GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs (ICSE 2022 - Technical Track)

Write a Blog >>

Sun 8 - Fri 27 May 2022

Who

Harrison Green, Thanassis Avgerinos

Track

ICSE 2022 Technical Track

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Tue 10 May 2022 20:15 - 20:20 at ICSE room 4-even hours - Validation and Verification 4 Chair(s): Ting Su
Wed 11 May 2022 03:20 - 03:25 at ICSE room 4-odd hours - Validation and Verification 2 Chair(s): Grischa Liebel
Wed 25 May 2022 11:10 - 11:15 at Ballroom A - Papers 5: Validation and Verification Chair(s): Shiva Nejati

Abstract

We present the design and implementation of GraphFuzz, a new structure-, coverage- and object lifetime-aware fuzzer capable of automatically testing low-level Library APIs. Unlike other fuzzers, GraphFuzz models sequences of executed functions as a dataflow graph, thus enabling it to perform graph-based mutations both at the data and at the execution trace level. GraphFuzz comes with an automated specification generator to minimize the developer integration effort.

We use GraphFuzz to analyze Skia—the rigorously tested Google Chrome graphics library—and benchmark GraphFuzz-generated fuzzing harnesses against hand-optimized, painstakingly written libFuzzer harnesses. We find that GraphFuzz generates test cases that achieve 2-3x more code coverage on average with minimal development effort, and also uncovered previous unknown defects in the process. We demonstrate GraphFuzz’s applicability on low-level APIs by analyzing four additional open-source libraries and finding dozens of previously unknown defects. All security relevant findings have already been reported and fixed by the developers.

Last, we open-source GraphFuzz under a permissible license and provide code to reproduce all results in this paper.

Link to Preprint

https://hgarrereyn.github.io/GraphFuzz/research/GraphFuzz_ICSE_2022.pdf

DOI

https://doi.org/10.1145/3510003.3510228

Harrison Green

ForAllSecure

Thanassis Avgerinos

ForAllSecure

GraphFuzz ICSE 2022

GraphFuzz

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Tue 10 May
Displayed time zone: Eastern Time (US & Canada) change

20:00 - 21:00	Validation and Verification 4Technical Track / NIER - New Ideas and Emerging Results at ICSE room 4-even hours Chair(s): Ting Su East China Normal University

20:00 5m Talk		Evaluating Commit Message Generation: To BLEU Or Not To BLEU? NIER - New Ideas and Emerging Results Samanta Dey Chennai Mathematical Institute, Venkatesh Vinayakarao Chennai Mathematical Institute, Monika Gupta IBM Research India, Sampath Dechu IBM Research Link to publication DOI Pre-print Media Attached
20:05 5m Talk		Data-Driven Loop Bound Learning for Termination Analysis Technical Track Rongchen Xu Tsinghua University, Jianhui Chen Tsinghua University, Fei He Tsinghua University DOI Pre-print Media Attached
20:10 5m Talk		Refty: Refinement Types for Valid Deep Learning Models Technical Track Yanjie Gao Microsoft Research, lizhengxian Microsoft Research, Haoxiang Lin Microsoft Research, Hongyu Zhang University of Newcastle, Ming Wu Shanghai Tree-Graph Blockchain Research Institute, Mao Yang Microsoft Research DOI Pre-print Media Attached
20:15 5m Talk		GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs Technical Track Harrison Green ForAllSecure, Thanassis Avgerinos ForAllSecure DOI Pre-print Media Attached

Wed 11 May
Displayed time zone: Eastern Time (US & Canada) change

03:00 - 04:00	Validation and Verification 2Technical Track / Journal-First Papers at ICSE room 4-odd hours Chair(s): Grischa Liebel Reykjavik University

03:00 5m Talk		Verification of Consistency between Process Models, Object Life Cycles, and Context-dependent Semantic Specifications Journal-First Papers Ralph Hoch Institute of Computer Technology, TU Wien, Christoph Luckeneder Vienna University of Technology, Roman Popp TU Wien, Vienna, Austria, Hermann Kaindl Institute of Computer Technology, TU Wien Link to publication DOI Pre-print Media Attached
03:05 5m Talk		Verification of ORM-based Controllers by Summary Inference Technical Track Geetam Chawla Indian Insitute of Science, Bangalore, Navneet Aman Indian Institute of Science, Bangalore, Raghavan Komondoor IISc Bengaluru, Ashish Shashikant Bokil Indian Institute of Science, Bangalore, Nilesh Ramesh Kharat Indian Institute of Science, Bangalore Pre-print Media Attached
03:10 5m Talk		Data-Driven Loop Bound Learning for Termination Analysis Technical Track Rongchen Xu Tsinghua University, Jianhui Chen Tsinghua University, Fei He Tsinghua University DOI Pre-print Media Attached
03:15 5m Talk		Refty: Refinement Types for Valid Deep Learning Models Technical Track Yanjie Gao Microsoft Research, lizhengxian Microsoft Research, Haoxiang Lin Microsoft Research, Hongyu Zhang University of Newcastle, Ming Wu Shanghai Tree-Graph Blockchain Research Institute, Mao Yang Microsoft Research DOI Pre-print Media Attached
03:20 5m Talk		GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs Technical Track Harrison Green ForAllSecure, Thanassis Avgerinos ForAllSecure DOI Pre-print Media Attached
03:25 5m Talk		MOREST: Model-based RESTful API Testing with Execution Feedback Technical Track Yi Liu Nanyang Technological University, Yuekang Li Nanyang Technological University, Gelei Deng Nanyang Technological University, Yang Liu Nanyang Technological University, Ruiyuan Wan Huawei Inc., Runchao Wu Huawei Inc., Dandan Ji Huawei Inc., Shiheng Xu Huawei Inc., Minli Bao Huawei Inc. Pre-print Media Attached

Wed 25 May
Displayed time zone: Eastern Time (US & Canada) change

11:00 - 12:30	Papers 5: Validation and VerificationSEIP - Software Engineering in Practice / Technical Track / Journal-First Papers at Ballroom A Chair(s): Shiva Nejati University of Ottawa

11:00 5m Talk		Linear-time Temporal Logic guided Greybox Fuzzing Technical Track Ruijie Meng National University of Singapore, Singapore, Zhen Dong Fudan University, China, Jialin Li National University of Singapore, Singapore, Ivan Beschastnikh University of British Columbia, Abhik Roychoudhury National University of Singapore DOI Pre-print Media Attached
11:05 5m Talk		Verification of Consistency between Process Models, Object Life Cycles, and Context-dependent Semantic Specifications Journal-First Papers Ralph Hoch Institute of Computer Technology, TU Wien, Christoph Luckeneder Vienna University of Technology, Roman Popp TU Wien, Vienna, Austria, Hermann Kaindl Institute of Computer Technology, TU Wien Link to publication DOI Pre-print Media Attached
11:10 5m Talk		GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs Technical Track Harrison Green ForAllSecure, Thanassis Avgerinos ForAllSecure DOI Pre-print Media Attached
11:15 5m Talk		ExAIS: Executable AI Semantics Technical Track Richard Schumi Singapore Management University, Jun Sun Singapore Management University Pre-print Media Attached
11:20 5m Talk		Verifying Dynamic Trait Objects in Rust SEIP - Software Engineering in Practice Alexa VanHattum Cornell University, Daniel Schwartz-Narbonne Amazon, n.n., Nathan Chong Amazon, Adrian Sampson Cornell University Pre-print Media Attached
11:25 5m Talk		Quantifying Permissiveness of Access Control Policies Technical Track William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara Pre-print Media Attached
11:30 5m Talk		Fuzzing Class Specifications Technical Track Facundo Molina University of Rio Cuarto and CONICET, Argentina, Marcelo d'Amorim Federal University of Pernambuco, Nazareno Aguirre University of Rio Cuarto and CONICET, Argentina Pre-print Media Attached

Information for Participants

Tue 10 May 2022 20:00 - 21:00 at ICSE room 4-even hours - Validation and Verification 4 Chair(s): Ting Su

Info for room ICSE room 4-even hours:

Click here to go to the room on Midspace

Wed 11 May 2022 03:00 - 04:00 at ICSE room 4-odd hours - Validation and Verification 2 Chair(s): Grischa Liebel

Info for room ICSE room 4-odd hours:

Click here to go to the room on Midspace