Badger: Complexity Analysis with Fuzzing and Symbolic Execution
Abstract
In this work, we report on our recent research results on “Badger: Complexity Analysis with Fuzzing and Symbolic Execution” which was published in the proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis [NKP18]. Badger employs a hybrid software analysis technique that combines fuzzing and symbolic execution for finding performance bottlenecks in software. Our primary goal is to use Badger to discover vulnerabilities which are related to worst-case time or space complexity of an application. To this end, we use a cost-guided fuzzing approach, which produces inputs to increase the code coverage, but also to maximize a resource-related cost function, such as execution time or memory usage. We combine this fuzzing technique with a customized symbolic execution, which is also guided by heuristics that aim to increase the same cost. Experimental evaluation shows that this hybrid approach enables us to use the strengths of both techniques and overcome their individual weaknesses.
- Citation
- BibTeX
Noller, Y., Kersten, R. & Pasareanu, C.,
(2019).
Badger: Complexity Analysis with Fuzzing and Symbolic Execution.
In:
Becker, S., Bogicevic, I., Herzwurm, G. & Wagner, S.
(Hrsg.),
Software Engineering and Software Management 2019.
Bonn:
Gesellschaft für Informatik e.V..
(S. 65-66).
DOI: 10.18420/se2019-16
@inproceedings{mci/Noller2019,
author = {Noller, Yannic AND Kersten, Rody AND Pasareanu, Corina},
title = {Badger: Complexity Analysis with Fuzzing and Symbolic Execution},
booktitle = {Software Engineering and Software Management 2019},
year = {2019},
editor = {Becker, Steffen AND Bogicevic, Ivan AND Herzwurm, Georg AND Wagner, Stefan} ,
pages = { 65-66 } ,
doi = { 10.18420/se2019-16 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
author = {Noller, Yannic AND Kersten, Rody AND Pasareanu, Corina},
title = {Badger: Complexity Analysis with Fuzzing and Symbolic Execution},
booktitle = {Software Engineering and Software Management 2019},
year = {2019},
editor = {Becker, Steffen AND Bogicevic, Ivan AND Herzwurm, Georg AND Wagner, Stefan} ,
pages = { 65-66 } ,
doi = { 10.18420/se2019-16 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
Sollte hier kein Volltext (PDF) verlinkt sein, dann kann es sein, dass dieser aus verschiedenen Gruenden (z.B. Lizenzen oder Copyright) nur in einer anderen Digital Library verfuegbar ist. Versuchen Sie in diesem Fall einen Zugriff ueber die verlinkte DOI: 10.18420/se2019-16
Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback
More Info
DOI: 10.18420/se2019-16
ISBN: 978-3-88579-686-2
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2019
Language: (en)
Content Type: Text/Conference Paper