Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing

Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing. Bai, J., Fu, Z., Xie, K., & Jiang, Z. IEEE.
bibtex

@Article{bai23testing,
  author       = {Bai, Jia-Ju and Fu, Zi-Xuan and Xie, Kai-Tao and Jiang, Zu-Ming},
  date         = {2023},
  journaltitle = {IEEE Transactions on Dependable and Secure Computing},
  title        = {Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing},
  comment      = {- fuzzing is inefficient
- some bugs related to inputs *and* execution conditions
 
  - e.g. low memory
  
- explore fault space with fuzzing by leveraging program feedback
- injection guided by metric "error coverage"

  - considers error sites *plus* runtime context

- based on LLVM
- process, roughly

  - identify "error sites"

    - identify unchecked return codes
    
      - according to related work, most error sites are code statements
        checking error-indicating return values of function calls
        
        - #dependabilityByDefault #ZLiC #systemCallFaulTolerance
        - similar to study by Roberto Natella on Android:
          Many bugs in (potentially missing) error-handling code

  - generated program with injection points
  - execute
  - observe

- evaluation on real-life programs

  - comprehensive
  - vim, ffmpeg, openssl, btrfs, xfs, jfs, cephfs, …
  - comparison with other fuzzers},
  file         = {:bai23testing - Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing.pdf:PDF},
  groups       = {fault injection, fault injection tools, dependability by default / dependability wrap},
  publisher    = {IEEE},
}

Downloads: 0

{"_id":"MzadX8YTPF8AtpqZ5","bibbaseid":"bai-fu-xie-jiang-testingerrorhandlingcodewithsoftwarefaultinjectionanderrorcoverageguidedfuzzing","author_short":["Bai, J.","Fu, Z.","Xie, K.","Jiang, Z."],"bibdata":{"bibtype":"article","type":"article","author":[{"propositions":[],"lastnames":["Bai"],"firstnames":["Jia-Ju"],"suffixes":[]},{"propositions":[],"lastnames":["Fu"],"firstnames":["Zi-Xuan"],"suffixes":[]},{"propositions":[],"lastnames":["Xie"],"firstnames":["Kai-Tao"],"suffixes":[]},{"propositions":[],"lastnames":["Jiang"],"firstnames":["Zu-Ming"],"suffixes":[]}],"date":"2023","journaltitle":"IEEE Transactions on Dependable and Secure Computing","title":"Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing","comment":"- fuzzing is inefficient - some bugs related to inputs *and* execution conditions - e.g. low memory - explore fault space with fuzzing by leveraging program feedback - injection guided by metric \"error coverage\" - considers error sites *plus* runtime context - based on LLVM - process, roughly - identify \"error sites\" - identify unchecked return codes - according to related work, most error sites are code statements checking error-indicating return values of function calls - #dependabilityByDefault #ZLiC #systemCallFaulTolerance - similar to study by Roberto Natella on Android: Many bugs in (potentially missing) error-handling code - generated program with injection points - execute - observe - evaluation on real-life programs - comprehensive - vim, ffmpeg, openssl, btrfs, xfs, jfs, cephfs, … - comparison with other fuzzers","file":":bai23testing - Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing.pdf:PDF","groups":"fault injection, fault injection tools, dependability by default / dependability wrap","publisher":"IEEE","bibtex":"@Article{bai23testing,\n author = {Bai, Jia-Ju and Fu, Zi-Xuan and Xie, Kai-Tao and Jiang, Zu-Ming},\n date = {2023},\n journaltitle = {IEEE Transactions on Dependable and Secure Computing},\n title = {Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing},\n comment = {- fuzzing is inefficient\n- some bugs related to inputs *and* execution conditions\n \n - e.g. low memory\n \n- explore fault space with fuzzing by leveraging program feedback\n- injection guided by metric \"error coverage\"\n\n - considers error sites *plus* runtime context\n\n- based on LLVM\n- process, roughly\n\n - identify \"error sites\"\n\n - identify unchecked return codes\n \n - according to related work, most error sites are code statements\n checking error-indicating return values of function calls\n \n - #dependabilityByDefault #ZLiC #systemCallFaulTolerance\n - similar to study by Roberto Natella on Android:\n Many bugs in (potentially missing) error-handling code\n\n - generated program with injection points\n - execute\n - observe\n\n- evaluation on real-life programs\n\n - comprehensive\n - vim, ffmpeg, openssl, btrfs, xfs, jfs, cephfs, …\n - comparison with other fuzzers},\n file = {:bai23testing - Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing.pdf:PDF},\n groups = {fault injection, fault injection tools, dependability by default / dependability wrap},\n publisher = {IEEE},\n}\n\n","author_short":["Bai, J.","Fu, Z.","Xie, K.","Jiang, Z."],"key":"bai23testing","id":"bai23testing","bibbaseid":"bai-fu-xie-jiang-testingerrorhandlingcodewithsoftwarefaultinjectionanderrorcoverageguidedfuzzing","role":"author","urls":{},"metadata":{"authorlinks":{}},"downloads":0,"html":""},"bibtype":"article","biburl":"https://bibbase.org/network/files/AsPiHTmHHGjgy6xSQ","dataSources":["wjZw5s4JL49uLwn3p"],"keywords":[],"search_terms":["testing","error","handling","code","software","fault","injection","error","coverage","guided","fuzzing","bai","fu","xie","jiang"],"title":"Testing Error Handling Code with Software Fault Injection and Error-Coverage-Guided Fuzzing","year":null}