TY - GEN
T1 - Fuzz Testing the Compiled Code in R Packages
AU - Kolla, Akhila Chowdary
AU - Groce, Alex
AU - Hocking, Toby Dylan
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - R packages written in the widely used Rcpp frame-work are typically tested using expected input/output pairs that are manually coded by package developers. These manually written tests are validated under various CRAN checks, using both static and dynamic analysis. Such manually written tests allow for subtle bugs, since they do not anticipate all possible inputs and miss important code paths. Fuzzers pass random, unexpected, potentially invalid inputs to a function, in order to identify bugs missed by manually written tests. This paper presents RcppDeepState, an R package that uses the DeepState framework to provide automatic fuzzing and symbolic execution for $R$ packages written using the Rcpp framework. Using RcppDeepState, a package developer can systematically fuzz test their Rcpp functions, without having to manually write any inputs nor expected outputs. Randomly generated inputs are passed to each Rcpp function, and Valgrind is used to check for various memory access violations and memory leaks. In our system, a test harness can be used to fuzz test an Rcpp function using different backend fuzzers including afl, libFuzzer, and HonggFuzz. For even more flexibility, $R$ package developers can write their own random generation functions and assertions. We implemented random generation functions for 8 of the most common Rcpp data types, then used these functions to fuzz test 1,185 Rcpp packages. Valgrind reported issues for more than 2,000 functions (over nearly 500 packages) which were not detected using standard CRAN checks on manually specified test/example inputs. Developers confirmed for several of these issues that the problem was reproducible and represented missing or flawed code. These results suggest that RcppDeepState is useful for finding subtle flaws in Rcpp packages.
AB - R packages written in the widely used Rcpp frame-work are typically tested using expected input/output pairs that are manually coded by package developers. These manually written tests are validated under various CRAN checks, using both static and dynamic analysis. Such manually written tests allow for subtle bugs, since they do not anticipate all possible inputs and miss important code paths. Fuzzers pass random, unexpected, potentially invalid inputs to a function, in order to identify bugs missed by manually written tests. This paper presents RcppDeepState, an R package that uses the DeepState framework to provide automatic fuzzing and symbolic execution for $R$ packages written using the Rcpp framework. Using RcppDeepState, a package developer can systematically fuzz test their Rcpp functions, without having to manually write any inputs nor expected outputs. Randomly generated inputs are passed to each Rcpp function, and Valgrind is used to check for various memory access violations and memory leaks. In our system, a test harness can be used to fuzz test an Rcpp function using different backend fuzzers including afl, libFuzzer, and HonggFuzz. For even more flexibility, $R$ package developers can write their own random generation functions and assertions. We implemented random generation functions for 8 of the most common Rcpp data types, then used these functions to fuzz test 1,185 Rcpp packages. Valgrind reported issues for more than 2,000 functions (over nearly 500 packages) which were not detected using standard CRAN checks on manually specified test/example inputs. Developers confirmed for several of these issues that the problem was reproducible and represented missing or flawed code. These results suggest that RcppDeepState is useful for finding subtle flaws in Rcpp packages.
KW - Automated test generation
KW - C++ libraries
KW - Fuzzing
KW - Memory errors
KW - R language
KW - Statistical software
UR - http://www.scopus.com/inward/record.url?scp=85126395003&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85126395003&partnerID=8YFLogxK
U2 - 10.1109/ISSRE52982.2021.00040
DO - 10.1109/ISSRE52982.2021.00040
M3 - Conference contribution
AN - SCOPUS:85126395003
T3 - Proceedings - International Symposium on Software Reliability Engineering, ISSRE
SP - 300
EP - 308
BT - Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021
A2 - Jin, Zhi
A2 - Li, Xuandong
A2 - Xiang, Jianwen
A2 - Mariani, Leonardo
A2 - Liu, Ting
A2 - Yu, Xiao
A2 - Ivaki, Nahgmeh
PB - IEEE Computer Society
T2 - 32nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2021
Y2 - 25 October 2021 through 28 October 2021
ER -