Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing
Generating test inputs at the system level (“fuzzing”) is most effective if one has a complete specification (such as a grammar) of the input language. In the absence of a specification, all known fuzzing approaches rely on a set of input samples to infer input properties and guide test generation. If the set of inputs is incomplete, however, so will be the resulting test cases; if one has _no+ input samples, meaningful test generation so far has been hard to impossible. In this paper, we introduce a means to determine the input language of a program from the program code alone, opening several new possibilities for comprehensive testing of a wide range of programs. Our symbolic parsing approach first transforms the program such that (1) calls to parsing functions are abstracted into parsing corresponding symbolic nonterminals, and (2) loops and recursions are limited such that the transformed parser then has a finite set of paths. Symbolic testing then associates each path with a sequence of symbolic nonterminals and terminals, which form a grammar. First grammars extracted from nontrivial C subjects by our prototype show very high recall and precision, enabling new levels of effectiveness, efficiency, and applicability in test generators.
Thu 18 JulDisplayed time zone: Brasilia, Distrito Federal, Brazil change
16:00 - 18:00 | FuzzingDemonstrations / Journal First / Ideas, Visions and Reflections / Research Papers / Industry Papers at Sapoti Chair(s): Maxime Lamothe Polytechnique Montreal, Montreal, Canada | ||
16:00 18mTalk | Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling Industry Papers Jie Liang , Mingzhe Wang Tsinghua University, Chijin Zhou Tsinghua University, Zhiyong Wu Tsinghua University, China, Jianzhong Liu ShanghaiTech University, Yu Jiang Tsinghua University | ||
16:18 18mTalk | Evolutionary Generative Fuzzing for Differential Testing of the Kotlin Compiler Industry Papers Călin Georgescu Delft University of Technology, Mitchell Olsthoorn Delft University of Technology, Pouria Derakhshanfar JetBrains Research, Marat Akhin JetBrains Research, Annibale Panichella Delft University of Technology | ||
16:36 18mTalk | Evaluating Directed Fuzzers: Are We Heading in the Right Direction? Research Papers Tae Eun Kim KAIST, Jaeseung Choi Sogang University, Seongjae Im KAIST, Kihong Heo KAIST, Sang Kil Cha KAIST Pre-print Media Attached | ||
16:54 9mTalk | When Fuzzing Meets LLMs: Challenges and Opportunities Ideas, Visions and Reflections Yu Jiang Tsinghua University, Jie Liang , Fuchen Ma Tsinghua University, Yuanliang Chen Tsinghua University, Chijin Zhou Tsinghua University, Yuheng Shen Tsinghua University, Zhiyong Wu Tsinghua University, China, Jingzhou Fu Tsinghua University, Mingzhe Wang Tsinghua University, Shanshan Li National University of Defense Technology, Quan Zhang Tsinghua University Pre-print | ||
17:03 9mTalk | Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing Ideas, Visions and Reflections Leon Bettscheider CISPA Helmholtz Center for Information Security, Andreas Zeller CISPA Helmholtz Center for Information Security Link to publication DOI | ||
17:12 9mTalk | VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation Demonstrations Yu Nong Washington State University, Haoran Yang Washington State University, Feng Chen University of Texas at Dallas, Haipeng Cai Washington State University DOI Pre-print Media Attached | ||
17:30 18mTalk | The Human Side of Fuzzing: Challenges Faced by Developers During Fuzzing Activities Journal First Olivier Nourry Kyushu University, Yutaro Kashiwa Nara Institute of Science and Technology, Bin Lin Radboud University, Gabriele Bavota Software Institute @ Università della Svizzera Italiana, Michele Lanza Software Institute - USI, Lugano, Yasutaka Kamei Kyushu University | ||