signatr: A Data-Driven Fuzzing Tool for R

Title:

signatr: A Data-Driven Fuzzing Tool for R

Authors:

A. Turcotte, P. Donat-Bouillud, F. Křikava, J. Vitek

Publication:

Proceedings of the 15th ACM SIGPLAN International Conference on Software Language Engineering

DOI:

Year:

2022

ISBN:

978-1-4503-9919-7

Link:

Abstract:

The fast-and-loose, permissive semantics of dynamic programming languages limit the power of static analyses. For that reason, soundness is often traded for precision through dynamic program analysis. Dynamic analysis is only as good as the available runnable code, and relying solely on test suites is fraught as they do not cover the full gamut of possible behaviors. Fuzzing is an approach for automatically exercising code, and could be used to obtain more runnable code. However, the shape of user-defined data in dynamic languages is difficult to intuit, limiting a fuzzer's reach. We propose a feedback-driven blackbox fuzzing approach which draws inputs from a database of values recorded from existing code. We implement this approach in a tool called signatr for the R language. We present the insights of its design and implementation, and assess signatr's ability to uncover new behaviors by fuzzing 4,829 R functions from 100 R packages, revealing 1,195,184 new signatures.

BibTeX:

@inproceedings{turcotte_signatr_2022,
    title = {{signatr: A Data-Driven Fuzzing Tool for R}},
    author = {Turcotte, Alexi and Donat-Bouillud, Pierre and Křikava, Filip and Vitek, Jan},
    year = {2022},
    booktitle = {{Proceedings of the 15th ACM SIGPLAN International Conference on Software Language Engineering}},
    publisher = {Association for Computing Machinery},
    series = {{SLE 2022}},
    location = {New York, NY, USA},
    doi = {10.1145/3567512.3567530},
    isbn = {978-1-4503-9919-7},
    pages = {216--221},
    url = {https://doi.org/10.1145/3567512.3567530},
    shorttitle = {signatr},
}