REINAM: Reinforcement learning for input-grammar inference

Zhengkai Wu; Evan Johnson; Wei Yang; Osbert Bastani; Dawn Song; Jian Peng; Tao Xie

doi:10.1145/3338906.3338958

REINAM: Reinforcement learning for input-grammar inference

Zhengkai Wu, Evan Johnson, Wei Yang, Osbert Bastani, Dawn Song, Jian Peng, Tao Xie

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Program input grammars (i.e., grammars encoding the language of valid program inputs) facilitate a wide range of applications in software engineering such as symbolic execution and delta debugging. Grammars synthesized by existing approaches can cover only a small part of the valid input space mainly due to unanalyzable code (e.g., native code) in programs and lacking high-quality and high-variety seed inputs. To address these challenges, we present REINAM, a reinforcement-learning approach for synthesizing probabilistic context-free program input grammars without any seed inputs. REINAM uses an industrial symbolic execution engine to generate an initial set of inputs for the given target program, and then uses an iterative process of grammar generalization to proactively generate additional inputs to infer grammars generalized from these initial seed inputs. To efficiently search for target generalizations in a huge search space of candidate generalization operators, REINAM includes a novel formulation of the search problem as a reinforcement learning problem. Our evaluation on eleven real-world benchmarks shows that REINAM outperforms an existing state-of-the-art approach on precision and recall of synthesized grammars, and fuzz testing based on REINAM substantially increases the coverage of the space of valid inputs. REINAM is able to synthesize a grammar covering the entire valid input space for some benchmarks without decreasing the accuracy of the grammar.

Original language	English (US)
Title of host publication	ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Editors	Sven Apel, Marlon Dumas, Alessandra Russo, Dietmar Pfahl
Publisher	Association for Computing Machinery
Pages	488-498
Number of pages	11
ISBN (Electronic)	9781450355728
DOIs	https://doi.org/10.1145/3338906.3338958
State	Published - Aug 12 2019
Event	27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019 - Tallinn, Estonia Duration: Aug 26 2019 → Aug 30 2019

Publication series

Name	ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Conference

Conference	27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019
Country/Territory	Estonia
City	Tallinn
Period	8/26/19 → 8/30/19

Keywords

Dynamic symbolic execution
Fuzzing
Grammar synthesis
Reinforcement learning

ASJC Scopus subject areas

Artificial Intelligence
Software

Online availability

10.1145/3338906.3338958

Library availability

Discover UIUC Full Text

Cite this

Wu, Z., Johnson, E., Yang, W., Bastani, O., Song, D., Peng, J., & Xie, T. (2019). REINAM: Reinforcement learning for input-grammar inference. In S. Apel, M. Dumas, A. Russo, & D. Pfahl (Eds.), ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 488-498). (ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering). Association for Computing Machinery. https://doi.org/10.1145/3338906.3338958

REINAM: Reinforcement learning for input-grammar inference. / Wu, Zhengkai; Johnson, Evan; Yang, Wei et al.
ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ed. / Sven Apel; Marlon Dumas; Alessandra Russo; Dietmar Pfahl. Association for Computing Machinery, 2019. p. 488-498 (ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Wu, Z, Johnson, E, Yang, W, Bastani, O, Song, D, Peng, J & Xie, T 2019, REINAM: Reinforcement learning for input-grammar inference. in S Apel, M Dumas, A Russo & D Pfahl (eds), ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Association for Computing Machinery, pp. 488-498, 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019, Tallinn, Estonia, 8/26/19. https://doi.org/10.1145/3338906.3338958

Wu Z, Johnson E, Yang W, Bastani O, Song D, Peng J et al. REINAM: Reinforcement learning for input-grammar inference. In Apel S, Dumas M, Russo A, Pfahl D, editors, ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. Association for Computing Machinery. 2019. p. 488-498. (ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering). doi: 10.1145/3338906.3338958

Wu, Zhengkai ; Johnson, Evan ; Yang, Wei et al. / REINAM : Reinforcement learning for input-grammar inference. ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. editor / Sven Apel ; Marlon Dumas ; Alessandra Russo ; Dietmar Pfahl. Association for Computing Machinery, 2019. pp. 488-498 (ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering).

@inproceedings{c1590e94a110469abb91876473209cbc,

title = "REINAM: Reinforcement learning for input-grammar inference",

abstract = "Program input grammars (i.e., grammars encoding the language of valid program inputs) facilitate a wide range of applications in software engineering such as symbolic execution and delta debugging. Grammars synthesized by existing approaches can cover only a small part of the valid input space mainly due to unanalyzable code (e.g., native code) in programs and lacking high-quality and high-variety seed inputs. To address these challenges, we present REINAM, a reinforcement-learning approach for synthesizing probabilistic context-free program input grammars without any seed inputs. REINAM uses an industrial symbolic execution engine to generate an initial set of inputs for the given target program, and then uses an iterative process of grammar generalization to proactively generate additional inputs to infer grammars generalized from these initial seed inputs. To efficiently search for target generalizations in a huge search space of candidate generalization operators, REINAM includes a novel formulation of the search problem as a reinforcement learning problem. Our evaluation on eleven real-world benchmarks shows that REINAM outperforms an existing state-of-the-art approach on precision and recall of synthesized grammars, and fuzz testing based on REINAM substantially increases the coverage of the space of valid inputs. REINAM is able to synthesize a grammar covering the entire valid input space for some benchmarks without decreasing the accuracy of the grammar.",

keywords = "Dynamic symbolic execution, Fuzzing, Grammar synthesis, Reinforcement learning",

author = "Zhengkai Wu and Evan Johnson and Wei Yang and Osbert Bastani and Dawn Song and Jian Peng and Tao Xie",

note = "Publisher Copyright: {\textcopyright} 2019 ACM.; 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019 ; Conference date: 26-08-2019 Through 30-08-2019",

year = "2019",

month = aug,

day = "12",

doi = "10.1145/3338906.3338958",

language = "English (US)",

series = "ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering",

publisher = "Association for Computing Machinery",

pages = "488--498",

editor = "Sven Apel and Marlon Dumas and Alessandra Russo and Dietmar Pfahl",

booktitle = "ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering",

address = "United States",

}

TY - GEN

T1 - REINAM

T2 - 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019

AU - Wu, Zhengkai

AU - Johnson, Evan

AU - Yang, Wei

AU - Bastani, Osbert

AU - Song, Dawn

AU - Peng, Jian

AU - Xie, Tao

PY - 2019/8/12

Y1 - 2019/8/12

N2 - Program input grammars (i.e., grammars encoding the language of valid program inputs) facilitate a wide range of applications in software engineering such as symbolic execution and delta debugging. Grammars synthesized by existing approaches can cover only a small part of the valid input space mainly due to unanalyzable code (e.g., native code) in programs and lacking high-quality and high-variety seed inputs. To address these challenges, we present REINAM, a reinforcement-learning approach for synthesizing probabilistic context-free program input grammars without any seed inputs. REINAM uses an industrial symbolic execution engine to generate an initial set of inputs for the given target program, and then uses an iterative process of grammar generalization to proactively generate additional inputs to infer grammars generalized from these initial seed inputs. To efficiently search for target generalizations in a huge search space of candidate generalization operators, REINAM includes a novel formulation of the search problem as a reinforcement learning problem. Our evaluation on eleven real-world benchmarks shows that REINAM outperforms an existing state-of-the-art approach on precision and recall of synthesized grammars, and fuzz testing based on REINAM substantially increases the coverage of the space of valid inputs. REINAM is able to synthesize a grammar covering the entire valid input space for some benchmarks without decreasing the accuracy of the grammar.

AB - Program input grammars (i.e., grammars encoding the language of valid program inputs) facilitate a wide range of applications in software engineering such as symbolic execution and delta debugging. Grammars synthesized by existing approaches can cover only a small part of the valid input space mainly due to unanalyzable code (e.g., native code) in programs and lacking high-quality and high-variety seed inputs. To address these challenges, we present REINAM, a reinforcement-learning approach for synthesizing probabilistic context-free program input grammars without any seed inputs. REINAM uses an industrial symbolic execution engine to generate an initial set of inputs for the given target program, and then uses an iterative process of grammar generalization to proactively generate additional inputs to infer grammars generalized from these initial seed inputs. To efficiently search for target generalizations in a huge search space of candidate generalization operators, REINAM includes a novel formulation of the search problem as a reinforcement learning problem. Our evaluation on eleven real-world benchmarks shows that REINAM outperforms an existing state-of-the-art approach on precision and recall of synthesized grammars, and fuzz testing based on REINAM substantially increases the coverage of the space of valid inputs. REINAM is able to synthesize a grammar covering the entire valid input space for some benchmarks without decreasing the accuracy of the grammar.

KW - Dynamic symbolic execution

KW - Fuzzing

KW - Grammar synthesis

KW - Reinforcement learning

UR - http://www.scopus.com/inward/record.url?scp=85071931956&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85071931956&partnerID=8YFLogxK

U2 - 10.1145/3338906.3338958

DO - 10.1145/3338906.3338958

M3 - Conference contribution

AN - SCOPUS:85071931956

T3 - ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering

SP - 488

EP - 498

BT - ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering

A2 - Apel, Sven

A2 - Dumas, Marlon

A2 - Russo, Alessandra

A2 - Pfahl, Dietmar

PB - Association for Computing Machinery

Y2 - 26 August 2019 through 30 August 2019

ER -

REINAM: Reinforcement learning for input-grammar inference

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this