Generative Type-Aware Mutation for Testing SMT Solvers

被引：12

作者：

Park, Jiwon ^{[1
]}

Winterer, Dominik ^{[2
]}

Zhang, Chengyu ^{[3
]}

Su, Zhendong ^{[2
]}

机构：

[1] Ecole Polytech, LIX, Palaiseau, France

[2] Swiss Fed Inst Technol, Dept Comp Sci, Zurich, Switzerland

[3] East China Normal Univ, Software Engn Inst, Shanghai, Peoples R China

来源：

PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL | 2021年 / 5卷 / OOPSLA期

关键词：

SMT solvers; Fuzz testing; Generative type-aware mutation;

D O I：

10.1145/3485529

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

We propose Generative Type-Aware Mutation, an effective approach for testing SMT solvers. The key idea is to realize generation through the mutation of expressions rooted with parametric operators from the SMT-LIB specification. Generative Type-Aware Mutation is a hybrid of mutation-based and grammar-based fuzzing and features an infinite mutation space-overcoming a major limitation of OpFuzz, the state-of-the-art fuzzer for SMT solvers. We have realized Generative Type-Aware Mutation in a practical SMT solver bug hunting tool, TypeFuzz. During our testing period with TypeFuzz, we reported over 237 bugs in the state-of-the-art SMT solvers Z3 and CVC4. Among these, 189 bugs were confirmed and 176 bugs were fixed. Most notably, we found 18 soundness bugs in CVC4's default mode alone. Several of them were two years latent (7/18). CVC4 has been proved to be a very stable SMT solver and has resisted several fuzzing campaigns.

引用

页数：19

共 50 条

[1] Stress Testing SMT Solvers via Type-aware Mutation
Zhang, Chengyu
[J]. 2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2020), 2020, : 119 - 121
[2] On the Unusual Effectiveness of Type-Aware Operator Mutations for Testing SMT Solvers
Winterer, Dominik
Zhang, Chengyu
Su, Zhendong
[J]. PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL, 2020, 4 (OOPSLA):
[3] Type-Aware Concolic Testing of Java']JavaScript Programs
Dhok, Monika
Ramanathan, Murali Krishna
Sinha, Nishant
[J]. 2016 IEEE/ACM 38TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2016, : 168 - 179
[4] On Type-Aware Entity Retrieval
Garigliotti, Dario
Balog, Krisztian
[J]. ICTIR'17: PROCEEDINGS OF THE 2017 ACM SIGIR INTERNATIONAL CONFERENCE THEORY OF INFORMATION RETRIEVAL, 2017, : 27 - 34
[5] SMT Solver Testing with Type and Grammar Based Mutation
Park, Jiwon
[J]. PROCEEDINGS OF THE 29TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '21), 2021, : 1675 - 1676
[6] Incorporating Entity Type-Aware and Word-Word Relation-Aware Attention in Generative Named Entity Recognition
Mo, Ying
Li, Zhoujun
[J]. ELECTRONICS, 2024, 13 (07)
[7] Tare: Type-Aware Neural Program Repair
Zhu, Qihao
Sun, Zeyu
Zhang, Wenjie
Xiong, Yingfei
Zhang, Lu
[J]. 2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, 2023, : 1443 - 1455
[8] Learning Type-Aware Embeddings for Fashion Compatibility
Vasileva, Mariya, I
Plummer, Bryan A.
Dusad, Krishna
Rajpal, Shreya
Kumar, Ranjitha
Forsyth, David
[J]. COMPUTER VISION - ECCV 2018, PT XVI, 2018, 11220 : 405 - 421
[9] SMT solvers for Testing, Program Analysis and Verification at Microsoft
Bjorner, Nikolaj
[J]. 11TH INTERNATIONAL SYMPOSIUM ON SYMBOLIC AND NUMERIC ALGORITHMS FOR SCIENTIFIC COMPUTING (SYNASC 2009), 2009, : 15 - 15
[10] TYPE-AWARE MEDICAL VISUAL QUESTION ANSWERING
Zhang, Anda
Tao, Wei
Li, Ziyan
Wang, Haofen
Zhang, Wenqiang
[J]. 2022 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH AND SIGNAL PROCESSING (ICASSP), 2022, : 4838 - 4842

← 1 2 3 4 5 →