Just fuzz it: solving floating-point constraints using coverage-guided fuzzing

Daniel Liew, Cristian Cadar, Alastair F. Donaldson, J. Ryan Stinnett
2019 Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE 2019  
We investigate the use of coverage-guided fuzzing as a means of proving satisfiability of SMT formulas over finite variable domains, with specific application to floating-point constraints. We show how an SMT formula can be encoded as a program containing a location that is reachable if and only if the program's input corresponds to a satisfying assignment to the formula. A coverage-guided fuzzer can then be used to search for an input that reaches the location, yielding a satisfying
more » ... We have implemented this idea in a tool, Just Fuzz-it Solver (JFS), and we present a large experimental evaluation showing that JFS is both competitive with and complementary to state-of-the-art SMT solvers with respect to solving floating-point constraints, and that the coverage-guided approach of JFS provides significant benefit over naive fuzzing in the floating-point domain. Applied in a portfolio manner, the JFS approach thus has the potential to complement traditional SMT solvers for program analysis tasks that involve reasoning about floating-point constraints. CCS CONCEPTS • Theory of computation → Constraint and logic programming; • Software and its engineering → Software testing and debugging.
doi:10.1145/3338906.3338921 dblp:conf/sigsoft/LiewCDS19 fatcat:iplxqx3a5rgjhbkrentkbglv6m