27,122 research outputs found
Targeted Greybox Fuzzing with Static Lookahead Analysis
Automatic test generation typically aims to generate inputs that explore new
paths in the program under test in order to find bugs. Existing work has,
therefore, focused on guiding the exploration toward program parts that are
more likely to contain bugs by using an offline static analysis.
In this paper, we introduce a novel technique for targeted greybox fuzzing
using an online static analysis that guides the fuzzer toward a set of target
locations, for instance, located in recently modified parts of the program.
This is achieved by first semantically analyzing each program path that is
explored by an input in the fuzzer's test suite. The results of this analysis
are then used to control the fuzzer's specialized power schedule, which
determines how often to fuzz inputs from the test suite. We implemented our
technique by extending a state-of-the-art, industrial fuzzer for Ethereum smart
contracts and evaluate its effectiveness on 27 real-world benchmarks. Using an
online analysis is particularly suitable for the domain of smart contracts
since it does not require any code instrumentation---instrumentation to
contracts changes their semantics. Our experiments show that targeted fuzzing
significantly outperforms standard greybox fuzzing for reaching 83% of the
challenging target locations (up to 14x of median speed-up)
An Approach to Static Performance Guarantees for Programs with Run-time Checks
Instrumenting programs for performing run-time checking of properties, such
as regular shapes, is a common and useful technique that helps programmers
detect incorrect program behaviors. This is specially true in dynamic languages
such as Prolog. However, such run-time checks inevitably introduce run-time
overhead (in execution time, memory, energy, etc.). Several approaches have
been proposed for reducing such overhead, such as eliminating the checks that
can statically be proved to always succeed, and/or optimizing the way in which
the (remaining) checks are performed. However, there are cases in which it is
not possible to remove all checks statically (e.g., open libraries which must
check their interfaces, complex properties, unknown code, etc.) and in which,
even after optimizations, these remaining checks still may introduce an
unacceptable level of overhead. It is thus important for programmers to be able
to determine the additional cost due to the run-time checks and compare it to
some notion of admissible cost. The common practice used for estimating
run-time checking overhead is profiling, which is not exhaustive by nature.
Instead, we propose a method that uses static analysis to estimate such
overhead, with the advantage that the estimations are functions parameterized
by input data sizes. Unlike profiling, this approach can provide guarantees for
all possible execution traces, and allows assessing how the overhead grows as
the size of the input grows. Our method also extends an existing assertion
verification framework to express "admissible" overheads, and statically and
automatically checks whether the instrumented program conforms with such
specifications. Finally, we present an experimental evaluation of our approach
that suggests that our method is feasible and promising.Comment: 15 pages, 3 tables; submitted to ICLP'18, accepted as technical
communicatio
Combining Static and Dynamic Contract Checking for Curry
Static type systems are usually not sufficient to express all requirements on
function calls. Hence, contracts with pre- and postconditions can be used to
express more complex constraints on operations. Contracts can be checked at run
time to ensure that operations are only invoked with reasonable arguments and
return intended results. Although such dynamic contract checking provides more
reliable program execution, it requires execution time and could lead to
program crashes that might be detected with more advanced methods at compile
time. To improve this situation for declarative languages, we present an
approach to combine static and dynamic contract checking for the functional
logic language Curry. Based on a formal model of contract checking for
functional logic programming, we propose an automatic method to verify
contracts at compile time. If a contract is successfully verified, dynamic
checking of it can be omitted. This method decreases execution time without
degrading reliable program execution. In the best case, when all contracts are
statically verified, it provides trust in the software since crashes due to
contract violations cannot occur during program execution.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
Multilevel Contracts for Trusted Components
This article contributes to the design and the verification of trusted
components and services. The contracts are declined at several levels to cover
then different facets, such as component consistency, compatibility or
correctness. The article introduces multilevel contracts and a
design+verification process for handling and analysing these contracts in
component models. The approach is implemented with the COSTO platform that
supports the Kmelia component model. A case study illustrates the overall
approach.Comment: In Proceedings WCSI 2010, arXiv:1010.233
Behavioral types in programming languages
A recent trend in programming language research is to use behav- ioral type theory to ensure various correctness properties of large- scale, communication-intensive systems. Behavioral types encompass concepts such as interfaces, communication protocols, contracts, and choreography. The successful application of behavioral types requires a solid understanding of several practical aspects, from their represen- tation in a concrete programming language, to their integration with other programming constructs such as methods and functions, to de- sign and monitoring methodologies that take behaviors into account. This survey provides an overview of the state of the art of these aspects, which we summarize as the pragmatics of behavioral types
- …