Looking for Lacunae in Bitcoin Core’s Fuzzing Efforts
Thu 12 May 2022 12:15 - 12:20 at ICSE room 2-even hours - Software Engineering in Practice 5 Chair(s): Mehrdad Sabetzadeh
Bitcoin is one of the most prominent distributed software systems in the world, and a key part of a potentially revolutionary new form of financial tool, cryptocurrency. At heart, Bitcoin exists as a set of nodes running an implementation of the Bitcoin protocol. This paper describes an effort to investigate and enhance the effective- ness of the Bitcoin Core implementation fuzzing effort. The effort initially began as a query about how to escape saturation in the fuzzing effort, but developed into a more general exploration once it was determined that saturation was largely illusory, a byproduct of the (then) fuzzing configuration. This paper reports the pro- cess and outcomes of the two-week focused effort that emerged from that initial contact between Chaincode Labs and academic researchers. That effort found no smoking guns indicating major test/fuzz weaknesses. However, it produced a large number of addi- tional fuzz corpus entries to add to the Bitcoin QA assets, clarified some long-standing problems in OSS-Fuzz triage, increased the set of documented fuzzers used in Bitcoin Core testing, and ran the first (to our knowledge) mutation analysis of Bitcoin Core’s fuzz targets, revealing opportunities for further improvement. We con- trast the Bitcoin Core transaction verification testing with that for other popular cryptocurrencies. This paper provides an overview of the challenges involved in improving testing infrastructure, pro- cesses, and documentation for a highly visible open source target system, from both the state-of-the-art research perspective and the practical engineering perspective. One major conclusion is that for well-designed fuzzing efforts, improvements to the oracle side of testing, increasing invariant checks and assertions, may be the best route to getting more out of fuzzing.
Thu 12 MayDisplayed time zone: Eastern Time (US & Canada) change
03:00 - 04:00 | Software Engineering in Practice 1SEIP - Software Engineering in Practice at ICSE room 2-odd hours Chair(s): Mary Sánchez-Gordón Østfold University College | ||
03:00 5mTalk | Improving Code Autocompletion with Transfer Learning SEIP - Software Engineering in Practice A: Gareth Aye Facebook, Inc., A: Wen Zhou Facebook, A: Vijayaraghavan Murali Meta Platforms, Inc., A: Seohyun Kim Meta Pre-print | ||
03:05 5mTalk | On the Effectiveness of Machine Learning Experiment Management Tools SEIP - Software Engineering in Practice Samuel Idowu Chalmers | University of Gothenburg, Osman Hasan National University of Sciences & Technology, Daniel Strüber Chalmers | University of Gothenburg / Radboud University, Thorsten Berger Pre-print Media Attached | ||
03:10 5mTalk | Looking for Lacunae in Bitcoin Core’s Fuzzing Efforts SEIP - Software Engineering in Practice Alex Groce Northern Arizona University, Kush Jain Carnegie Mellon University, Rijnard van Tonder Sourcegraph, Goutamkumar Tulajappa Kalburgi Northern Arizona University, Claire Le Goues Carnegie Mellon University | ||
03:15 5mTalk | AI for Automated Code Updates SEIP - Software Engineering in Practice Salwa Alamir J.P. Morgan AI Research, Petr Babkin J.P. Morgan AI Research, Nacho Navarro J.P. Morgan AI Research, Sameena Shah J.P. Morgan AI Research Pre-print Media Attached |
12:00 - 13:00 | Software Engineering in Practice 5Technical Track / SEIP - Software Engineering in Practice at ICSE room 2-even hours Chair(s): Mehrdad Sabetzadeh University of Ottawa | ||
12:00 5mTalk | Automatic Anti-Pattern Detection in Microservice Architectures based on Distributed Tracing SEIP - Software Engineering in Practice Tim Hubener ING Bank N.V., Yaping Luo ING; Eindhoven University of Technology, Pieter Vallen ING, Jonck van der Kogel ING Bank N.V., Tom Liefheid ING Bank N.V., Michel Chaudron Eindhoven University of Technology, The Netherlands Media Attached | ||
12:05 5mTalk | Organizational Culture and its impact on the BizDev interface SEIP - Software Engineering in Practice Pre-print Media Attached | ||
12:10 5mTalk | A Software Impact Analysis Tool based on Change History Learning and its Evaluation SEIP - Software Engineering in Practice Haruya Iwasaki Shibaura Institute of Technologies, Tsuyoshi Nakajima Shibaura Institute of Technology, Ryota Tsukamoto Mitsubishi Electric Corporation, Kazuko Takahashi Mitsubishi Electric Corporation, Shuichi Tokumoto Mitsubishi Electric Corporation DOI Media Attached | ||
12:15 5mTalk | Looking for Lacunae in Bitcoin Core’s Fuzzing Efforts SEIP - Software Engineering in Practice Alex Groce Northern Arizona University, Kush Jain Carnegie Mellon University, Rijnard van Tonder Sourcegraph, Goutamkumar Tulajappa Kalburgi Northern Arizona University, Claire Le Goues Carnegie Mellon University | ||
12:20 5mTalk | AI for Automated Code Updates SEIP - Software Engineering in Practice Salwa Alamir J.P. Morgan AI Research, Petr Babkin J.P. Morgan AI Research, Nacho Navarro J.P. Morgan AI Research, Sameena Shah J.P. Morgan AI Research Pre-print Media Attached | ||
12:25 5mTalk | MOREST: Model-based RESTful API Testing with Execution Feedback Technical Track Yi Liu Nanyang Technological University, Yuekang Li Nanyang Technological University, Gelei Deng Nanyang Technological University, Yang Liu Nanyang Technological University, Ruiyuan Wan Huawei Inc., Runchao Wu Huawei Inc., Dandan Ji Huawei Inc., Shiheng Xu Huawei Inc., Minli Bao Huawei Inc. Pre-print Media Attached |