RIJNARD VAN TONDER
— Fuzz and Patch and Fuzz
Fuzzing is a powerful technique for finding bugs. However, state-of-the-art fuzzers often produce duplicate crash reports under different inputs for the same bug. Current cash bucketing techniques rely on analyzing , e.g., textual crash reports, post-crash program state, or code coverage to determine uniqueness of bugs. In this work, we propose using a semantic characterization of bug uniqueness by applying pseudo-fixes: program transformations that simulate bug fixes to accurately identify unique crashing inputs.
— Variational Bytecode
The idea of variational execution has been demonstrated to be effective in exploring variations in the program, especially when the configuration space grows out of control. Researchers are applying this technique or similar idea to various scenarios, such as testing highly configurable systems, understanding feature interactions, and monitoring information flow. Previous implementations of variational execution are mostly based on modifying interpreter, but this implementation strategy is often too heavyweight. In this talk, we will discuss a new strategy of implementing variational execution, which is to modify how program is compiled. In the case of Java, instead of changing the way each bytecode instruction is interpreted, we propose to modify compiled bytecode to make it variational. By modifying bytecode, we are able to keep the portability of bytecode, sidestep a few technical challenges of hacking JVMs, and most importantly, gain a better overall performance.