利用模糊测试帮助基于抽象解释的程序验证

2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C) Pub Date : 2022-12-01 DOI:10.1109/QRS-C57518.2022.00133

Renjie Huang, Banghu Yin, Liqian Chen

{"title":"利用模糊测试帮助基于抽象解释的程序验证","authors":"Renjie Huang, Banghu Yin, Liqian Chen","doi":"10.1109/QRS-C57518.2022.00133","DOIUrl":null,"url":null,"abstract":"Interpretation has been successfully applied to static analysis, by computing over-approximation of the concrete semantics of various program for many years. However, in the context of program verification, abstract interpretation is not apt to generate counter-examples when the property does not hold. Dynamic analysis is known for its ability to generate inputs to find program vulnerabilities. In this paper, we propose an method that uses fuzzing to help abstract interpretation based program verification, especially to help generating inputs that violate the target property. During the verification process, we feed the fuzzer with the necessary precondition of violating the target assertion computed by abstract interpretation, and then run the fuzzer to generate inputs satisfying the necessary precondition but violating the target assertion. The result shows promising ability of our approach in generating counter-example for target property in comparison with other state-of-the-art tools.","PeriodicalId":183728,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Using Fuzzing to Help Abstract Interpretation Based Program Verification\",\"authors\":\"Renjie Huang, Banghu Yin, Liqian Chen\",\"doi\":\"10.1109/QRS-C57518.2022.00133\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Interpretation has been successfully applied to static analysis, by computing over-approximation of the concrete semantics of various program for many years. However, in the context of program verification, abstract interpretation is not apt to generate counter-examples when the property does not hold. Dynamic analysis is known for its ability to generate inputs to find program vulnerabilities. In this paper, we propose an method that uses fuzzing to help abstract interpretation based program verification, especially to help generating inputs that violate the target property. During the verification process, we feed the fuzzer with the necessary precondition of violating the target assertion computed by abstract interpretation, and then run the fuzzer to generate inputs satisfying the necessary precondition but violating the target assertion. The result shows promising ability of our approach in generating counter-example for target property in comparison with other state-of-the-art tools.\",\"PeriodicalId\":183728,\"journal\":{\"name\":\"2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C)\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS-C57518.2022.00133\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS-C57518.2022.00133","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

多年来，通过计算各种程序的具体语义的过近似值，解释已成功地应用于静态分析。然而，在程序验证的上下文中，当属性不成立时，抽象解释不容易产生反例。动态分析以其生成输入以查找程序漏洞的能力而闻名。在本文中，我们提出了一种使用模糊来帮助基于抽象解释的程序验证的方法，特别是帮助生成违反目标属性的输入。在验证过程中，我们向模糊器提供违背抽象解释计算的目标断言的必要前提条件，然后运行模糊器生成满足必要前提条件但违背目标断言的输入。结果表明，与其他最先进的工具相比，我们的方法在生成目标属性的反例方面具有良好的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Using Fuzzing to Help Abstract Interpretation Based Program Verification

Interpretation has been successfully applied to static analysis, by computing over-approximation of the concrete semantics of various program for many years. However, in the context of program verification, abstract interpretation is not apt to generate counter-examples when the property does not hold. Dynamic analysis is known for its ability to generate inputs to find program vulnerabilities. In this paper, we propose an method that uses fuzzing to help abstract interpretation based program verification, especially to help generating inputs that violate the target property. During the verification process, we feed the fuzzer with the necessary precondition of violating the target assertion computed by abstract interpretation, and then run the fuzzer to generate inputs satisfying the necessary precondition but violating the target assertion. The result shows promising ability of our approach in generating counter-example for target property in comparison with other state-of-the-art tools.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C)

自引率

0.00%

发文量