ICST 2023
Sun 16 - Thu 20 April 2023 Dublin, Ireland
Tue 18 Apr 2023 11:20 - 11:40 at Pearse suite - Session 9: Fuzzing Chair(s): Xavier Devroey

We present a method for automated metamorphic fuzzing of software libraries, implemented as an open-source tool, MF++, targeting C++ libraries. Our approach works by automatically synthesising equivalent sequences of calls to a library’s API based on a user-provided specification, in a randomized fashion. Equivalent call sequences are then tested using randomized inputs, and result mismatches reveal bugs in the library implementation. This is an instance of metamorphic testing: it avoids the oracle problem because we do not need to know the expected results of a set of equivalent call sequences, only that their results should match. Automated test case reduction can then be used to find minimized equivalent call sequences that trigger mismatches, as an aid to debugging. We evaluate MF++ with respect to four SMT solving libraries and two Presburger arithmetic libraries, leading to the discovery of 21 bugs. We have also successfully used MF++ and its test case reduction facilities to automatically generate small test cases that exercise source code not covered by the regression test suites of various libraries under test. Unlike most test case generation techniques, the tests we synthesise are equipped with an oracle by construction: the equivalence-based oracle offered by our metamorphic approach. We have submitted patches contributing new coverage-enhancing test cases to the isl, Yices2 and Z3 projects. The developers of these projects have accepted 21 tests based on our patches so far.

Tue 18 Apr

Displayed time zone: Dublin change

11:00 - 12:30
Session 9: FuzzingPrevious Editions / Posters / Industry / Research Papers at Pearse suite
Chair(s): Xavier Devroey University of Namur
11:00
20m
Talk
Industrial Deployment of Compiler Fuzzing Techniques for Two GPU Shading Languages
Industry
Alastair F. Donaldson Imperial College London, Ben Clayton Google, Ryan Harrison Google, Hasan Mohsin Imperial College London, David Neto Google, Vasyl Teliman National Technical University of Ukraine, Hana Watson Imperial College London
11:20
20m
Talk
Metamorphic Fuzzing of C++ Libraries
Previous Editions
Andrei Lascu Imperial College London, Alastair F. Donaldson Imperial College London, Tobias Grosser University of Edinburgh, Torsten Hoefler ETH Zurich
DOI
11:40
20m
Talk
Android Fuzzing: Balancing User-Inputs and Intents
Research Papers
Michael Auer University of Passau, Andreas Stahlbauer University of Passau, Gordon Fraser University of Passau
12:00
20m
Talk
Homo in Machina: Improving Fuzz Testing Coverage via Compartment Analysis
Research Papers
Joshua Bundt Northeastern University, Andrew Fasano Northeastern University, Brendan Dolan-Gavitt New York University, William Robertson Northeastern University, USA, Tim Leek MIT Lincoln Laboratory
12:20
5m
Talk
Poster: BugOSS: A Regression Bug Benchmark for Empirical Study of Regression Fuzzing Techniques
Posters
Jeewoong Kim Handong Global University, Shin Hong Handong Global University