Badger: Complexity Analysis with Fuzzing and Symbolic Execution

In this work, we report on our recent research results on “Badger: Complexity Analysis with Fuzzing and Symbolic Execution” which was published in the proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis [NKP18]. Badger employs a hybrid software analysis technique that combines fuzzing and symbolic execution for finding performance bottlenecks in software. Our primary goal is to use Badger to discover vulnerabilities which are related to worst-case time or space complexity of an application. To this end, we use a cost-guided fuzzing approach, which produces inputs to increase the code coverage, but also to maximize a resource-related cost function, such as execution time or memory usage. We combine this fuzzing technique with a customized symbolic execution, which is also guided by heuristics that aim to increase the same cost. Experimental evaluation shows that this hybrid approach enables us to use the strengths of both techniques and overcome their individual weaknesses.

Noller, Yannic; Kersten, Rody; Pasareanu, Corina (2019): Badger: Complexity Analysis with Fuzzing and Symbolic Execution. Software Engineering and Software Management 2019. DOI: 10.18420/se2019-16. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-686-2. pp. 65-66. Session 4: Traceability, Performanz und Continuous SE. Stuttgart, Germany. 18.-22. Februar 2019

Schlagwörter

Software Testing , Complexity Analysis , Fuzzing , Symbolic Execution

DOI

10.18420/se2019-16

Sammlungen

P292 - Software Engineering and Software Management 2019

Komplettanzeige

Badger: Complexity Analysis with Fuzzing and Symbolic Execution

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen