68 research outputs found
MoodBar: Increasing new user retention in Wikipedia through lightweight socialization
Socialization in online communities allows existing members to welcome and
recruit newcomers, introduce them to community norms and practices, and sustain
their early participation. However, socializing newcomers does not come for
free: in large communities, socialization can result in a significant workload
for mentors and is hard to scale. In this study we present results from an
experiment that measured the effect of a lightweight socialization tool on the
activity and retention of newly registered users attempting to edit for the
first time Wikipedia. Wikipedia is struggling with the retention of newcomers
and our results indicate that a mechanism to elicit lightweight feedback and to
provide early mentoring to newcomers improves their chances of becoming
long-term contributors.Comment: 9 pages, 5 figures, accepted for presentation at CSCW'1
Linear-time Temporal Logic guided Greybox Fuzzing
Software model checking is a verification technique which is widely used for
checking temporal properties of software systems. Even though it is a property
verification technique, its common usage in practice is in "bug finding", that
is, finding violations of temporal properties. Motivated by this observation
and leveraging the recent progress in fuzzing, we build a greybox fuzzing
framework to find violations of Linear-time Temporal Logic (LTL) properties.
Our framework takes as input a sequential program written in C/C++, and an
LTL property. It finds violations, or counterexample traces, of the LTL
property in stateful software systems; however, it does not achieve
verification. Our work substantially extends directed greybox fuzzing to
witness arbitrarily complex event orderings. We note that existing directed
greybox fuzzing approaches are limited to witnessing reaching a location or
witnessing simple event orderings like use-after-free. At the same time,
compared to model checkers, our approach finds the counterexamples faster,
thereby finding more counterexamples within a given time budget.
Our LTL-Fuzzer tool, built on top of the AFL fuzzer, is shown to be effective
in detecting bugs in well-known protocol implementations, such as OpenSSL and
Telnet. We use LTL-Fuzzer to reproduce known vulnerabilities (CVEs), to find 15
zero-day bugs by checking properties extracted from RFCs (for which 10 CVEs
have been assigned), and to find violations of both safety as well as liveness
properties in real-world protocol implementations. Our work represents a
practical advance over software model checkers -- while simultaneously
representing a conceptual advance over existing greybox fuzzers. Our work thus
provides a starting point for understanding the unexplored synergies between
software model checking and greybox fuzzing.Comment: To appear in International Conference on Software Engineering (ICSE)
202
- …