Confessions of a smart contract paper reviewer
If you’re thinking of writing a paper describing an exciting novel approach to smart contract analysis and want to know what reviewers will be looking for, you’ve come to the right place. Deadlines for many big conferences (ISSTA tool papers, ASE, FSE, etc.) are approaching, as is our own Workshop ... Read More
Using Echidna to test a smart contract library
In this post, we’ll show you how to test your smart contracts with the Echidna fuzzer. In particular, you’ll see how to: Find a bug we discovered during the Set Protocol audit using a variation of differential fuzzing, and Specify and check useful properties for your own smart contract libraries ... Read More
Breaking the Solidity Compiler with a Fuzzer
Over the last few months, we’ve been fuzzing solc, the standard Solidity smart contract compiler, and we’ve racked up almost 20 (now mostly fixed) new bugs. A few of these are duplicates of existing bugs with slightly different symptoms or triggers, but the vast majority are previously unreported bugs in ... Read More
Everything You Ever Wanted To Know About Test-Case Reduction, But Didn’t Know to Ask
Imagine reducing the amount of code and time needed to test software, while at the same time increasing the efficacy of your tests and making your debugging tasks easier—all with minimal human effort. It seems too good to be true, but we’re going to explain how test-case reduction can do ... Read More
Fuzzing Unit Tests with DeepState and Eclipser
If unit tests are important to you, there’s now another reason to use DeepState, our Google-Test-like property-based testing tool for C and C++. It’s called Eclipser, a powerful new fuzzer very recently presented in an ICSE 2019 paper. We are proud to announce that Eclipser is now fully integrated into ... Read More
Fuzzing an API with DeepState (Part 2)
Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Mutation Testing Introducing one bug by hand is fine, and we could try it again, but “the plural of anecdote is not data.” However, this is not strictly true. If we have enough anecdotes, we can ... Read More
Fuzzing an API with DeepState (Part 1)
Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Using DeepState, we took a handwritten red-black tree fuzzer and, with minimal effort, turned it into a much more fully featured test generator. The DeepState fuzzer, despite requiring no more coding effort, supports replay of regression ... Read More
