Distinguished Lecture Series

Generating Software Tests Andreas Zeller CISPA Helmholtz Institute for IT Security 15/04/2019 Anfiteatro VA4 no piso-1 do Edificio de Civil – IST/Alameda | 11:00H Abstract Software has bugs. What can we do to find as many of these as possible? In this talk, I show how to systematically test software by generating such tests automatically, starting with simple random “fuzzing” generators and then proceeding to more effective grammar-based and coverage-guided approaches. Being fully automatic and easy to deploy, such fuzzers run at little cost, yet are very effective in finding bugs: Our own Langfuzz grammar-based test generator for JavaScript runs around the clock for the Firefox, Chrome, and Edge web browsers and so far has found more than 2,600 confirmed bugs. Our latest test generator prototypes are even able to automatically learn the input language of a given program, which allows to generate highly effective tests for arbitrary programs without any particular setup. In the past months, we have collected our tools and techniques in an interactive textbook (www.fuzzingbook.org) with 10,000 well-documented lines of Python code for highly productive fuzzing. Bio Andreas Zeller is Faculty at the CISPA Helmholtz Center for Information Security, and professor for Software Engineering at Saarland University, both in Saarbrücken, Germany. In 2010, Zeller was inducted as Fellow of the ACM for his contributions to automated debugging and mining software archives, for which he also obtained the ACM SIGSOFT Outstanding Research Award in 2018. His current work focuses on specification mining and test case generation, funded by grants from DFG and the European Research Council (ERC). Host António Manuel Ferreira Rito da Silva

Generating Software Tests

Andreas Zeller

CISPA Helmholtz Institute for IT Security

15/04/2019

Anfiteatro VA4 no piso-1 do Edificio de Civil – IST/Alameda | 11:00H

Abstract

Software has bugs. What can we do to find as many of these as
possible? In this talk, I show how to systematically test software by
generating such tests automatically, starting with simple random
“fuzzing” generators and then proceeding to more effective grammar-based
and coverage-guided approaches. Being fully automatic and easy to
deploy, such fuzzers run at little cost, yet are very effective in
finding bugs: Our own Langfuzz grammar-based test generator for
JavaScript runs around the clock for the Firefox, Chrome, and Edge web
browsers and so far has found more than 2,600 confirmed bugs. Our
latest test generator prototypes are even able to automatically learn
the input language of a given program, which allows to generate highly
effective tests for arbitrary programs without any particular setup. In
the past months, we have collected our tools and techniques in an
interactive textbook (www.fuzzingbook.org) with 10,000 well-documented
lines of Python code for highly productive fuzzing.

Bio

Andreas Zeller is Faculty at the CISPA Helmholtz Center for
Information Security, and professor for Software Engineering at Saarland
University, both in Saarbrücken, Germany. In 2010, Zeller was inducted
as Fellow of the ACM for his contributions to automated debugging and
mining software archives, for which he also obtained the ACM SIGSOFT
Outstanding Research Award in 2018. His current work focuses on
specification mining and test case generation, funded by grants from DFG
and the European Research Council (ERC).

Host

António Manuel Ferreira Rito da Silva

Share your love

Related Posts