Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing. Bai, J., Fu, Z., Xie, K., & Jiang, Z. IEEE.
bibtex   
@Article{bai23testing,
  author       = {Bai, Jia-Ju and Fu, Zi-Xuan and Xie, Kai-Tao and Jiang, Zu-Ming},
  date         = {2023},
  journaltitle = {IEEE Transactions on Dependable and Secure Computing},
  title        = {Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing},
  comment      = {- fuzzing is inefficient
- some bugs related to inputs *and* execution conditions
 
  - e.g. low memory
  
- explore fault space with fuzzing by leveraging program feedback
- injection guided by metric "error coverage"

  - considers error sites *plus* runtime context

- based on LLVM
- process, roughly

  - identify "error sites"

    - identify unchecked return codes
    
      - according to related work, most error sites are code statements
        checking error-indicating return values of function calls
        
        - #dependabilityByDefault #ZLiC #systemCallFaulTolerance
        - similar to study by Roberto Natella on Android:
          Many bugs in (potentially missing) error-handling code

  - generated program with injection points
  - execute
  - observe

- evaluation on real-life programs

  - comprehensive
  - vim, ffmpeg, openssl, btrfs, xfs, jfs, cephfs, …
  - comparison with other fuzzers},
  file         = {:bai23testing - Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing.pdf:PDF},
  groups       = {fault injection, fault injection tools, dependability by default / dependability wrap},
  publisher    = {IEEE},
}

Downloads: 0