Hybrid Software Testing and Repair
Abstract:
Automated software engineering aims at providing automated (or semi-automated) methods and the related foundations for software development. The goal is to support human developers, where machines can lead to better results or provide high-quality suggestions. As part of each development process, software quality assurance is a crucial ingredient to provide reliable, trustworthy, and secure software systems. It is facilitated by software testing as it searches for errors in software. In particular, differential software testing targets complex software bugs related to hyperproperties, e.g., regressions, security vulnerabilities, and robustness deficits. Thereby, a high degree of automation is considered beneficial. However, identifying bugs is just the beginning of the journey to high-quality software: It must be followed by a proper repair.
In this talk, I first introduce the general notion of differential software testing and its relation to security vulnerabilities. In particular, I show how hybrid techniques like the combination of dynamic symbolic execution and grey-box fuzzing can be used to identify bugs related to algorithmic complexity and side-channel vulnerabilities. Secondly, I discuss current efforts in automated program repair and present what kind of challenges lie in front of us. Furthermore, I will highlight the need for human-guided software engineering and its potential.
Biodata:
Yannic Noller is a Research Fellow at the Department of Computer Science, working with Prof. Abhik Roychoudhury in program repair. His general research interests lie in automated software engineering, software testing/verification/repair to provide reliable, trustworthy, and secure software systems. Before joining NUS in September 2020, he pursued his Ph.D. in the Software Engineering group (Prof. Lars Grunske) at the Humboldt-Universitat zu Berlin, Germany. His Ph.D. work focused on differential software testing, in particular, by combining fuzzing and symbolic execution in the context of regression analysis, algorithmic complexity analysis, side-channel analysis, and robustness analysis of neural networks.