We present JQF, a platform for performing coverage-guided fuzz testing in Java. JQF is designed both for practitioners, who wish to find bugs in Java programs, as well as for researchers, who wish to implement new fuzzing algorithms. Practitioners write QuickCheck-style test methods that take inputs as formal parameters. JQF instruments the test program’s bytecode and continuously executes tests using inputs that are generated in a coverage-guided fuzzing loop. JQF’s input-generation mechanism is extensible. Researchers can implement custom fuzzing algorithms by extending JQF’s Guidance interface. A Guidance instance responds to code coverage events generated during the execution of a test case, such as function calls and conditional jumps, and provides the next input. We describe several guidances that currently ship with JQF, such as: semantic fuzzing with Zest, binary fuzzing with AFL, and complexity fuzzing with PerfFuzz. JQF is a mature tool that is open-source and publicly available. At the time of writing, JQF has been successful in discovering 42 previously unknown bugs in widely used open-source software such as OpenJDK, Apache Commons, and the Google Closure Compiler.
Wed 17 JulDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
16:00 - 17:30 | |||
16:00 10mTalk | Go-Clone: Graph-Embedding Based Clone Detector for Golang Tool Demonstration Cong Wang Tsinghua University, Jian Gao School of Software, Tsinghua University, Yu Jiang , Zhenchang Xing Australia National University, Huafeng Zhang , Weiliang Ying , Ming Gu Tsinghua University, Jiaguang Sun | ||
16:10 10mTalk | VFQL: Combinational Static Analysis as Query Language Tool Demonstration | ||
16:20 10mTalk | VBSAC: A Value-Based Static Analyzer for C Tool Demonstration Li Chi Tsinghua University, Min Zhou Tsinghua University, Zuxing Gu School of Software, Tsinghua University, Guang Chen , Yuexing Wang , Jiecheng Wu Tsinghua University, Ming Gu Tsinghua University | ||
16:30 10mTalk | SAFEVM: A Safety Verifier for Ethereum Smart Contracts Tool Demonstration | ||
16:40 10mTalk | CoCoTest: Collaborative Crowdsourced Testing for Android Applications Tool Demonstration | ||
16:50 10mTalk | Androlic: An Extensible Flow, Context, Object, Field, and Path-Sensitive Static Analysis Framework for Android Tool Demonstration Linjie Pan Institute of Software, Chinese Academy of Sciences, Baoquan Cui , Jiwei Yan Institute of Software, Chinese Academy of Sciences, Xutong Ma , Jun Yan Institute of Software, Chinese Academy of Sciences, Jian Zhang Beihang University | ||
17:00 10mTalk | JQF: Coverage-guided Property-based Testing in Java Tool Demonstration Rohan Padhye University of California, Berkeley, Caroline Lemieux University of California, Berkeley, Koushik Sen University of California, Berkeley | ||
17:10 10mTalk | Ukwikora: Continuous inspection for Keyword-Driven Testing Tool Demonstration Renaud Rwemalika , Marinos Kintis , Mike Papadakis University of Luxembourg, Yves Le Traon University of Luxembourg, Pierre Lorrach | ||
17:20 10mTalk | CTRAS: A Tool for Aggregating and Summarizing Crowdsourced Test Reports Tool Demonstration Yuying Li State Key Laboratory for Novel Software Technology, Nanjing University, Rui Hao Nanjing University, China, Yang Feng University of California, Irvine, James Jones University of California, Irvine, Xiaofang Zhang , Zhenyu Chen Nanjing University | ||