Konferenzbeitrag

Badger: Complexity Analysis with Fuzzing and Symbolic Execution

Lade...
Vorschaubild
Volltext URI
Dokumententyp
Text/Conference Paper
Datum
2019
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Quelle
Software Engineering and Software Management 2019
Session 4: Traceability, Performanz und Continuous SE
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
In this work, we report on our recent research results on “Badger: Complexity Analysis with Fuzzing and Symbolic Execution” which was published in the proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis [NKP18]. Badger employs a hybrid software analysis technique that combines fuzzing and symbolic execution for finding performance bottlenecks in software. Our primary goal is to use Badger to discover vulnerabilities which are related to worst-case time or space complexity of an application. To this end, we use a cost-guided fuzzing approach, which produces inputs to increase the code coverage, but also to maximize a resource-related cost function, such as execution time or memory usage. We combine this fuzzing technique with a customized symbolic execution, which is also guided by heuristics that aim to increase the same cost. Experimental evaluation shows that this hybrid approach enables us to use the strengths of both techniques and overcome their individual weaknesses.
Beschreibung
Noller, Yannic; Kersten, Rody; Pasareanu, Corina (2019): Badger: Complexity Analysis with Fuzzing and Symbolic Execution. Software Engineering and Software Management 2019. DOI: 10.18420/se2019-16. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-686-2. pp. 65-66. Session 4: Traceability, Performanz und Continuous SE. Stuttgart, Germany. 18.-22. Februar 2019
Zitierform
Tags