Explore a cutting-edge approach to hybrid testing in software development through this IEEE conference talk. Dive into the concept of bug-driven hybrid fuzzing with SAVIOR, a system designed to improve upon traditional code coverage-driven methods. Learn how compile-time analysis, instrumentation, and active property checking can lead to more efficient bug detection. Discover techniques for optimizing resource distribution and path scheduling by combining static and runtime information. Examine the evaluation results of SAVIOR on LAVA-M benchmark and real-world programs, including its performance in triggering UBSAN violations. Gain insights into the potential of bug-to-code ratios for enhancing testing effectiveness and understand how this approach compares to conventional code coverage methods.
Overview
Syllabus
Intro
Hybrid testing is the new trend
State of the art hybrid testing systems Code coverage driven
Code-coverage alone likely miss bugs
Suboptimal resource distribution • Bug-to-code ratios
SAVIOR: Bug-driven hybrid fuzzing
Compile time analysis & instrumentation • Analysis conservative
System overview: runtime
Reach more bug instrumentation
Active property checking . Model these type of bugs with SMT constraints
Other tricks to improve efficiency - Dynamically adjust path scheduling Combine static and runtime information
Evaluation
SAVIOR: LAVA-M benchmark
Real-world programs: potential bug-code ratios
Triggered UBSAN violations (24 hours)
SAVIOR: Triggered bug V.S code coverage cont
Conclusion
Taught by
IEEE Symposium on Security and Privacy
