Marek Trtík
YOU?
Author Swipe
View article: Gray-Box Fuzzing in Local Space
Gray-Box Fuzzing in Local Space Open
We consider gray-box fuzzing of a program instrumented such that information about evaluation of program expressions converting values of numerical types to Boolean, like x <= y, is recorded during each program's execution. Given that info…
View article: Fizzer with Local Space Fuzzing
Fizzer with Local Space Fuzzing Open
Fizzer is a gray-box fuzzer introduced at Test-Comp 2024. This paper summarizes the lessons learned with the original version and describes the major changes including new analyses implemented in the current version of Fizzer . In particul…
View article: Antarstick: Extracting Snow Height From Time‐Lapse Photography
Antarstick: Extracting Snow Height From Time‐Lapse Photography Open
The evolution and accumulation of snow cover are among the most important characteristics influencing Antarctica's climate and biotopes. The changes in Antarctica are also substantially impacting global climate change. Therefore, detailed …
View article: Gray-Box Fuzzing via Gradient Descent and Boolean Expression Coverage (Technical Report)
Gray-Box Fuzzing via Gradient Descent and Boolean Expression Coverage (Technical Report) Open
We present a novel gray-box fuzzing algorithm monitoring executions of instructions converting numerical values to Boolean ones. An important class of such instructions evaluate predicates, e.g., *cmp in LLVM. That alone allows us to infer…
View article: Symbiotic 10: Lazy Memory Initialization and Compact Symbolic Execution
Symbiotic 10: Lazy Memory Initialization and Compact Symbolic Execution Open
Symbiotic 10 brings four substantial improvements. First, we extended our clone of Klee called JetKlee with lazy memory initialization . With this extension, JetKlee can symbolically execute a function without knowing its context. In SV-CO…
View article: Fizzer: New Gray-Box Fuzzer
Fizzer: New Gray-Box Fuzzer Open
Fizzer is a new gray-box fuzzer. In contrast to common gray-box fuzzers that aim to cover both and branches of branching instructions, Fizzer primarily aims to cover both possible values and of Boolean expressions in the program. When a ge…
View article: Gray-Box Fuzzing via Gradient Descent and Boolean Expression Coverage
Gray-Box Fuzzing via Gradient Descent and Boolean Expression Coverage Open
We present a gray-box fuzzing approach based on several new ideas. While standard gray-box fuzzing aims to cover all branches of the input program, our approach primarily aims to cover both results of each Boolean expression. To achieve th…
View article: JBMC: A Bounded Model Checking Tool for Verifying Java Bytecode
JBMC: A Bounded Model Checking Tool for Verifying Java Bytecode Open
We present a bounded model checking tool for verifying Java bytecode, which is built on top of the CPROVER framework, named Java Bounded Model Checker (JBMC). JBMC processes Java bytecode together with a model of the standard Java librarie…
View article: Tighter Loop Bound Analysis (Technical report)
Tighter Loop Bound Analysis (Technical report) Open
We present a new algorithm for computing upper bounds on the number of executions of each program instruction during any single program run. The upper bounds are expressed as functions of program input values. The algorithm is primarily de…
View article: Tighter Loop Bound Analysis (Technical report)
Tighter Loop Bound Analysis (Technical report) Open
We present a new algorithm for computing upper bounds on the number of executions of each program instruction during any single program run. The upper bounds are expressed as functions of program input values. The algorithm is primarily de…
View article: Anonymous On-line Communication Between Program Analyses
Anonymous On-line Communication Between Program Analyses Open
We propose a light-weight client-server model of communication between program analyses. Clients are individual analyses and the server mediates their communication. A client cannot see properties of any other and the communication is anon…
View article: From Low-Level Pointers to High-Level Containers
From Low-Level Pointers to High-Level Containers Open
We propose a method that transforms a C program manipulating containers using low-level pointer statements into an equivalent program where the containers are manipulated via calls of standard high-level container operations like push_back…