Keynote Talk - Fuzzing, symbolic execution, and synthesis for testing
In this talk we discuss recent approaches that use fuzzing, symbolic execution and program synthesis, often in a synergistic way, to discover bugs and vulnerabilities in software programs. We first describe Badger, a tool that combines grey-box fuzzing with symbolic execution for discovering vulnerabilities which occur when the worst-case time or space complexity of an application is significantly higher than the average case. We then describe HyDiff, which extends Badger with a differential software analysis for detecting regression bugs in software evolution, analyzing side-channels in programs and evaluating robustness in deep neural networks. Finally we review how program synthesis techniques can be used to create correct-by-construction test programs that reveal bugs in RUST libraries.
Corina Pasareanu is an ACM Distinguished Scientist, working at NASA Ames. She is affiliated with KBR and Carnegie Mellon University’s CyLab. Her research interests include model checking, symbolic execution, compositional verification, probabilistic software analysis, autonomy, and security. She is the recipient of several awards, including ASE Most Influential Paper Award (2018), ESEC/FSE Test of Time Award (2018), ISSTA Retrospective Impact Paper Award (2018), ACM Impact Paper Award (2010), and ICSE 2010 Most Influential Paper Award (2010). She has been serving as Program/General Chair for several conferences including: FM’21, ICST 2020, ISSTA 2020, ESEC/FSE 2018, CAV 2015, ISSTA 2014, ASE 2011, and NFM 2009. She is currently an associate editor for the IEEE TSE journal.