Reducing Time-To-Fix For Fuzzer Bugs (ASE 2021 - Industry Showcase)

Write a Blog >>

Sun 14 - Sat 20 November 2021 Australia

Who

Rui Abreu, Franjo Ivančić, Filip Niksic, Hadi Ravanbakhsh, Ramesh Viswanathan

Track

ASE 2021 Industry Showcase

Time Zone

The program is currently displayed in (GMT+11:00) Hobart.

Use conference time zone: (GMT+11:00) HobartSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Wed 17 Nov 2021 08:40 - 08:50 at Kangaroo - Bugs I Chair(s): Elena Sherman

Abstract

At Google, fuzzing C and C++ libraries has discovered tens of thousands of security and robustness bugs. However, these bugs are often reported much after they were first introduced. In many cases, developers are provided only with fault-inducing test inputs and replication instructions that highlight a crash, but additional debugging information may be needed to localize the cause of the bug. Hence, developers need to spend substantial time debugging the code and identifying commits that introduced the bug. In this paper, we discuss our experience with automating a fuzzing-enabled bisection that pinpoints the commit in which the crash first manifests itself. This ultimately reduces the time critical bugs stay open in our code base. We report on our experience over the past 12 months, which shows that developers fix bugs on average 2.23 times faster when aided by this automated analysis.

Rui Abreu

Faculty of Engineering, University of Porto, Portugal

Portugal

Franjo Ivančić

Google

Filip Niksic

Google

United States

Hadi Ravanbakhsh

Google

Ramesh Viswanathan

Google

Time Zone

The program is currently displayed in (GMT+11:00) Hobart.

Use conference time zone: (GMT+11:00) HobartSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Wed 17 Nov
Displayed time zone: Hobart change

08:00 - 09:00	Bugs IResearch Papers / Industry Showcase / Tool Demonstrations at Kangaroo Chair(s): Elena Sherman Boise State University

08:00 20m Research paper		On the Real-World Effectiveness of Static Bug Detectors at Finding Null Pointer Exceptions Research Papers David A Tomassi University of California, Davis, Cindy Rubio-González University of California at Davis
08:20 20m Talk		Subtle Bugs Everywhere: Generating Documentation for Data Wrangling Code Research Papers Chenyang Yang Peking University, Shurui Zhou University of Toronto, Jin L.C. Guo McGill University, Christian Kästner Carnegie Mellon University
08:40 10m Talk		Reducing Time-To-Fix For Fuzzer Bugs Industry Showcase Rui Abreu Faculty of Engineering, University of Porto, Portugal, Franjo Ivančić Google, Filip Niksic Google, Hadi Ravanbakhsh Google, Ramesh Viswanathan Google
08:50 5m Talk		Shaker: a Tool for Detecting More Flaky Tests Faster Tool Demonstrations Marcello Cordeiro Federal University of Pernambuco, Denini Silva Federal University of Pernambuco, Leopoldo Teixeira Federal University of Pernambuco, Breno Miranda Federal University of Pernambuco, Marcelo d'Amorim Federal University of Pernambuco Link to publication