6 research outputs found
Ripping the Curtain
A conversation with Peter Rollins, questions from the editors of Stance. Peter Rollins is a writer, philosopher, storyteller and public
speaker who has gained an international reputation for overturning
traditional notions of religion and forming âchurchesâ that preach
the Good News that we canât be satisfied, that life is difficult, and
that we donât know the secret.
Challenging the idea that faith concerns questions relating to
belief, Peterâs incendiary and irreligious reading of Christianity
attacks the distinction between the sacred and the secular. It blurs
the lines between theism and atheism and it sets aside questions
regarding life after death to explore the possibility of life before death
Targeted Greybox Fuzzing with Static Lookahead Analysis
Automatic test generation typically aims to generate inputs that explore new
paths in the program under test in order to find bugs. Existing work has,
therefore, focused on guiding the exploration toward program parts that are
more likely to contain bugs by using an offline static analysis.
In this paper, we introduce a novel technique for targeted greybox fuzzing
using an online static analysis that guides the fuzzer toward a set of target
locations, for instance, located in recently modified parts of the program.
This is achieved by first semantically analyzing each program path that is
explored by an input in the fuzzer's test suite. The results of this analysis
are then used to control the fuzzer's specialized power schedule, which
determines how often to fuzz inputs from the test suite. We implemented our
technique by extending a state-of-the-art, industrial fuzzer for Ethereum smart
contracts and evaluate its effectiveness on 27 real-world benchmarks. Using an
online analysis is particularly suitable for the domain of smart contracts
since it does not require any code instrumentation---instrumentation to
contracts changes their semantics. Our experiments show that targeted fuzzing
significantly outperforms standard greybox fuzzing for reaching 83% of the
challenging target locations (up to 14x of median speed-up)
Harvey: A Greybox Fuzzer for Smart Contracts
We present Harvey, an industrial greybox fuzzer for smart contracts, which
are programs managing accounts on a blockchain. Greybox fuzzing is a
lightweight test-generation approach that effectively detects bugs and security
vulnerabilities. However, greybox fuzzers randomly mutate program inputs to
exercise new paths; this makes it challenging to cover code that is guarded by
narrow checks, which are satisfied by no more than a few input values.
Moreover, most real-world smart contracts transition through many different
states during their lifetime, e.g., for every bid in an auction. To explore
these states and thereby detect deep vulnerabilities, a greybox fuzzer would
need to generate sequences of contract transactions, e.g., by creating bids
from multiple users, while at the same time keeping the search space and test
suite tractable. In this experience paper, we explain how Harvey alleviates
both challenges with two key fuzzing techniques and distill the main lessons
learned. First, Harvey extends standard greybox fuzzing with a method for
predicting new inputs that are more likely to cover new paths or reveal
vulnerabilities in smart contracts. Second, it fuzzes transaction sequences in
a targeted and demand-driven way. We have evaluated our approach on 27
real-world contracts. Our experiments show that the underlying techniques
significantly increase Harvey's effectiveness in achieving high coverage and
detecting vulnerabilities, in most cases orders-of-magnitude faster; they also
reveal new insights about contract code.Comment: arXiv admin note: substantial text overlap with arXiv:1807.0787
Coronal Heating as Determined by the Solar Flare Frequency Distribution Obtained by Aggregating Case Studies
Flare frequency distributions represent a key approach to addressing one of
the largest problems in solar and stellar physics: determining the mechanism
that counter-intuitively heats coronae to temperatures that are orders of
magnitude hotter than the corresponding photospheres. It is widely accepted
that the magnetic field is responsible for the heating, but there are two
competing mechanisms that could explain it: nanoflares or Alfv\'en waves. To
date, neither can be directly observed. Nanoflares are, by definition,
extremely small, but their aggregate energy release could represent a
substantial heating mechanism, presuming they are sufficiently abundant. One
way to test this presumption is via the flare frequency distribution, which
describes how often flares of various energies occur. If the slope of the power
law fitting the flare frequency distribution is above a critical threshold,
as established in prior literature, then there should be a
sufficient abundance of nanoflares to explain coronal heating. We performed
600 case studies of solar flares, made possible by an unprecedented number
of data analysts via three semesters of an undergraduate physics laboratory
course. This allowed us to include two crucial, but nontrivial, analysis
methods: pre-flare baseline subtraction and computation of the flare energy,
which requires determining flare start and stop times. We aggregated the
results of these analyses into a statistical study to determine that . This is below the critical threshold, suggesting that Alfv\'en
waves are an important driver of coronal heating.Comment: 1,002 authors, 14 pages, 4 figures, 3 tables, published by The
Astrophysical Journal on 2023-05-09, volume 948, page 7