At Google, fuzzing C and C++ libraries has discovered tens of thousands of security and robustness bugs. However, these bugs are often reported much after they were first introduced. In many cases, developers are provided only with fault-inducing test inputs and replication instructions that highlight a crash, but additional debugging information may be needed to localize the cause of the bug. Hence, developers need to spend substantial time debugging the code and identifying commits that introduced the bug. In this paper, we discuss our experience with automating a fuzzing-enabled bisection that pinpoints the commit in which the crash first manifests itself. This ultimately reduces the time critical bugs stay open in our code base. We report on our experience over the past 12 months, which shows that developers fix bugs on average 2.23 times faster when aided by this automated analysis.
Wed 17 NovDisplayed time zone: Hobart change
08:00 - 09:00
|On the Real-World Effectiveness of Static Bug Detectors at Finding Null Pointer Exceptions
|Subtle Bugs Everywhere: Generating Documentation for Data Wrangling Code
|Reducing Time-To-Fix For Fuzzer Bugs
|Shaker: a Tool for Detecting More Flaky Tests Faster
Marcello Cordeiro Federal University of Pernambuco, Denini Silva Federal University of Pernambuco, Leopoldo Teixeira Federal University of Pernambuco, Breno Miranda Federal University of Pernambuco, Marcelo d'Amorim Federal University of PernambucoLink to publication