path constraint φ(π ) if the constraint is satisfiable.  ... 
doi:10.1145/3133956.3134020 dblp:conf/ccs/BohmePNR17 fatcat:urp653p3evegzmqfrnsp52kada

GasFuzzer: Fuzzing Ethereum Smart Contract Binaries to Expose Gas-Oriented Exception Security Vulnerabilities

Imran Ashraf, Xiaoxue Ma, Bo Jiang, W. K. Chan
2020 IEEE Access  
together with those which remained non-mutated to fuzz test the smart contract.  ...  It applies them to mutate the gas allowances of some of these transactions resulting in the highest gas consumptions produced in the first phase followed by applying these allowance-mutated transactions  ...  These techniques construct CFGs form bytecode to perform symbolic execution employing an SMT solver to discover possible execution paths. VIII.  ... 
doi:10.1109/access.2020.2995183 fatcat:de354kyy25d4vo74sllabzp6qq

WEIZZ: Automatic Grey-box Fuzzing for Structured Binary Formats [article]

Andrea Fioraldi, Daniele Cono D'Elia, Emilio Coppa
2019 arXiv   pre-print
Fuzzing technologies have evolved at a fast pace in recent years, revealing bugs in programs with ever increasing depth and speed.  ...  We show that our techniques performs comparably to structure-aware fuzzing proposals that require human assistance. Our prototype implementation WEIZZ revealed 11 unknown bugs in widely used programs.  ...  Then it collects constraints resulting from them, considering however only linear and monotone relationships, as other constraint types would likely require a full-fledged SMT solver.  ... 
arXiv:1911.00621v1 fatcat:te225howlvduhfnh7nozvzzeuu

Fuzz, Penetration, and AI Testing for SoC Security Verification: Challenges and Solutions [article]

Kimia Zamiri Azar, Muhammad Monir Hossain, Arash Vafaei, Hasan Al Shaikh, Nurun N. Mondol, Fahim Rahman, Mark M. Tehranipoor, Farimah Farahmandi
2022 IACR Cryptology ePrint Archive  
of the SoC security verification process in this paper.  ...  SoC security verification, the definition of security policies, formulation of the security verification, etc., we put forward a realization of the utilization of self-refinement techniques, such as fuzz  ...  Gray-box Fuzzing Gray-box fuzzing is a hybrid approach that mixes blackbox and white-box fuzzing. Gray-box fuzzing obtains partial information of the design under verification.  ... 
dblp:journals/iacr/AzarHVSMRTF22 fatcat:dtj6zn72q5g45aogataevzc42q

A Survey of Symbolic Execution Techniques

Roberto Baldoni, Emilio Coppa, Daniele Cono D'elia, Camil Demetrescu, Irene Finocchi
2018 ACM Computing Surveys  
One approach would be to test the program using different, possibly random inputs.  ...  Symbolic execution has been incubated in dozens of tools developed over the last four decades, leading to major practical breakthroughs in a number of prominent software reliability applications.  ...  SMT solvers map the atoms in an SMT formula to fresh boolean variables: a SAT decision procedure checks the rewritten formula for satisfiability, and a theory solver checks the model generated by the SAT  ... 
doi:10.1145/3182657 fatcat:h6kadibzkvevxa3lgzdtdokq74

A Survey of Symbolic Execution Techniques [article]

Roberto Baldoni, Emilio Coppa, Daniele Cono D'Elia, Camil Demetrescu, Irene Finocchi
2018 arXiv   pre-print
One approach would be to test the program using different, possibly random inputs.  ...  Symbolic execution has been incubated in dozens of tools developed over the last four decades, leading to major practical breakthroughs in a number of prominent software reliability applications.  ...  SMT solvers map the atoms in an SMT formula to fresh boolean variables: a SAT decision procedure checks the rewritten formula for satisfiability, and a theory solver checks the model generated by the SAT  ... 
arXiv:1610.00502v3 fatcat:zez6xtyiuna6rgv7ola3nzxmty

Test Case Generation Assisted by Control Dependence Analysis

Puhan Zhang, Qi Wang, Guowei Dong, Bin Liang, Wenchang Shi
unpublished
The test cases will be generated from possible counterexamples in constraint solving.  ...  If a security sink is reached, SYTA builds a constraint, path conditions and equivalence relationship asserts, which are to be sent to a constraints solver.  ...  The work has been supported in part by the National Natural Science Foundation of China  ... 
fatcat:7ck7jhxgqbdxtjzbvqckjiz3bi

DBStorm: A Cost-effective Approach for Generating Valid Workload to Test Transaction Processing

Anonymous
2022 Zenodo  
/Bugs.zip demonstrates the bugs found by DBStorm. 5. ./BugReporducer.zip is the detailed reproduce step for several bugs found in TDB.  ...  Cobra [44] uses SMT solver to verify only the serializablity in key-value stores under a special workload by injecting fence transactions, which leads to critital usage limitations.  ...  In practice, DBStorm has exposed a list of critical bugs in commercial database systems.  ... 
doi:10.5281/zenodo.6477545 fatcat:4ah5icaqircvderncr4gb5vsrm
« Previous Showing results 1 — 15 out of 27 results