signatr: A Data-Driven Fuzzing Tool for R

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F22%3A00363891" target="_blank" >RIV/68407700:21240/22:00363891 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1145/3567512.3567530" target="_blank" >https://doi.org/10.1145/3567512.3567530</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3567512.3567530" target="_blank" >10.1145/3567512.3567530</a>

Jazyk výsledku

angličtina

Název v původním jazyce

signatr: A Data-Driven Fuzzing Tool for R

Popis výsledku v původním jazyce

The fast-and-loose, permissive semantics of dynamic programming languages limit the power of static analyses. For that reason, soundness is often traded for precision through dynamic program analysis. Dynamic analysis is only as good as the available runnable code, and relying solely on test suites is fraught as they do not cover the full gamut of possible behaviors. Fuzzing is an approach for automatically exercising code, and could be used to obtain more runnable code. However, the shape of user-defined data in dynamic languages is difficult to intuit, limiting a fuzzer's reach. We propose a feedback-driven blackbox fuzzing approach which draws inputs from a database of values recorded from existing code. We implement this approach in a tool called signatr for the R language. We present the insights of its design and implementation, and assess signatr's ability to uncover new behaviors by fuzzing 4,829 R functions from 100 R packages, revealing 1,195,184 new signatures.

Název v anglickém jazyce

signatr: A Data-Driven Fuzzing Tool for R

Popis výsledku anglicky

The fast-and-loose, permissive semantics of dynamic programming languages limit the power of static analyses. For that reason, soundness is often traded for precision through dynamic program analysis. Dynamic analysis is only as good as the available runnable code, and relying solely on test suites is fraught as they do not cover the full gamut of possible behaviors. Fuzzing is an approach for automatically exercising code, and could be used to obtain more runnable code. However, the shape of user-defined data in dynamic languages is difficult to intuit, limiting a fuzzer's reach. We propose a feedback-driven blackbox fuzzing approach which draws inputs from a database of values recorded from existing code. We implement this approach in a tool called signatr for the R language. We present the insights of its design and implementation, and assess signatr's ability to uncover new behaviors by fuzzing 4,829 R functions from 100 R packages, revealing 1,195,184 new signatures.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/EF15_003%2F0000421" target="_blank" >EF15_003/0000421: Big Code: Škálovatelná analýza rozsáhlých bází programů</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

SLE 2022: Proceedings of the 15th ACM SIGPLAN International Conference on Software Language Engineering

ISBN

978-1-4503-9919-7

ISSN

—

e-ISSN

—

Počet stran výsledku

6

Strana od-do

216-221

Název nakladatele

Association for Computing Machinery

Místo vydání

New York

Místo konání akce

Auckland

Datum konání akce

6. 12. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—