Static detection of asymptotic performance bugs in collection traversals

Olivo, Oswaldo; Dillig, Işıl; Lin, Calvin

doi:10.1145/2737924.2737966

Cited by 59 publications

(19 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also considered svg-sanitizer 21 , which performs server-side sanitisation of SVG content (used in Drupal and WordPress as a plugin). On passing the crafted SVG file as input, svg-sanitizer, entered a non-terminating computation which make services using the plugin susceptible to DoS attacks.…”

Section: Listing 12 Nested References In Svgmentioning

confidence: 99%

Caught in the Web: DoS Vulnerabilities in Parsers for Structured Data

Rasheed

Dietrich

Tahir

2021

Computer Security – ESORICS 2021

View full text Add to dashboard Cite

We study a class of denial-of-service (DoS) vulnerabilities that occur in parsing structured data. These vulnerabilities enable low bandwidth DoS attacks with input that causes algorithms to execute in disproportionately large time and / or space. We generalise the characteristics of these vulnerabilities, and frame them in terms of three aspects, TTT: (1) the Topology of composite data structures formed by the internal representation of parsed data, (2) the presence of recursive functions for the Traversal of the data structures and (3) the presence of a Trigger that enables an attacker to activate the traversal. An analysis based on this abstraction was implemented for one target platform (Java), and in our study, we found that the impact of the results obtained with this method goes beyond Java. The inputs from our investigation revealed several similar vulnerabilities in programs written in other languages such as Rust and PHP. As a result we have reported 11 issues (of which seven have been accepted as issues), and obtained four CVEs for some of those issues in PDF, SVG and YAML libraries across different languages.

show abstract

Section: Listing 12 Nested References In Svgmentioning

confidence: 99%

Caught in the Web: DoS Vulnerabilities in Parsers for Structured Data

Rasheed

Dietrich

Tahir

2021

Computer Security – ESORICS 2021

View full text Add to dashboard Cite

show abstract

“…However, such techniques require available inputs. Some previous work has focused on identifying redundant traversals of data-structures [45,46,48], a special class of algorithmic complexity bugs. Although these techniques help pin-point program locations that may contain complexity bugs, they do not generate the offending inputs automatically.…”

Section: Related Workmentioning

confidence: 99%

PerfFuzz: automatically generating pathological inputs

Lemieux

Padhye

Sen

et al. 2018

Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

134

View full text Add to dashboard Cite

Performance problems in software can arise unexpectedly when programs are provided with inputs that exhibit worst-case behavior. A large body of work has focused on diagnosing such problems via statistical profiling techniques. But how does one find these inputs in the first place? We present PerfFuzz, a method to automatically generate inputs that exercise pathological behavior across program locations, without any domain knowledge. Perf-Fuzz generates inputs via feedback-directed mutational fuzzing. Unlike previous approaches that attempt to maximize only a scalar characteristic such as the total execution path length, PerfFuzz uses multi-dimensional feedback and independently maximizes execution counts for all program locations. This enables PerfFuzz to (1) find a variety of inputs that exercise distinct hot spots in a program and (2) generate inputs with higher total execution path length than previous approaches by escaping local maxima. PerfFuzz is also effective at generating inputs that demonstrate algorithmic complexity vulnerabilities. We implement PerfFuzz on top of AFL, a popular coverage-guided fuzzing tool, and evaluate PerfFuzz on four real-world C programs typically used in the fuzzing literature. We find that PerfFuzz outperforms prior work by generating inputs that exercise the most-hit program branch 5× to 69× times more, and result in 1.9× to 24.7× longer total execution paths. CCS CONCEPTS • Software and its engineering → Software testing and debugging; Software performance;

show abstract

“…CLARITY [Olivo et al 2015] is a recent work that shows promising results in detecting repeated traversals of arrays. Even though repeated traversals could hint on possible (not necessarily true) redundant computations, they are insufficient for precisely detecting or removing redundant computations.…”

Section: Related Workmentioning

confidence: 99%

GLORE: generalized loop redundancy elimination upon LER-notation

Ding

Shen

2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

This paper presents GLORE, a novel approach to enabling the detection and removal of large-scope redundant computations in nested loops. GLORE works on LER-notation, a new representation of computations in both regular and irregular loops. Together with a set of novel algorithms, it makes GLORE able to systematically consider computation reordering at both the expression level and the loop level in a unified manner. GLORE shows an applicability much broader than prior methods have, and frequently lowers the computational complexities of some nested loops that are elusive to prior optimization techniques, producing significantly larger speedups. CCS Concepts: • Software and its engineering → General programming languages;

show abstract

Static detection of asymptotic performance bugs in collection traversals

Cited by 59 publications

References 57 publications

Caught in the Web: DoS Vulnerabilities in Parsers for Structured Data

Caught in the Web: DoS Vulnerabilities in Parsers for Structured Data

PerfFuzz: automatically generating pathological inputs

GLORE: generalized loop redundancy elimination upon LER-notation

Contact Info

Product

Resources

About