Tue 25 Jun 2019 10:00 - 10:20 at 229AB - Bug Finding & Testing II Chair(s): Jens Palsberg

To be effective, software test generation needs to well cover the space of possible inputs. Traditional \emph{fuzzing} generates large numbers of random inputs, which however are unlikely to contain keywords and other specific inputs of non-trivial input languages. \emph{Constraint-based test generation} solves conditions of paths leading to uncovered code, but fails on programs with complex input conditions because of path explosion.
In this paper, we present a test generation technique specifically directed at \emph{input parsers.} We systematically produce inputs for the parser and track comparisons made; after every rejection, we satisfy the comparisons leading to rejection. This approach effectively covers the input space: Evaluated on five subjects, from CSV files to JavaScript, our \textsc{pFuzzer} prototype covers more tokens than both random-based and constraint-based approaches, while requiring no symbolic analysis and far fewer tests than random fuzzers.

Tue 25 Jun

pldi-2019-papers
10:00 - 11:00: PLDI Research Papers - Bug Finding & Testing II at 229AB
Chair(s): Jens PalsbergUniversity of California, Los Angeles (UCLA)
pldi-2019-papers10:00 - 10:20
Talk
Björn MathisCISPA Helmholtz Center for Information Security, Rahul GopinathCISPA Helmholtz Center for Information Security, Michaël MeraCISPA, Germany, Alexander KampmannCISPA Helmholtz Center for Information Security, Matthias HöscheleCISPA, Germany, Andreas ZellerSaarland University
Media Attached
pldi-2019-papers10:20 - 10:40
Talk
Kihong HeoUniversity of Pennsylvania, USA, Mukund RaghothamanUniversity of Pennsylvania, USA, Xujie SiUniversity of Pennsylvania, Mayur NaikUniversity of Pennsylvania
Media Attached
pldi-2019-papers10:40 - 11:00
Talk
Christopher LidburyImperial College London, Alastair DonaldsonGoogle and Imperial College London