ESEC/FSE 2020 (series) / Research Papers /
Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing
Tue 10 Nov 2020 08:05 - 08:06 at Virtual room 1 - Fuzzing
Formal methods use SMT solvers extensively for deciding formula
satisfiability, for instance, in software verification, systematic
test generation, and program synthesis. However, due to their complex
implementations, solvers may contain critical bugs that lead to
unsound results. Given the wide applicability of solvers in software
reliability, relying on such unsound results may have detrimental
consequences.
In this paper, we present \textsf{STORM}\xspace, a novel blackbox mutational fuzzing
technique for detecting critical bugs in SMT solvers. We run our
fuzzer on seven mature solvers and find 29 previously unknown
critical bugs. \textsf{STORM}{} is already being used in testing new features of
popular solvers before deployment.
Tue 10 NovDisplayed time zone: (UTC) Coordinated Universal Time change
Tue 10 Nov
Displayed time zone: (UTC) Coordinated Universal Time change
08:00 - 08:30 | |||
08:00 2mTalk | Boosting Fuzzer Efficiency: An Information Theoretic PerspectiveACM SIGSOFT Distinguished Paper Award Research Papers Marcel Böhme Monash University, Australia, Valentin Manès KAIST, South Korea, Sang Kil Cha KAIST, South Korea DOI | ||
08:03 1mTalk | CrFuzz: Fuzzing Multi-purpose Programs through Input Validation Research Papers Suhwan Song Seoul National University, South Korea, Chengyu Song University of California at Riverside, USA, Yeongjin Jang Oregon State University, USA, Byoungyoung Lee Seoul National University, South Korea DOI | ||
08:05 1mTalk | Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing Research Papers Muhammad Numair Mansur MPI-SWS, Germany, Maria Christakis MPI-SWS, Valentin Wüstholz ConsenSys, Fuyuan Zhang MPI-SWS, Germany DOI Pre-print | ||
08:07 1mTalk | Fuzzing: On the Exponential Cost of Vulnerability Discovery Research Papers DOI | ||
08:09 1mTalk | Harvey: A Greybox Fuzzer for Smart Contracts Industry Papers DOI Pre-print | ||
08:11 1mTalk | Intelligent REST API Data Fuzzing Research Papers Patrice Godefroid Microsoft Research, USA, Bo-Yuan Huang Princeton University, USA, Marina Polishchuk Microsoft Research, USA DOI | ||
08:13 1mTalk | MTFuzz: Fuzzing with a Multi-task Neural Network Research Papers Dongdong She Columbia University, USA, Rahul Krishna Columbia University, USA, Lu Yan Shanghai Jiao Tong University, China, Suman Jana Columbia University, USA, Baishakhi Ray Columbia University, USA DOI Pre-print | ||
08:15 15mTalk | Conversations on Fuzzing Research Papers Dongdong She Columbia University, USA, Muhammad Numair Mansur MPI-SWS, Germany, Marcel Böhme Monash University, Australia, Suhwan Song Seoul National University, South Korea, Valentin Wüstholz ConsenSys, M: Mike Papadakis University of Luxembourg, Luxembourg | ||