ASE 2019 (series) / Demonstrations /
VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization
Tue 12 Nov 2019 12:10 - 12:20 at Cortez 1 - Testing and Coverage Chair(s): Jonathan Bell
Thu 14 Nov 2019 10:00 - 10:40 at Kensington Ballroom - Poster Session: Tool Demonstrations 3
Thu 14 Nov 2019 10:00 - 10:40 at Kensington Ballroom - Poster Session: Tool Demonstrations 3
Fuzzing is widely used for vulnerability detection. One of the challenges for an efficient fuzzing is covering code guarded by constraints such as the magic number and nested conditions. Recently, academia has partially addressed the challenge via whitebox methods. However, high-level constraints such as array sorts, virtual function invocations, and tree set queries are yet to be handled.
To meet this end, we present VisFuzz, an interactive tool for better understanding and intervening fuzzing process via real-time visualization. It extracts call graph and control flow graph from source code, maps each function and basic block to the line of source code and tracks real-time execution statistics with detail constraint contexts. With VisFuzz, test engineers first locate blocking constraints and then learn its semantic context, which helps to craft targeted inputs or update test drivers. Preliminary evaluations are conducted on four real-world programs in Google fuzzer-test-suite. Given additional 15 minutes to understand and intervene the state of fuzzing, the intervened fuzzing outperform the original pure AFL fuzzing, and the path coverage improvements range from 10.84% to 150.58%, equally fuzzed by for 12 hours.
Tue 12 NovDisplayed time zone: Tijuana, Baja California change
Tue 12 Nov
Displayed time zone: Tijuana, Baja California change
10:40 - 12:20 | Testing and CoverageResearch Papers / Demonstrations / Journal First Presentations / Industry Showcase at Cortez 1 Chair(s): Jonathan Bell George Mason University | ||
10:40 20mTalk | Automatic Self-Validation for Code Coverage Profilers Research Papers Yibiao Yang Huazhong University of Science and Technology, Yanyan Jiang Nanjing University, Zhiqiang Zuo Nanjing University, China, Yang Wang Nanjing University, Hao Sun Unaffiliated, Hongmin Lu Nanjing University, Yuming Zhou Nanjing University, Baowen Xu Nanjing University Pre-print | ||
11:00 20mTalk | Efficient Test Generation Guided by Field Coverage Criteria Research Papers Ariel Godio Dept. of Software Engineering Instituto Tecnológico de Buenos Aires, Valeria Bengolea Dept. of Computer Science FCEFQyN, University of Rio Cuarto, Pablo Ponzio Dept. of Computer Science FCEFQyN, University of Rio Cuarto, Nazareno Aguirre Dept. of Computer Science FCEFQyN, University of Rio Cuarto, Marcelo F. Frias Dept. of Software Engineering Instituto Tecnológico de Buenos Aires | ||
11:20 20mTalk | Exploring Output-Based Coverage for Testing PHP Web Applications Journal First Presentations Hung Viet Nguyen Google LLC, USA, Hung Dang Phan ECpE Department, Iowa State University, Christian Kästner Carnegie Mellon University, Tien N. Nguyen University of Texas at Dallas Link to publication | ||
11:40 20mTalk | PHANTA: Diversified Test Code Quality Measurement for Modern Software Development Industry Showcase Media Attached | ||
12:00 10mDemonstration | TestCov: Robust Test-Suite Execution and Coverage Measurement Demonstrations Pre-print Media Attached File Attached | ||
12:10 10mDemonstration | VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization Demonstrations Chijin Zhou Tsinghua University, Mingzhe Wang Tsinghua University, Jie Liang Tsinghua University, Zhe Liu Nanjing University of Aeronautics and Astronautics, Chengnian Sun Waterloo University, Yu Jiang Tsinghua University | ||
Thu 14 NovDisplayed time zone: Tijuana, Baja California change
Thu 14 Nov
Displayed time zone: Tijuana, Baja California change
10:00 - 10:40 | |||
10:00 40mDemonstration | PraPR: Practical Program Repair via Bytecode Mutation Demonstrations | ||
10:00 40mDemonstration | Kotless: a Serverless Framework for Kotlin Demonstrations Vladislav Tankov JetBrains, ITMO University, Yaroslav Golubev JetBrains Research, Timofey Bryksin JetBrains Research, Saint-Petersburg State University | ||
10:00 40mDemonstration | PeASS: A Tool for Identifying Performance Changes at Code Level Demonstrations David Georg Reichelt Universität Leipzig, Stefan Kühne Universität Leipzig, Wilhelm Hasselbring Kiel University Pre-print Media Attached File Attached | ||
10:00 40mDemonstration | MutAPK: Source-Codeless Mutant Generation for Android Apps Demonstrations Camilo Escobar-Velásquez Universidad de los Andes, Michael Osorio-Riaño Universidad de los Andes, Mario Linares-Vásquez Systems and Computing Engineering Department , Universidad de los Andes , Bogotá, Colombia | ||
10:00 40mDemonstration | CocoQa: Question Answering for Coding Conventions over Knowledge Graphs Demonstrations Tianjiao Du Shanghai JiaoTong University, Junming Cao Shanghai JiaoTong University, Qinyue Wu Shanghai JiaoTong University, Wei Li Shanghai JiaoTong University, Beijun Shen School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Yuting Chen Shanghai Jiao Tong University | ||
10:00 3mDemonstration | Humanoid: A Deep Learning-based Approach to Automated Black-box Android App Testing Demonstrations Yuanchun Li Peking University, Ziyue Yang Peking University, Yao Guo Peking University, Xiangqun Chen Peking University | ||
10:00 40mDemonstration | Developer Reputation Estimator (DRE) Demonstrations Sadika Amreen University of Tennessee Knoxville, Andrey Karnauch University of Tennessee Knoxville, Audris Mockus University of Tennessee - Knoxville | ||
10:00 40mDemonstration | NeuralVis: Visualizing and Interpreting Deep Learning Models Demonstrations Xufan Zhang State Key Laboratory for Novel Software Technology Nanjing University, Nanjing, China, Ziyue Yin State Key Laboratory for Novel Software Technology Nanjing University, Nanjing, China, Yang Feng University of California, Irvine, Qingkai Shi Hong Kong University of Science and Technology, Jia Liu State Key Laboratory for Novel Software Technology Nanjing University, Nanjing, China, Zhenyu Chen Nanjing University | ||
10:00 40mDemonstration | Visual Analytics for Concurrent Java Executions Demonstrations Cyrille Artho KTH Royal Institute of Technology, Sweden, Monali Pande KTH Royal Institute of Technology, Qiyi Tang University of Oxford | ||
10:00 40mDemonstration | Sip4J: Statically Inferring Access Permission Contracts for Parallelising Sequential Java Programs Demonstrations Ayesha Sadiq Monash University, Li Li Monash University, Australia, Yuan-Fang Li Monash University, Ijaz Ahmed University of Lahore, Sea Ling Monash University | ||
10:00 40mDemonstration | SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods Demonstrations Goran Piskachev Fraunhofer IEM, Lisa Nguyen Quang Do Google, Oshando Johnson Fraunhofer IEM, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM Pre-print Media Attached File Attached | ||
10:00 40mDemonstration | VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization Demonstrations Chijin Zhou Tsinghua University, Mingzhe Wang Tsinghua University, Jie Liang Tsinghua University, Zhe Liu Nanjing University of Aeronautics and Astronautics, Chengnian Sun Waterloo University, Yu Jiang Tsinghua University | ||