Understanding and Detecting Performance Bugs in Markdown Compilers

Li, Penghui; Liu, Yinxi; Meng, Weiyi

doi:10.1109/ase51524.2021.9678611

Cited by 7 publications

(4 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DGF has been used to detect specific bug types, such as memory consumption bugs, and algorithm complexity bugs. Examples include MemLock [34], SlowFuzz [38], PERFFUZZ [37] and MDPERFFUZZ [102]. …”

Section: Research Progress On Dgfmentioning

confidence: 99%

See 1 more Smart Citation

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

SummaryGreybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage‐guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs, blindly extending code coverage is less efficient, especially for corner cases. Unlike coverage‐guided greybox fuzzing which increases code coverage in an undirected manner, directed greybox fuzzing (DGF) spends most of its time allocation on reaching specific targets (e.g. the bug‐prone zone) without wasting resources stressing unrelated parts. Thus, DGF is particularly suitable for scenarios such as patch testing, bug reproduction, and special bug detection. For now, DGF has become an active research area. However, DGF has general limitations and challenges that are worth further studying. Based on the investigation of 42 state‐of‐the‐art fuzzers that are closely related to DGF, we conducted the first in‐depth study to summarize the empirical evidence on the research progress of DGF. This paper studies DGF from a broader view, which takes into account not only the location‐directed type that targets specific code parts but also the behavior‐directed type that aims to expose abnormal program behaviors. By analyzing the benefits and limitations of DGF research, we try to identify gaps in current research, meanwhile, reveal new research opportunities and suggest areas for further investigation.

show abstract

Section: Research Progress On Dgfmentioning

confidence: 99%

“…Finally, DGF can detect non-crash bugs based on customized indicators. For example, it can find uncontrolled memory consumption bugs under the guidance of memory usage [34] and find algorithmic complexity vulnerabilities under the guidance of resource usage [38,102].…”

Section: Application Of Dgfmentioning

confidence: 99%

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

show abstract

“…Other researchers have employed grey-box and white-box methodologies for this vulnerability [99,114]. Researchers and commercial tools offer blackbox and grey-box scanning for diverse vulnerabilities [25,52,53], including algorithmic complexity vulnerabilities [31,72,87], service crashes [18,19,62], cross-site scripting (XSS) [24,55,103], and SQL injection [78]. Notably, some researchers have pursued the opposite of our Consistent Sanitization Assumption to identify cases where backend sanitization appears problematically inconsistent [71,84].…”

Section: Related Workmentioning

confidence: 99%

Exploiting input sanitization for regex denial of service

Barlas

Davis

2022

Proceedings of the 44th International Conference on Software Engineering

View full text Add to dashboard Cite

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally. However, this usability practice poses a security risk. Specifically, services may share the regexes they use to sanitize input strings -and regex-based denial of service (ReDoS) is an emerging threat. Although prominent service outages caused by ReDoS have spurred interest in this topic, we know little about the degree to which live web services are vulnerable to ReDoS.In this paper, we conduct the first black-box study measuring the extent of ReDoS vulnerabilities in live web services. We apply the Consistent Sanitization Assumption: that client-side sanitization logic, including regexes, is consistent with the sanitization logic on the server-side. We identify a service's regex-based input sanitization in its HTML forms or its API, find vulnerable regexes among these regexes, craft ReDoS probes, and pinpoint vulnerabilities. We analyzed the HTML forms of 1,000 services and the APIs of 475 services. Of these, 355 services publish regexes; 17 services publish unsafe regexes; and 6 services are vulnerable to ReDoS through their APIs (6 domains; 15 subdomains). Both Microsoft and Amazon Web Services patched their web services as a result of our disclosure. Since these vulnerabilities were from API specifications, not HTML forms, we proposed a ReDoS defense for a popular API validation library, and our patch has been merged. To summarize: in client-visible sanitization logic, some web services advertise Re-DoS vulnerabilities in plain sight. Our results motivate short-term patches and long-term fundamental solutions."Make measurable what cannot be measured. " -Galileo Galilei CCS CONCEPTS• Security and privacy → Denial-of-service attacks; Web application security; • General and reference → Empirical studies; Measurement; Validation.

show abstract

“…Scheduling [14,[24][25][26] Instrumentation [27][28][29][30] Hybrid Fuzzing [31][32][33][34] Sanitizer [35][36][37][38] Directed Fuzzing [17,[39][40][41] Others [16,[42][43][44][45][46][47] Fuzzing Evaluation Fuzzing Benchmarks [48][49][50][51] Empirical Study [52][53][54][55][56] Targeting Specific Types of Bugs Di erential Fuzzing [57][58][59] Performance Fuzzing [20,[60][61][62] Others [21,63,64] Targeting Specific Kinds of Targets Kernel Fuzzing [65][66]…”

Section: Sub-categories and Referencesmentioning

confidence: 99%

Effective fuzz testing via model-guided program synthesis

Zhang¹

View full text Add to dashboard Cite

I am deeply grateful to my wife Huiying Li for her unwavering support throughout my studies. The disruptions caused by the COVID-19 pandemic meant that she had to wait for me in China for over three years, and I am grateful for her understanding and determination to stand by me through it all. Without her support, I would not have been able to complete my studies. I also want to extend my heartfelt thanks to my family and friends for their love, encouragement, and understanding during this challenging time.

show abstract

Understanding and Detecting Performance Bugs in Markdown Compilers

Cited by 7 publications

References 34 publications

The progress, challenges, and perspectives of directed greybox fuzzing

The progress, challenges, and perspectives of directed greybox fuzzing

Exploiting input sanitization for regex denial of service

Effective fuzz testing via model-guided program synthesis

Contact Info

Product

Resources

About