Semantic Fuzzing with Zest

Programs expecting structured inputs often consist of both a syntactic analysis stage, which parses raw input, and a semantic analysis stage, which conducts checks on the parsed input and executes the core logic of the program. Generator-based testing tools in the lineage of QuickCheck are a promising way to generate random syntactically valid test inputs for these programs. We present Zest, a technique which automatically guides QuickCheck-like randominput generators to better explore the semantic analysis stage of test programs. Zest converts random-input generators into deterministic parametric generators. We present the key insight that mutations in the untyped parameter domain map to structural mutations in the input domain. Zest leverages program feedback in the form of code coverage and input validity to perform feedback-directed parameter search. We evaluate Zest against AFL and QuickCheck on five Java programs: Maven, Ant, BCEL, Closure, and Rhino. Zest covers 1.03x-2.81x as many branches within the benchmarks semantic analysis stages as baseline techniques. Further, we find 10 new bugs in the semantic analysis stages of these benchmarks. Zest is the most effective technique in finding these bugs reliably and quickly, requiring at most 10 minutes on average to find each bug.Comment: To appear in Proceedings of 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'19

Suono e Spettacolo. Athanasius Kircher, un percorso nelle Immagini sonore.

The Society of Jesus made great propaganda efforts throughout the seventeenth century and chose the images and the play as a privileged means to communicate and persuade. Athanasius Kircher, a key figure of the seventeenth century, he decided to dominate the wild nature of sound through Phonurgia Nova, which includes a gallery of powerful symbolic images for Baroque aesthetics. The essay, through the grant of the images from the Library of the Department of Mathematics "Guido Castelnuovo" Sapienza University of Rome, aims to understand, through the pictures offered by Kircher, the sound phenomenon and the spectacle that this produces. In Phonurgia Nova a process of dramatization sound effects takes place, often through machines and "visions" applied to the theatrical reality, as experimental and astonishing environment beloved in baroque. Kircher illustrates the sound through explanatory figures, so to dominate the sound through the eyes. Sound is seen, admired and represented: its spectacle not only takes place through the implementation of sound machines or the "wonders" applied to the theater, but even through images, creating create a sense of wonder in in the erudite person of the seventeenth century

Deterministic Generators and Games for

Deciding infinite two-player games on finite graphs with the winning condition specified by a linear temporal logic (Ltl) formula, is known to be 2Exptimecomplete. In this paper, we identify Ltl fragments of lower complexity. Solving Ltl games typically involves a doubly-exponential translation from Ltl formulas to deterministic !-automata. First, we show that the longest distance (length of the longest simple path) of the generator is also an important parameter, by giving an O(d log n)-space procedure to solve a Buchi game on a graph with n vertices and longest distance d. Then, for the Ltl fragment with only eventualities and conjunctions, we provide a translation to deterministic generators of exponential size and linear longest distance, show both of these bounds to be optimal, and prove the corresponding games to be Pspace-complete. Introducing next modalities in this fragment, we provide a translation to deterministic generators still of exponential size but also with exponential longest distance, show both of these bounds to be optimal, and prove the corresponding games to be Exptime-complete. For the fragment resulting by further adding disjunctions, we provide a translation to deterministic generators of doubly-exponential size and exponential longest distance, show both of these bounds to be optimal, and prove the corresponding games to be Expspace. Finally, we show tightness of the double-exponential bound on the size as well as the longest distance for deterministic generators for Ltl even in the absence of next and until modalities.