Optimizing customized program coverage

Ohmann, Peter; Brown, David Bingham; Neelakandan, Naveen; Linderoth, Jeff; Liblit, Ben

doi:10.1145/2970276.2970351

Cited by 20 publications

(18 citation statements)

References 39 publications

(50 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ohmann et al [6] consider binarized coverage and modeled the problem using integer linear programming and proved it is NP-hard. They proposed several approximation algorithms, which still need to mark about a half of the total vertices.…”

Section: Background and Related Workmentioning

confidence: 99%

“…AFL can optionally instrument a random subset of basic blocks, but its impact on coverage information requires careful evaluation. Moreover, most existing techniques to reduce instrumentation overhead [2], [8], [6] either rely on simple heuristics or become inefficient when being directly applied to coverage-guided fuzzing. Hence, the core research questions we would like to investigate are: What techniques can be applied to reduce the cost of instrumentation?…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing

Hsu¹,

Wu²,

Hsiao³

et al. 2018

Proceedings 2018 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

Empowered by instrumentation, coverage-guided fuzzing monitors the program execution path taken by an input, and prioritizes inputs based on their contribution to code coverage. Although instrumenting every basic block ensures full visibility, it slows down the fuzzer and thus the speed of vulnerability discovery. This paper shows that thanks to common program structures (e.g., directed acyclic subgraphs and simple loops) and compiler optimization (e.g., knowledge of incoming edges), it is possible to accurately reconstruct coverage information by instrumenting only a small fraction of basic blocks. Specifically, we formulate the problem as a path differentiation problem on the control flow graph, and propose an efficient algorithm to select basic blocks that need to be instrumented so that different execution paths remain differentiable. We extend AFL to support such CFG-aware instrumentation. Our experiment results confirm that, compared with full instrumentation, our CFG-aware instrumentation only needs to instrument about 20% of basic blocks while offering 1.04-1.78x speedup during fuzzing. Finally, we highlight several technical challenges and promising research directions to further improve instrumentation for fuzzing.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing

Hsu¹,

Wu²,

Hsiao³

et al. 2018

Proceedings 2018 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

show abstract

“…2) The coverage of testing is an NP-hard problem [71] which implies that no system can be completely correct.…”

Section: The Challenges Of the Dependable Self-managing Cpsmentioning

confidence: 99%

A Comprehensive Technological Survey on Dependable Self-Managing CPS: The Decade of Researches on Correctness and Dependability

Zhou¹,

Hou²,

Zhang³

et al. 2017

Preprint

View full text Add to dashboard Cite

Though Cyber Physical Systems (CPS) become very popular in last the decade, dependability of CPS is still a critical issue and related survey is rare. We try to spell out the jigsaw of technologies and figure out the technical trends of dependable self-managing CPS. This survey first recalls the motivation and the similar concepts. By analyzing four generic architectures, we summarize the common characteristics and related assurance technologies, and propose a more generic environment-in-loop processing flow of CPS and a formal interaction flow between physical space and cyber space. Further, the similarity between correctness and dependability is formally analyzed and the new five research questions of dependable self-managing CPS are presented. Then we review the critical technologies and related correctness verification & validation (V&V) methods, the architectures for dependable self-managing CPS. Further, the detail dependability management and V&V technologies are surveyed, which covers the areas of running-time fault management methods and whole life cycle V&V technologies, maintenance and available tool sets. For holistic CPS development, Modeling techniques and MDE (model driven engineering) based V&V methods are analyzed in detail. Then we complete the jigsaw of technologies and figure out the missing part. Further, we propose the technical challenges and the further direction. To our best knowledge, this is the first comprehensive survey on dependable self-managing CPS development and evaluation.

show abstract

“…Larus later extended this method by adding latency information and the ability to trace inter-procedurally [16]. Ohmann et al [24] formalized the problem of customized program coverage, that is to instrument the program while respecting a certain set of constraints in order to generate coverage information for a given set of program points. Their practical methods used static analysis and approximation algorithms to compute placements that minimized the runtime of instrumentation.…”

Section: Related Workmentioning

confidence: 99%

Log20

Rodrigues

Luo

et al. 2017

Proceedings of the 26th Symposium on Operating Systems Principles

View full text Add to dashboard Cite

When systems fail in production environments, log data is often the only information available to programmers for postmortem debugging. Consequently, programmers' decision on where to place a log printing statement is of crucial importance, as it directly affects how effective and efficient postmortem debugging can be. This paper presents Log20, a tool that determines a near optimal placement of log printing statements under the constraint of adding less than a specified amount of performance overhead. Log20 does this in an automated way without any human involvement. Guided by information theory, the core of our algorithm measures how effective each log printing statement is in disambiguating code paths. To do so, it uses the frequencies of different execution paths that are collected from a production environment by a low-overhead tracing library. We evaluated Log20 on HDFS, HBase, Cassandra, and ZooKeeper, and observed that Log20 is substantially more efficient in code path disambiguation compared to the developers' manually placed log printing statements. Log20 can also output a curve showing the trade-off between the informativeness of the logs and the performance slowdown, so that a developer can choose the right balance. CCS CONCEPTS • Computer systems organization → Reliability; • Software and its engineering → System administration;

show abstract

Optimizing customized program coverage

Cited by 20 publications

References 39 publications

INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing

INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing

A Comprehensive Technological Survey on Dependable Self-Managing CPS: The Decade of Researches on Correctness and Dependability

Log20

Contact Info

Product

Resources

About