Using Fuzzers and Lightweight Specifications to Reveal Semantic Bugs
Although fuzzers have been successful in revealing semantic bugs that lead to crashes, fuzzers do not reveal semantic bugs that do not lead to crashes. Furthermore, the inputs that lead to crashes may be invalid and thus may not reveal semantic bugs at all if they are not in the program’s intended input domain. On the other hand, runtime assertion checking (RAC) may be used for revealing semantic bugs, although it needs input test data that can trigger these bugs.
We propose to combine fuzzing tools and RAC in a complementary manner to leverage their benefits and overcome these problems. That is, a fuzzing tool will generate an input test, and a RAC tool will make sure that the inputs are valid and check the results for semantic bugs.
Mon 6 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 17:00
|To Monitorability and Beyond (online talk)|
I: Antonis Achilleos Reykjavik University
|Using Fuzzers and Lightweight Specifications to Reveal Semantic Bugs|
|Runtime monitoring of Java duplicate memory allocations (online talk)|