Computer Science and Software Engineering Capstone Presentations
Fall Quarter
December 18, 2020
Pedro Goncalves-Mokarzel "Software
Engineer Internship at Google" (Google) Faculty Advisor: Dr. Min Chen |
Abstract In my internship at Google, I worked on creating a
differential fuzzer helper library, and on implementing that library to
differentially fuzz YAML parsing libraries. Looking at differential fuzzing
requires understand of fuzzing. Fuzz testing is the process in which we test
a fuzz target to see if it works as expected given input created by the fuzzer.
It is an effective way to test for unexpected parameters for fuzz targets.
Differential fuzzing is the process in which we take two fuzz targets, give
them the fuzzer's input, and then later we check if their outputs match. This
methodology is helpful for finding discrepancies for fuzz targets you expect
will have the same output, or to check what fuzz targets are most robust. Our
goal with the differential fuzzing tool was to create a tool that could be
mutable to the implementation of whatever fuzz targets the user wants to do
differential fuzzing to. This means the user can implement different fuzz
targets and change what would be considered a discrepancy. After creating
this tool, we implemented differential fuzzing between the libyaml and yaml-cpp
libraries. For getting the best results possible, a significant amount of
work went into the process of normalization between the two libraries. This
required understanding how these libraries parse information, what types of
structure information is going to, and what kind of interpretation do the
different libraries make when parsing YAML. |
|
Updated December 15, 2020