Publication

Discover deeper bugs with dynamic symbolic execution and coverage-based fuzz testing

Related publications (40)

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.

To Infinity, and Beyond (Coverage)

Ahmad Hazimeh

The pursuit of software security and reliability hinges on the identification and elimination of software vulnerabilities, a challenge compounded by the vast and evolving complexity of modern systems. Fuzzing has emerged as an indispensable technique for b ...

EPFL2024

FISHFUZZ: Catch Deeper Bugs by Throwing Larger Nets

Mathias Josef Payer, Flavio Toffalini, Han Zheng, Yuqing Zhang, Jiayuan Zhang

Fuzzers effectively explore programs to discover bugs. Greybox fuzzers mutate seed inputs and observe their execution. Whenever a seed reaches new behavior (e.g., new code or higher execution frequency), it is stored for further mutation. Greybox fuzzers d ...

Berkeley2023

DatAFLow: Toward a Data-Flow-Guided Fuzzer

Mathias Josef Payer

Coverage-guided greybox fuzzers rely on control-flow coverage feedback to explore a target program and uncover bugs. Compared to control-flow coverage, data-flow coverage offers a more fine-grained approximation of program behavior. Data-flow coverage capt ...

2023

Arvin: Greybox Fuzzing Using Approximate Dynamic CFG Analysis

Mathias Josef Payer, Sirus Shahini

Fuzzing has emerged as the most broadly used testing technique to discover bugs. Effective fuzzers rely on coverage to prioritize inputs that exercise new program areas. Edge-based code coverage of the Program Under Test (PUT) is the most commonly used cov ...

ASSOC COMPUTING MACHINERY2023

MINERVA: Browser API Fuzzing with Dynamic Mod-Ref Analysis

Mathias Josef Payer, Yu Jiang, Chijin Zhou

Browser APIs are essential to the modern web experience. Due to their large number and complexity, they vastly expand the attack surface of browsers. To detect vulnerabilities in these APIs, fuzzers generate test cases with a large amount of random API inv ...

New York2022

Seed Selection for Successful Fuzzing

Mathias Josef Payer

Mutation-based greybox fuzzing-unquestionably the most widely-used fuzzing technique-relies on a set of non-crashing seed inputs (a corpus) to bootstrap the bug-finding process. When evaluating a fuzzer, common approaches for constructing this corpus inclu ...

ASSOC COMPUTING MACHINERY2021

FuzzGen: Automatic Fuzzer Generation

Mathias Josef Payer

Fuzzing is a testing technique to discover unknown vulnerabilities in software. When applying fuzzing to libraries, the core idea of supplying random input remains unchanged, yet it is non-trivial to achieve good code coverage. Libraries cannot run as stan ...

USENIX ASSOC2020

Improving Scalability of Symbolic Execution for Software with Complex Environment Interfaces

Stefan Bucur

Manual software testing is laborious and prone to human error. Yet, among practitioners, it is the most popular method for quality assurance. Automating the test case generation promises better effectiveness, especially for exposing corner-case bugs. Symbo ...

EPFL2015

PBCOV: a property-based coverage criterion

Hamza Harkous, Kassem Fawaz

Coverage criteria aim at satisfying test requirements and compute metrics values that quantify the adequacy of test suites at revealing defects in programs. Typically, a test requirement is a structural program element, and the coverage metric value repres ...

Springer2015

Search Techniques for Code Generation

Tihomir Gvero

This dissertation explores techniques that synthesize and generate program fragments and test inputs. The main goal of these techniques is to improve and support automation in program synthesis and test input generation. This is important because performin ...

EPFL2015