How can we generate valid system inputs? Grammar-based fuzzers are highly efficient in producing syntactically valid system inputs. However, programs will often reject inputs that are semantically invalid. We introduce ISLa, a declarative specification language for context-sensitive properties of structured system inputs based on context-free grammars. With ISLa, it is possible to specify input constraints like “a variable has to be defined before it is used”; “the ‘file name’ block must be 100 bytes long,” or “the number of columns in all CSV rows must be identical.”
Such constraints go into the ISLa fuzzer which leverages the power of solvers like Z3 to solve semantic constraints and, on top, handles quantifiers and predicates over grammar structure. We show that a few ISLa constraints suffice to produce 100% semantically valid inputs while still maintaining input diversity. ISLa can also parse and precisely validate; inputs against semantic constraints.
ISLa constraints can be mined from existing input samples. For this, our ISLearn prototype uses a catalog of common patterns, instantiates these over input elements, and retains those candidates that hold for the inputs observed and whose instantiations are fully accepted by input-processing programs. The resulting constraints can then again be used for fuzzing and parsing.
Tue 15 NovDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
14:00 - 15:30
Dominic Steinhöfel CISPA Helmholtz Center for Information Security, Andreas Zeller CISPA Helmholtz Center for Information SecurityDOI Pre-print
|Modus: A Datalog Dialect for Building Container Images
Chris Tomy University College London, Tingmao Wang University College London, Earl T. Barr University College London, Sergey Mechtaev University College LondonDOI
|Multi-Phase Invariant Synthesis
|Parasol: Efficient Parallel Synthesis of Large Model Spaces
|Neural Termination Analysis
Mirco Giacobbe University of Birmingham, Daniel Kroening University of Oxford, Julian Parsert University of OxfordDOI
|SolSEE: A Source-Level Symbolic Execution Engine for Solidity
Shang-Wei Lin Nanyang Technological University, Palina Tolmach Nanyang Technological University, Singapore, Institute of High Performance Computing, Agency for Science, Technology and Research (A*STAR), Singapore, Ye Liu , Yi Li Nanyang Technological UniversityPre-print
|MpBP: Verifying Robustness of Neural Networks with Multi-Path Bound Propagation