Starting Date: Summer 2023
Prerequisites: Good programming skills in a high-level programming language (preferably Java and Python), and experience in software testing, or automated debugging
Will results be assigned to University: No
Project Description:
Fuzzing is a popular testing method used to ensure the reliability, security and correctness of software systems. These tools allow developers to find bugs and vulnerabilities in software systems automatically. For instance, AFL is a popular fuzzer that has exposed thousands of bugs in open-source software provided by Google, Amazon and Firefox [1]. However, fuzzers (e.g., AFL) often produce unnatural, unreadable or even invalid inputs. Invalid and unnatural inputs make it challenging for developers to understand, debug and fix the bugs found by fuzzers.
In this project, we aim to address this challenge by studying the validity and naturalness of test inputs generated by Fuzzers. The goal is to gather empirical evidence on the validity and naturalness of test inputs generated by fuzzers. The findings of this empirical study will be employed to build an automated technique that enables developers to understand, debug and repair invalid test inputs.
Required Skills:
Knowledge of the following:
* Good programming skills in a high-level programming language, preferably Java and Python
* Experience in software testing, or automated debugging
Starting Date: Summer 2023
Deliverables:
(a) Empirical evidence on the validity and naturalness of test inputs generated by fuzzers
(b) An automated tool to support developers in debugging and repairing invalid, unnatural inputs generated by fuzzers.
Why Should I Apply?:
This project provides opportunities to
* Develop research skills in SE, including automated debugging, and software testing (Fuzzing)
* Contribute to cutting-edge SE research leading to a debugger for program inputs and a potential publication in a top-tier SE venue
Previous Related Works: In previous works, we have developed two approaches to debug and repair invalid inputs [2][4]. We have also developed grammar-based fuzzing techniques [3].
References:
[1] https://github.com/google/AFL
[2] Kirschner, Lukas, Ezekiel Soremekun, Rahul Gopinath, and Andreas Zeller. “Input Repair via Synthesis and Lightweight Error Feedback.” arXiv preprint arXiv:2208.08235 (2022).
[3] Soremekun, Ezekiel, Esteban Pavese, Nikolas Havrikov, Lars Grunske, and Andreas Zeller. “Inputs From Hell.” IEEE Transactions on Software Engineering 48, no. 4 (2020): 1138-1153.
[4] Kirschner, Lukas, Ezekiel Soremekun, and Andreas Zeller. “Debugging inputs. In 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE).” (2020): 75-86.