Targeted Greybox Fuzzing with Static Lookahead Analysis

Automatic test generation typically aims to generate inputs that explore new paths in the program under test in order to find bugs. Existing work has, therefore, focused on guiding the exploration toward program parts that are more likely to contain bugs by using an offline static analysis. In this paper, we introduce a novel technique for targeted greybox fuzzing using an online static analysis that guides the fuzzer toward a set of target locations, for instance, located in recently modified parts of the program. This is achieved by first semantically analyzing each program path that is explored by an input in the fuzzer's test suite. The results of this analysis are then used to control the fuzzer's specialized power schedule, which determines how often to fuzz inputs from the test suite. We implemented our technique by extending a state-of-the-art, industrial fuzzer for Ethereum smart contracts and evaluate its effectiveness on 27 real-world benchmarks. Using an online analysis is particularly suitable for the domain of smart contracts since it does not require any code instrumentation---instrumentation to contracts changes their semantics. Our experiments show that targeted fuzzing significantly outperforms standard greybox fuzzing for reaching 83% of the challenging target locations (up to 14x of median speed-up)

2021 roadmap on lithium sulfur batteries

Abstract: Batteries that extend performance beyond the intrinsic limits of Li-ion batteries are among the most important developments required to continue the revolution promised by electrochemical devices. Of these next-generation batteries, lithium sulfur (Li–S) chemistry is among the most commercially mature, with cells offering a substantial increase in gravimetric energy density, reduced costs and improved safety prospects. However, there remain outstanding issues to advance the commercial prospects of the technology and benefit from the economies of scale felt by Li-ion cells, including improving both the rate performance and longevity of cells. To address these challenges, the Faraday Institution, the UK’s independent institute for electrochemical energy storage science and technology, launched the Lithium Sulfur Technology Accelerator (LiSTAR) programme in October 2019. This Roadmap, authored by researchers and partners of the LiSTAR programme, is intended to highlight the outstanding issues that must be addressed and provide an insight into the pathways towards solving them adopted by the LiSTAR consortium. In compiling this Roadmap we hope to aid the development of the wider Li–S research community, providing a guide for academia, industry, government and funding agencies in this important and rapidly developing research space

Transparently improving regression testing using symbolic execution

Software testing is an expensive and time-consuming process, often involving the manual creation of comprehensive regression test suites. Current testing methodologies, however, do not take full advantage of these tests. In this thesis, we present two techniques for amplifying the effect of existing test suites using a lightweight symbolic execution mechanism. We approach the problem from two complementary perspectives: first, we aim to execute the code that was never executed by the regression tests by combining the existing tests, symbolic execution and a set of heuristics based on program analysis. Second, we thoroughly check all sensitive operations (e.g., pointer dereferences) executed by the test suite for errors, and explore additional paths around sensitive operations. We have implemented these approaches into two tools—katch and zesti—which we have used to test a large body of open-source code. We have applied katch to all the patches written in a combined period of approximately six years for nineteen mature programs from the popular GNU diffutils, GNU binutils and GNU findutils application suites, which are shipped with virtually all UNIX-based distributions. Our results show that katch can automatically synthesise inputs that significantly increase the patch coverage achieved by the existing manual test suites, and find bugs at the moment they are introduced. We have applied zesti to three open-source code bases—GNU Coreutils, libdwarf and readelf—where it found 52 previously unknown bugs, many of which are out of reach of standard symbolic execution. Our technique works transparently to the tester, requiring no additional human effort or changes to source code or tests. Furthermore, we have conducted a systematic empirical study to examine how code and tests co-evolve in six popular open-source systems and assess the applicability of katch and zesti to other systems.Open Acces

KATCH: High-Coverage Testing of Software Patches

One of the distinguishing characteristics of software systems is that they evolve: new patches are committed to software repositories and new versions are released to users on a continuous basis. Unfortunately, many of these changes bring unexpected bugs that break the stability of the system or affect its security. In this paper, we address this problem using a technique for automatically testing code patches. Our technique combines symbolic execution with several novel heuristics based on static and dynamic program analysis which allow it to quickly reach the code of the patch. We have implemented our approach in a tool called katch, which we have applied to all the patches written in a combined period of approximately six years for nineteen mature programs from the popular GNU diffutils, GNU binutils and GNU findutils utility suites, which are shipped with virtually all UNIX-based distributions. Our results show that katch can automatically synthesise inputs that significantly increase the patch coverage achieved by the existing manual test suites, and find bugs at the moment they are introduced

AFEX: An Automated Fault Explorer for Faster System Testing

Fault injection is an often overlooked component of the software test cycle, yet it is critical for building robust systems. The main reasons for this neglect are ineffectual tools, an overwhelmingly large number of possible faults to inject, and extensive manual labor required to do such tests. We present AFEX, a system that automates fault injection for software systems, finds and ranks important faults faster and more accurately than random injection, and automatically characterizes the quality of the resulting fault sets. AFEX is parallelized, such that test time decreases linearly with the number of test nodes available. AFEX also includes four fault injectors that simulate faults in major layers in the system stack: hardware, network, libraries, and human operators. We show how AFEX uses metric-driven search algorithms to efficiently find top-ranked faults in real systems like MySQL cluster and rsync

Pending constraints in symbolic execution for better exploration and seeding

Symbolic execution is a well established technique for software testing and analysis. However, scalability continues to be a challenge, both in terms of constraint solving cost and path explosion.In this work, we present a novel approach for symbolic execution, which can enhance its scalability by aggressively prioritising execution paths that are already known to be feasible, and deferring all other paths. We evaluate our technique on nine applications, in-cludingSQLite3, make and tcpdump and show it can achieve higher coverage for both seeded and non-seeded exploration

2021 roadmap on lithium sulfur batteries

Batteries that extend performance beyond the intrinsic limits of Li-ion batteries are among the most important developments required to continue the revolution promised by electrochemical devices. Of these next-generation batteries, lithium sulfur (Li–S) chemistry is among the most commercially mature, with cells offering a substantial increase in gravimetric energy density, reduced costs and improved safety prospects. However, there remain outstanding issues to advance the commercial prospects of the technology and benefit from the economies of scale felt by Li-ion cells, including improving both the rate performance and longevity of cells. To address these challenges, the Faraday Institution, the UK's independent institute for electrochemical energy storage science and technology, launched the Lithium Sulfur Technology Accelerator (LiSTAR) programme in October 2019. This Roadmap, authored by researchers and partners of the LiSTAR programme, is intended to highlight the outstanding issues that must be addressed and provide an insight into the pathways towards solving them adopted by the LiSTAR consortium. In compiling this Roadmap we hope to aid the development of the wider Li–S research community, providing a guide for academia, industry, government and funding agencies in this important and rapidly developing research space