QSYM: a practical concolic execution engine tailored for hybrid fuzzing

QSYM: a practical concolic execution engine tailored for hybrid fuzzing Yun et al., USENIX Security 2018 There are two main approaches to automated test case generated for uncovering bugs and vulnerabilities: fuzzing and concolic execution. Fuzzing is good at quickly exploring the input space, but can get stuck when trying to get past more complex … Continue reading QSYM: a practical concolic execution engine tailored for hybrid fuzzing

ConflictJS: finding and understanding conflicts between JavaScript libraries

ConflictJS: finding and understanding conflicts between JavaScript libraries Patra et al., ICSE'18 The JavaScript ecosystem is fertile ground for dependency hell. With so many libraries being made available and the potential for global namespace clashes, it’s easy for libraries to break each other. Sometimes in an obvious to spot way (that’s a good day!), and … Continue reading ConflictJS: finding and understanding conflicts between JavaScript libraries

DeepTest: automated testing of deep-neural-network-driven autonomous cars

DeepTest: automated testing of deep-neural-network-driven autonomous cars Tian et al., ICSE'18 How do you test a DNN? We’ve seen plenty of examples of adversarial attacks in previous editions of The Morning Paper, but you couldn’t really say that generating adversarial images is enough to give you confidence in the overall behaviour of a model under … Continue reading DeepTest: automated testing of deep-neural-network-driven autonomous cars

Fail-slow at scale: evidence of hardware performance faults in large production systems

Fail-slow at scale: evidence of hardware performance faults in large production systems Gunawi et al., FAST’18 The first thing that strikes you about this paper is the long list of authors from multiple different establishments. That’s because it’s actually a study of 101 different fail-slow hardware incidents collected across large-scale cluster deployments in 12 different … Continue reading Fail-slow at scale: evidence of hardware performance faults in large production systems

Why is random testing effective for partition tolerance bugs?

Why is random testing effective for partition tolerance bugs? Majumdar & Niksic, POPL 18 A little randomness is a powerful thing! It can make the impossible possible (FLP ), balance systems remarkably well (the power of two random choices), and of course underpin much of cryptography. Today’s paper choice examines the unreasonable effectiveness of random … Continue reading Why is random testing effective for partition tolerance bugs?

Type test scripts for TypeScript testing

Type test scripts for TypeScript testing Kristensen et al., OOPLSA’17 Today’s edition of The Morning Paper comes with a free tongue-twister; ‘type test scripts for TypeScript testing!’ One of the things that people really like about TypeScript is the DefinitelyTyped repository of type declarations for common (otherwise untyped) JavaScript libraries. There are over 3000 such … Continue reading Type test scripts for TypeScript testing

DeepXplore: automated whitebox testing of deep learning systems

DeepXplore: automated whitebox testing of deep learning systems Pei et al., SOSP’17 The state space of deep learning systems is vast. As we’ve seen with adversarial examples, that creates opportunity to deliberately craft inputs that fool a trained network. Forget adversarial examples for a moment though, what about the opportunity for good old-fashioned bugs to … Continue reading DeepXplore: automated whitebox testing of deep learning systems