Heap Fuzzing: Automatic Garbage Collection Testing with Directed Random Events
Producing robust memory manager implementa- tions is a challenging task. Defects in garbage collection algo- rithms produce subtle effects that are revealed later in program execution as memory corruptions. This problem is exacerbated by the fact that garbage collection algorithms deal with low-level implementation details to be efficient. Finding, reproducing, and debugging such bugs is complex and time-consuming. In this article, we propose to fuzz heaps by generating large sequences of random heap events directed by virtual machine ex- perts. Randomly generated events exercise the garbage collection algorithm with the objective of crashing the virtual machine and finding bugs. Once a bug is found, we use a test case reduction algorithm that finds the smaller subset of events that reproduces the issue. We implemented our approach on top of the virtual machine simulator of the Pharo Virtual Machine, to test its sequential stop-the-world generational scavenger. We directed our fuzzing toward the ephemeron finalization mechanism, corner allocation cases, and the heap compaction algorithm. Our prototype found 6 bugs: 3 in Pharo’s ephemeron implementation which is not yet in production, 2 bugs in the default compactor which has been in production for 8 years, and 1 bug in the VM simulator used daily by VM developers. We show how such test cases were automatically reduced to trivial sequences that were easy to debug.
Mon 17 AprDisplayed time zone: Dublin change
16:00 - 18:00 | Session 7: Testing for Safery & Security Industry / Research Papers / Journal-First Papers / Previous Editions at Hanover Chair(s): Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM | ||
16:00 20mTalk | Learning Non-robustness using Simulation-based Testing: a Network Traffic-shaping Case Study Industry Baharin Aliashrafi Jodat University of Ottawa, Shiva Nejati University of Ottawa, Mehrdad Sabetzadeh University of Ottawa, Patricio Saavedra RabbitRun Technologies Inc Pre-print | ||
16:20 20mTalk | Test environments for large-scale software systems – an industrial study of intrinsic and extrinsic success factors Journal-First Papers | ||
16:40 20mTalk | Assessing the Effectiveness of Input and Output Coverage Criteria for Testing Quantum Programs Previous Editions Shaukat Ali Simula Research Laboratory, Paolo Arcaini National Institute of Informatics
, Xinyi Wang , Tao Yue Simula Research Laboratory DOI | ||
17:00 20mTalk | Heap Fuzzing: Automatic Garbage Collection Testing with Directed Random Events Research Papers Guillermo Polito Inria, Cristal, UMR 9189, Université de Lille, Pablo Tesone Univ. Lille, Inria, CNRS, Centrale Lille, UMR 9189 CRIStAL, Pharo Consortium, Jean Privat Université du Québec à Montréal (UQAM), Nahuel Palumbo Université Lille, CNRS, Centrale Lille, Inria, UMR 9189 - CRIStAL, Stéphane Ducasse Inria; University of Lille; CNRS; Centrale Lille; CRIStAL | ||
17:20 20mTalk | MagicMirror: Towards High-Coverage Fuzzing of Smart Contracts Research Papers Huadong Feng University of Texas at Arlington, Xiaolei Ren University of Texas at Arlington, Qiping Wei University of Texas at Arlington, Jeff Yu Lei University of Texas at Arlington, Raghu Kacker National Institute of Standards and Technology, Richard Kuhn National Institute of Standards and Technology, Dimitris Simos SBA Research | ||