Software Open Access

Not All Bugs Are Created Equal, But Robust Reachability Can Tell The Difference

Guillaume Girol; Sébastien Bardin; Benjamin Farinier

DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<resource xmlns:xsi="" xmlns="" xsi:schemaLocation="">
  <identifier identifierType="DOI">10.5281/zenodo.4721753</identifier>
      <creatorName>Guillaume Girol</creatorName>
      <affiliation>Université Paris-Saclay, CEA, List</affiliation>
      <creatorName>Sébastien Bardin</creatorName>
      <affiliation>Université Paris-Saclay, CEA, List</affiliation>
      <creatorName>Benjamin Farinier</creatorName>
      <affiliation>TU Wien</affiliation>
    <title>Not All Bugs Are Created Equal, But Robust Reachability Can Tell The Difference</title>
    <date dateType="Issued">2021-04-27</date>
  <resourceType resourceTypeGeneral="Software"/>
    <alternateIdentifier alternateIdentifierType="url"></alternateIdentifier>
    <relatedIdentifier relatedIdentifierType="DOI" relationType="IsVersionOf">10.5281/zenodo.4721752</relatedIdentifier>
    <rights rightsURI="">GNU General Public License v2.0 or later</rights>
    <rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
    <description descriptionType="Abstract">&lt;p&gt;This paper introduces a new property called robust reachability which refines the standard notion of reachability in order to take replicability into account. A bug is robustly reachable if a controlled input can make it so the bug is reached whatever the value of uncontrolled input. Robust reachability is better suited than standard reachability in many realistic situations related to security (e.g., criticality assessment or bug prioritization) or software engineering (e.g., replicable test suites and flakiness). We propose a formal treatment of the concept, and we revisit existing symbolic bug finding methods through this new lens. Remarkably, robust reachability allows differentiating bounded model checking from symbolic execution while they have the same deductive power in the standard case. Finally, we propose the first symbolic verifoer dedicated to robust reachability: we use it for criticality assessment of existing vulnerabilities, and compare it with standard symbolic execution.&lt;/p&gt;</description>
All versions This version
Views 273273
Downloads 3232
Data volume 173.4 GB173.4 GB
Unique views 243243
Unique downloads 2929


Cite as