ICST 2025
Mon 31 March - Fri 4 April 2025 Naples, Italy
Wed 2 Apr 2025 11:15 - 11:30 at Room A1 - Fuzzing and Security Chair(s): Serge Demeyer

Fuzzing statically-typed language compilers practically necessitates the generation of well-typed programs, which is a major challenge for fuzzing modern languages with rich type systems. Existing fuzzers only handle languages with simplistic type systems (e.g., C), only generate programs from small language subsets, or frequently generate ill-typed programs. In this work, we propose a mutation-based method for guaranteed well-typed program generation, even with minimal type system knowledge. With our method, we take a known well-typed seed program and annotate understood nodes with their types. We then try to replace annotated nodes with new type-equivalent ones, using a generator which fails if the input type is not understood. The end result is guaranteed overall well-typed as long as the original program was well-typed, even if most nodes are unannotated or the generator usually fails. We applied this approach to fuzzing the Swift compiler, and we are the first to fuzz Swift to the best of our knowledge. To implement our generator, we adapted constraint logic programming (CLP)-based fuzzing to work in a mutation-based context outside of a CLP engine; this is the first such adaptation, and shows that CLP is ironically unnecessary for CLP-based fuzzing. Our fuzzer generates 22k programs per second, and we used it to find 13 Swift bugs, of which 7 have been confirmed or fixed by developers to date. Five bugs involved the compiler rejecting a well-typed program, which were only discoverable due to our well-typed generation guarantee.

Wed 2 Apr

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:30
Fuzzing and SecurityResearch Papers / Industry / Journal-First Papers at Room A1
Chair(s): Serge Demeyer University of Antwerp and Flanders Make vzw
11:00
15m
Talk
SPIDER: Fuzzing for Stateful Performance Issues in the ONOS Software-Defined Network Controller
Research Papers
Ao Li Carnegie Mellon University, Rohan Padhye Carnegie Mellon University, Vyas Sekar Carnegie Mellon University
11:15
15m
Talk
Mutation-based Fuzzing of the Swift Compiler With Incomplete Type Information
Research Papers
Sarah Canto Hyatt University of California, Santa Barbara, Kyle Dewey California State University, Northridge
11:30
15m
Talk
Scalable SMT Sampling for Floating-point Formulas via Coverage-guided Fuzzing
Research Papers
Manuel Carrasco Imperial College London, Cristian Cadar Imperial College London, Alastair F. Donaldson Imperial College London
11:45
15m
Talk
Introducing Black-Box Fuzz Testing for REST APIs in Industry: Challenges and Solutions
Industry
Andrea Arcuri Kristiania University College and Oslo Metropolitan University, Alexander Poth Volkswagen AG, Olsi Rrjolli Volkswagen AG
12:00
15m
Talk
Compiler Fuzzing in Continuous Integration: a Case Study on Dafny
Industry
Karnbongkot Boonriong Imperial College London, Stefan Zetzsche Amazon Web Services, Alastair F. Donaldson Imperial College London
12:15
15m
Talk
Automated SC-MCC Test Case Generation using Coverage Guided Fuzzing
Journal-First Papers
Golla Monika Rani , Sangharatna Godboley National Institute of Technology Warangal
:
:
:
: