English
Related papers

Related papers: UBfuzz: Finding Bugs in Sanitizer Implementations

200 papers

Most software that runs on computers undergoes processing by compilers. Since compilers constitute the fundamental infrastructure of software development, their correctness is paramount. Over the years, researchers have invested in…

Software Engineering · Computer Science 2023-06-19 Haoyang Ma

How to search for bugs in 1,000 programs using a pre-existing fuzzer and a standard PC? We consider this problem and show that a well-designed strategy that determines which programs to fuzz and for how long can greatly impact the number of…

Cryptography and Security · Computer Science 2025-01-28 Ivica Nikolic , Racchit Jain

Compiler optimization techniques are inherently complex, and rigorous testing of compiler optimization implementation is critical. Recent years have witnessed the emergence of testing approaches for uncovering incorrect optimization bugs,…

Software Engineering · Computer Science 2025-04-08 Jingwen Wu , Jiajing Zheng , Zhenyu Yang , Zhongxing Yu

Fuzzing has become the de facto standard technique for finding software vulnerabilities. However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs. Most popular fuzzers use evolutionary guidance…

Cryptography and Security · Computer Science 2019-07-16 Dongdong She , Kexin Pei , Dave Epstein , Junfeng Yang , Baishakhi Ray , Suman Jana

Hybrid testing combines fuzz testing and concolic execution. It leverages fuzz testing to test easy-to-reach code regions and uses concolic execution to explore code blocks guarded by complex branch conditions. However, its code…

Software Engineering · Computer Science 2019-06-19 Yaohui Chen , Peng Li , Jun Xu , Shengjian Guo , Rundong Zhou , Yulong Zhang , Taowei , Long Lu

Many advanced program analysis and verification methods are based on solving systems of Constrained Horn Clauses (CHC). Testing CHC solvers is very important, as correctness of their work determines whether bugs in the analyzed programs are…

Software Engineering · Computer Science 2023-06-09 Anzhela Sukhanova , Valentyn Sobol

Testing a program's capability to effectively handling errors is a significant challenge, given that program errors are relatively uncommon. To solve this, Software Fault Injection (SFI)-based fuzzing integrates SFI and traditional fuzzing,…

Cryptography and Security · Computer Science 2024-07-08 Jin Wei , Ping Chen , Jun Dai , Xiaoyan Sun , Zhihao Zhang , Chang Xu , Yi Wanga

Compilers play a central role in translating high-level code into executable programs, making their correctness essential for ensuring code safety and reliability. While extensive research has focused on verifying the correctness of…

Programming Languages · Computer Science 2025-07-10 Qiong Feng , Xiaotian Ma , Ziyuan Feng , Marat Akhin , Wei Song , Peng Liang

A key aspect of ensuring the quality of a software system is the practice of unit testing. Through unit tests, developers verify the correctness of production source code, thereby verifying the system's intended behavior under test.…

Software Engineering · Computer Science 2021-03-18 Anthony Peruma , Christian D. Newman

Formal methods use SMT solvers extensively for deciding formula satisfiability, for instance, in software verification, systematic test generation, and program synthesis. However, due to their complex implementations, solvers may contain…

Software Engineering · Computer Science 2020-04-14 Muhammad Numair Mansur , Maria Christakis , Valentin Wüstholz , Fuyuan Zhang

Fuzzing has been an important approach for finding bugs and vulnerabilities in programs. Many fuzzers deployed in industry run daily and can generate an overwhelming number of crashes. Diagnosing such crashes can be very challenging and…

Software Engineering · Computer Science 2022-09-07 Ashwin Kallingal Joshy , Wei Le

Solidity compiler plays a key role in enabling the development of smart contract applications on Ethereum by governing the syntax of a domain-specific language called Solidity and performing compilation and optimization of Solidity code.…

Software Engineering · Computer Science 2024-08-12 Haoyang Ma , Wuqi Zhang , Qingchao Shen , Yongqiang Tian , Junjie Chen , Shing-Chi Cheung

Zero-knowledge (ZK) circuits enable privacy-preserving computations and are central to many cryptographic protocols. Systems like Circom simplify ZK development by combining witness computation and circuit constraints in one program.…

Cryptography and Security · Computer Science 2026-05-26 Hideaki Takahashi , Jihwan Kim , Suman Jana , Junfeng Yang

Graph algorithms, such as shortest path finding, play a crucial role in enabling essential applications and services like infrastructure planning and navigation, making their correctness important. However, thoroughly testing graph…

Software Engineering · Computer Science 2025-02-24 Wenqi Yan , Manuel Rigger , Anthony Wirth , Van-Thuan Pham

Tile-based programming frameworks are increasingly adopted to write high-performance GPU kernels in domains such as deep learning and scientific computing. While these frameworks enhance productivity and hardware utilization, their…

Software Engineering · Computer Science 2026-05-20 Ravishka Rathnasuriya , Zihe Song , Nidhi Majoju , Aaryaa Moharir , Tingxi Li , Wei Yang , Tao Xie

Sanitizers are a relatively recent trend in software engineering. They aim at automatically finding bugs in programs, and they are now commonly available to programmers as part of compiler toolchains. For example, the LLVM project includes…

Software Engineering · Computer Science 2021-02-26 Clement Courbet

Fuzzing -- testing programs with random inputs -- has become the prime technique to detect bugs and vulnerabilities in programs. To generate inputs that cover new functionality, fuzzers require execution feedback from the program -- for…

Software Engineering · Computer Science 2020-12-29 Rahul Gopinath , Bachir Bendrissou , Björn Mathis , Andreas Zeller

Bugs are essential in software engineering; many research studies in the past decades have been proposed to detect, localize, and repair bugs in software systems. Effectiveness evaluation of such techniques requires complex bugs, i.e.,…

Software Engineering · Computer Science 2025-09-10 Ali Reza Ibrahimzada , Yang Chen , Ryan Rong , Reyhaneh Jabbarvand

Continuous fuzzing is an increasingly popular technique for automated quality and security assurance. Google maintains OSS-Fuzz: a continuous fuzzing service for open source software. We conduct the first empirical study of OSS-Fuzz,…

Software Engineering · Computer Science 2021-03-23 Zhen Yu Ding , Claire Le Goues

JavaScript obfuscators are widely deployed to protect intellectual property and resist reverse engineering, yet their correctness has been largely overlooked compared to performance and resilience. Existing evaluations typically measure…

Software Engineering · Computer Science 2026-03-03 Shan Jiang , Chenguang Zhu , Sarfraz Khurshid