Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Thu 9 Jul 2020 07:44 - 07:52 at Baekje - I13-Testing and Debugging 1 Chair(s): Shin Hwei Tan

Among the many software testing techniques available today, \emph{fuzzing} has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vulnerabilities.

Our survey shows the fuzzing community is extremely vibrant. The recent surge of work by researchers and practitioners alike has made it difficult to gain a comprehensive and coherent view of fuzzing. Thus, it is easy to lose track of the design decisions and potentially important tweaks performed in each tool and paper. Furthermore, there has been an observable fragmentation in the terminology used by various fuzzers. For example, test case “minimization” and “reduction” are often used interchangeably. Such fragmentation makes it difficult to discover and disseminate knowledge and may severely hinder the progress in fuzzing research in the long run.

To help preserve and bring coherence to the vast literature of fuzzing, this paper presented a unified, general-purpose model of fuzzing together with a taxonomy of the current literature. Our terminology is chosen to closely reflect the current predominant usages, and our model is designed to suit a large number of fuzzing tasks. We surveyed academic papers from the major Security and Software Engineering conferences in the last 10 years, as well as projects having more than 100 stars on GitHub. The paper methodically explores the design decisions at every stage of the model by surveying the related literature and innovations that make modern-day fuzzers effective.

Thu 9 Jul

Displayed time zone: (UTC) Coordinated Universal Time change

07:00 - 08:00
I13-Testing and Debugging 1Demonstrations / Technical Papers / Software Engineering in Practice / Journal First at Baekje
Chair(s): Shin Hwei Tan Southern University of Science and Technology
07:00
12m
Talk
Learning-to-Rank vs Ranking-to-Learn: Strategies for Regression Testing in Continuous IntegrationTechnical
Technical Papers
Antonia Bertolino CNR-ISTI, Antonio Guerriero Università di Napoli Federico II, Breno Miranda Federal University of Pernambuco, Roberto Pietrantuono Università di Napoli Federico II, Stefano Russo Università di Napoli Federico II
07:12
12m
Talk
Debugging InputsArtifact ReusableTechnicalArtifact Available
Technical Papers
Lukas Kirschner Saarland University, Ezekiel O. Soremekun CISPA Helmholtz Center for Information Security, Andreas Zeller CISPA Helmholtz Center for Information Security
Link to publication DOI Pre-print
07:24
12m
Talk
Property-based Testing for LG Home Appliances using Accelerated Software-in-the-Loop SimulationIEEE Software Best Software Engineering in Practice AwardSEIP
Software Engineering in Practice
Mingyu Park LG Electronics, Hoon Jang Hyundai Motor Company, Taejoon Byun University of Minnesota, Yunja Choi Kyungpook National University
Pre-print
07:36
8m
Talk
Predicting Software Defect Type using Concept-based ClassificationJ1
Journal First
Sangameshwar Patil Dept. of CSE, IIT Madras and TRDDC, TCS, Balaraman Ravindran IIT Madras
07:44
8m
Talk
The Art, Science, and Engineering of Fuzzing: A SurveyJ1
Journal First
Valentin Manès CSRC, KAIST, HyungSeok Han KAIST, Choongwoo Han NAVER Corporation, Sang Kil Cha KAIST, Manuel Egele Boston University, USA, Edward Schwartz Carnegie Mellon University, Maverick Woo Carnegie Mellon University
07:52
3m
Talk
GeekyNote: A Technical Documentation Tool with Coverage, Backtracking, Traces, and CouplingsDemo
Demonstrations
Yung-Pin Cheng National Central University, Wei-Nien Hsiung National Central University, Yu-Shan Wu IsCoollab Co. Ltd, Li-Hsuan Chen IsCoollab Co. Ltd