TY - GEN
T1 - Looking for Lacunae in Bitcoin Core's Fuzzing Efforts
AU - Groce, Alex
AU - Jain, Kush
AU - Van Tonder, Rijnard
AU - Kalburgi, Goutamkumar Tulajappa
AU - Goues, Claire Le
N1 - Funding Information:
Full Report: The full report on this effort is available at https: //agroce.github.io/bitcoin_report.pdf. Acknowledgements: A portion of this work was supported by the National Science Foundation under CCF-2129446; the authors would also like to thank Chaincode Labs and the Bitcoin Core team.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Bitcoin is one of the most prominent distributed software systems in the world. This paper describes an effort to investigate and enhance the effectiveness of the Bitcoin Core fuzzing effort. The effort initially began as a query about how to escape saturation in the fuzzing effort, but developed into a more general exploration. This paper summarizes the outcomes of a two-week focused effort. While the effort found no smoking guns indicating major test/fuzz weaknesses, it produced a large number of additional fuzz corpus entries, increased the set of fuzzers used for Bitcoin Core, and ran mutation analysis of Bitcoin Core fuzz targets, with a comparison to Bitcoin functional tests and other cryptocurrencies' tests. Our conclusion is that for high quality fuzzing efforts, improvements to the oracle may be the best way to get more out of fuzzing.
AB - Bitcoin is one of the most prominent distributed software systems in the world. This paper describes an effort to investigate and enhance the effectiveness of the Bitcoin Core fuzzing effort. The effort initially began as a query about how to escape saturation in the fuzzing effort, but developed into a more general exploration. This paper summarizes the outcomes of a two-week focused effort. While the effort found no smoking guns indicating major test/fuzz weaknesses, it produced a large number of additional fuzz corpus entries, increased the set of fuzzers used for Bitcoin Core, and ran mutation analysis of Bitcoin Core fuzz targets, with a comparison to Bitcoin functional tests and other cryptocurrencies' tests. Our conclusion is that for high quality fuzzing efforts, improvements to the oracle may be the best way to get more out of fuzzing.
KW - fuzzing
KW - mutation analysis
KW - oracle strength
KW - saturation
KW - test diversity
UR - http://www.scopus.com/inward/record.url?scp=85126873753&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85126873753&partnerID=8YFLogxK
U2 - 10.1109/ICSE-SEIP55303.2022.9794086
DO - 10.1109/ICSE-SEIP55303.2022.9794086
M3 - Conference contribution
AN - SCOPUS:85126873753
T3 - Proceedings - International Conference on Software Engineering
SP - 185
EP - 186
BT - Proceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering
PB - IEEE Computer Society
T2 - 44th ACM/IEEE International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2022
Y2 - 22 May 2022 through 27 May 2022
ER -