Projects per year
Abstract
Detecting regression bugs in software evolution, analyzing sidechannels in programs and evaluating robustness in deep neural networks (DNNs) can all be seen as instances of differential software analysis, where the goal is to generate diverging executions of program paths. Two executions are said to be diverging if the observable program behavior differs, e.g., in terms of program output, execution time, or (DNN) classification. The key challenge of differential software analysis is to simultaneously reason about multiple program paths, often across program variants. This paper presents HyDiff, the first hybrid approach for differential software analysis. HyDiff integrates and extends two very successful testing techniques: Feedback-directed greybox fuzzing for efficient program testing and shadow symbolic execution for systematic program exploration. HyDiff extends greybox fuzzing with divergence-driven feedback based on novel cost metrics that also take into account the control flow graph of the program. Furthermore HyDiff extends shadow symbolic execution by applying four-way forking in a systematic exploration and still having the ability to incorporate concrete inputs in the analysis. HyDiff applies divergence revealing heuristics based on resource consumption and control-flow information to efficiently guide the symbolic exploration, which allows its efficient usage beyond regression testing applications. We introduce differential metrics such as output, decision and cost difference, as well as patch distance, to assist the fuzzing and symbolic execution components in maximizing the execution divergence. We implemented our approach on top of the fuzzer AFL and the symbolic execution framework Symbolic PathFinder.We illustrate HyDiff on regression and side-channel analysis for Java bytecode programs, and further show how to use HyDiff for robustness analysis of neural networks.
Original language | English |
---|---|
Title of host publication | Proceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering, ICSE 2020 |
Editors | Jane Cleland-Huang, Darko Marinov |
Place of Publication | New York NY USA |
Publisher | Association for Computing Machinery (ACM) |
Pages | 1273-1285 |
Number of pages | 13 |
ISBN (Electronic) | 9781450371216 |
DOIs | |
Publication status | Published - 2020 |
Event | International Conference on Software Engineering 2020 - Online, Seoul, Korea, South Duration: 27 Jun 2020 → 19 Jul 2020 Conference number: 42nd https://dl.acm.org/doi/proceedings/10.1145/3377811 (Proceedings) https://conf.researchr.org/home/icse-2020 (Website) |
Conference
Conference | International Conference on Software Engineering 2020 |
---|---|
Abbreviated title | ICSE 2020 |
Country/Territory | Korea, South |
City | Seoul |
Period | 27/06/20 → 19/07/20 |
Internet address |
|
Keywords
- Differential program analysis
- Fuzzing
- Symbolic execution
Projects
- 1 Finished
-
Fortifying Our Digital Economy: Advanced Automated Vulnerability Discovery
Boehme, M.
Australian Research Council (ARC)
1/03/19 → 31/08/21
Project: Research