Archive

Archive for the ‘Research’ Category

PLDI 2016 Accepted Papers

January 25th, 2016 3 comments

看到上海交大 Yuting Chen 中了一篇, 恭喜恭喜 🙂

Coverage-Directed Differential Testing of JVM Implementations

PLDI’16 论文列表:

http://conf.researchr.org/track/pldi-2016/pldi-2016-papers#event-overview

大体上, 使用学习方法来死磕二进制级别的东西继续流行着, 还有很多坑可以挖; 形式化证明类和类型系统的论文继续占着稳定的比例; 测试/浮点/综合/调度/时序等方向都零零散散会有一两篇. 比较好玩的是 Google 发了一篇 GC 的文章, 介绍了在Chromium中的GC工作方式.

 

使用机器学习算法训练 Language Fuzzer 的一个问题

August 7th, 2015 No comments

使用机器学习的技术来训练针对编译器的 Programming Language Fuzzer, 有一个问题, 就是找到了 bug(s) 之后, 整个 Fuzzer 可能就跑偏了, 重复性的触发已经发现的 bugs.

理想的情况是, Fuzzer 能够发现 Compiler 的某个模块, 针对 PL 中的某个语言的 feature, 已有的测试不充分导致发现了 bug, 于是就更多的生成针对这个模块的 testcase, 但是在这个目标下, 还是尽可能的做到 diversity.

American Fuzzy Lop (afl-fuzz) vs. John Regehr

August 6th, 2015 No comments

afl-fuzz[1] 是一个很不错的 fuzzer. 而 John Regehr 大牛觉得有些方面还是不行, 于是写了一篇博客[2], 给出来一个 C 程序, 吐槽了一把.

C 程序是这样子的:

这里的触发 crash 的输入需要触发 n + 1000000 == 0, 进而触发一个 3 / 0 的除法错误.

No Data, No Talk. 我跑了下这个 testcase. 你猜怎么着? 竟然给 afl-fuzz 随机试出来了 🙂

afl-fuzz found the bug (finally)

 

afl-fuzz 给出来的 input 是这样子的:

-1000000#23#

后面的 #23# 不知道怎么出来的, 不相关, 前面的 -1000000 是正确答案.

尝试了 125 万次, 跑了7天. 嗯. John Regehr 说的也是对的, 在这个 Case 中, 路径覆盖没有帮上忙, 基本上都是纯随机在暴力搜索.

 

[1] http://lcamtuf.coredump.cx/afl/

[2] http://blog.regehr.org/archives/1238

 

Fuzzer vs. Parser

August 3rd, 2015 No comments

如果给定一个 Fuzzer, 可以生成任意长度的文本 I;

一个语法未知的 Parser 读入 I, 并给出接受和拒绝两种状态的一种.

假设 Parser 接受的语法是上下文无关的(CFG), 那么 Fuzzer 是否能够判断出完整的语法?

看起来是一个很直观的问题, 可能有确定的结论?

CCS、S&P会议Paper标题里的“SoK“是什么意思

June 2nd, 2015 No comments

大致可以理解为综述和对比类文章。

http://www.ieee-security.org/TC/SP2013/cfp.html

Systematization of Knowledge Papers

Following the success of the previous years’ conferences, we are also soliciting papers focused on systematization of knowledge (SoK). The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers can provide a high value to our community but may not be accepted because of a lack of novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Submissions are encouraged to analyze the current research landscape: identify areas that have enjoyed much research attention, point out open areas with unsolved challenges, and present a prioritization that can guide researchers to make progress on solving important challenges. Submissions must be distinguished by a checkbox on the submission form. In addition, the paper title must have the prefix “SoK:”. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.