Bug Hunting with False Negatives Revisited

Safe data abstractions are widely used for verification purposes. Positive verification results can be transferred from the abstract to the concrete system. When a property is violated in the abstract system, one still has to check whether a concrete violation scenario exists. However, even when the violation scenario is not reproducible in the concrete system (a false negative), it may still contain information on possible sources of bugs. Here, we propose a bug hunting framework based on abstract violation scenarios. We first extract a violation pattern from one abstract violation scenario. The violation pattern represents multiple abstract violation scenarios, increasing the chance that a corresponding concrete violation exists. Then, we look for a concrete violation that corresponds to the violation pattern by using constraint solving techniques. Finally, we define the class of counterexamples that we can handle and argue correctness of the proposed framework. Our method combines two formal techniques, model checking and constraint solving. Through an analysis of contracting and precise abstractions, we are able to integrate overapproximation by abstraction with concrete counterexample generation

Bug hunting with false negatives

Safe data abstractions are widely used for verification purposes. Positive verification results can be transferred to the concrete system. When a property is violated in the abstract system, one still has to check whether a concrete violation exists. However, even when the violation scenario is not reproducible in the concrete system (a false negative), it may still contain information on possible sources of bugs. Here we propose a bug hunting framework based on abstract violation scenarios. We first extract a violation pattern from an abstract violation scenario. The violation pattern represents multiple violation scenarios, increasing the chance that a corresponding concrete violation exists. Then we look for a concrete violation that corresponds to the violation pattern by using constraint solving techniques

Bug Hunting with False Negatives Revisited

Safe data abstractions are widely used for verification purposes. Positive verification results can be transferred from the abstract to the concrete system. When a property is violated in the abstract system, one still has to check whether a concrete violation scenario exists. However, even when the violation scenario is not reproducible in the concrete system (a false negative), it may still contain information on possible sources of bugs. Here, we propose a bug hunting framework based on abstract violation scenarios. We first extract a violation pattern from one abstract violation scenario. The violation pattern represents multiple abstract violation scenarios, increasing the chance that a corresponding concrete violation exists. Then, we look for a concrete violation that corresponds to the violation pattern by using constraint solving techniques. Finally, we define the class of counterexamples that we can handle and argue correctness of the proposed framework. Our method combines two formal techniques, model checking and constraint solving. Through an analysis of contracting and precise abstractions, we are able to integrate overapproximation by abstraction with concrete counterexample generation

Smart Learning to Find Dumb Contracts

We introduce Deep Learning Vulnerability Analyzer (DLVA), a vulnerability detection tool for Ethereum smart contracts based on powerful deep learning techniques for sequential data adapted for bytecode. We train DLVA to judge bytecode even though the supervising oracle, Slither, can only judge source code. DLVA's training algorithm is general: we "extend" a source code analysis to bytecode without any manual feature engineering, predefined patterns, or expert rules. DLVA's training algorithm is also robust: it overcame a 1.25% error rate mislabeled contracts, and the student surpassing the teacher; found vulnerable contracts that Slither mislabeled. In addition to extending a source code analyzer to bytecode, DLVA is much faster than conventional tools for smart contract vulnerability detection based on formal methods: DLVA checks contracts for 29 vulnerabilities in 0.2 seconds, a speedup of 10-500x+ compared to traditional tools. DLVA has three key components. Smart Contract to Vector (SC2V) uses neural networks to map arbitrary smart contract bytecode to an high-dimensional floating-point vector. Sibling Detector (SD) classifies contracts when a target contract's vector is Euclidian-close to a labeled contract's vector in a training set; although only able to judge 55.7% of the contracts in our test set, it has an average accuracy of 97.4% with a false positive rate of only 0.1%. Lastly, Core Classifier (CC) uses neural networks to infer vulnerable contracts regardless of vector distance. DLVA has an overall accuracy of 96.6% with an associated false positive rate of only 3.7%

META-ANALYSIS OF SCENT DETECTION CANINES AND POTENTIAL FACTORS INFLUENCING THEIR SUCCESS RATES

Objective: This is a meta-analysis focused on the success rates of scent detection canines and potential factors that could influence their accuracy. A series of statistical analyses were conducted to determine if certain demographic factors, such as the dog’s gender, age, and breed, have an effect on a scent dog’s accuracy during a search. Or if more circumstantial factors, like the dog’s level of experience in scent work, the type of target scent, and their handler’s awareness of the target’s location, affect the outcome of the search. Materials and Methods: A dataset was created from 37 different articles consisting of 215 canines (203 dogs and 12 wolves). Due to several sections that were missing information, not every canine could be used in every test. Six hypotheses were tested in this analysis: 1) 137 dogs were included to determine if females make better scent dogs; 2) 135 dogs were used to determine if older dogs are more accurate; 3) 7 breed categories included 180 dogs to see which breeds are better for scent work; 4) 95 dogs were used to determine if more experienced dogs are more accurate; 5) 5 target scent categories included 196 to determine if dogs are better at locating some scents over others; and 6) if the handler’s knowledge of the target’s location affects the outcome of the search. Results and Conclusion: It was determined that a dog’s gender, age, and level of experience did not significantly influence the dogs’ success rates. The breeds that were originally bred for herding tasks performed significantly better than the breeds originally bred to assist in hunting. The dogs in this dataset were significantly less accurate in locating the scents of chemical mixtures, including narcotics, explosives, and other chemical scents. Dogs tend to be better at locating biological scents. At first, the handler’s knowledge of the experiments did not show to be a significant factor in the results of the search. However, there were 7 dog-handler teams that took both blind-experiments and known-experiments, and their results were statistically significant. Meaning that the dogs are using their handler’s body language to locate their targets rather than their sense of smell. Further research with a larger dataset and more complete demographic information is needed to confirm these findings, but this dataset can be used as a starting point for similar analyses in the future