Singularity: pattern fuzzing for worst case complexity

We describe a new blackbox complexity testing technique for determining the worst-case asymptotic complexity of a given application. The key idea is to look for an input pattern —rather than a concrete input— that maximizes the asymptotic resource usage of the target program. Because input patterns can be described concisely as programs in a restricted language, our method transforms the complexity testing problem to optimal program synthesis. In particular, we express these input patterns using a new model of computation called Recurrent Computation Graph (RCG) and solve the optimal synthesis problem by developing a genetic programming algorithm that operates on RCGs. We have implemented the proposed ideas in a tool called Singularityand evaluate it on a diverse set of benchmarks. Our evaluation shows that Singularitycan effectively discover the worst-case complexity of various algorithms and that it is more scalable compared to existing state-of-the-art techniques. Furthermore, our experiments also corroborate that Singularitycan discover previously unknown performance bugs and availability vulnerabilities in real-world applications such as Google Guava and JGraphT.

[1]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[2]  Shan Lu,et al.  CARAMEL: Detecting and Fixing Performance Problems That Have Non-Intrusive Fixes , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[3]  Zhong Shao,et al.  Compositional certified resource bounds , 2015, PLDI.

[4]  Somesh Jha,et al.  Backtracking Algorithmic Complexity Attacks against a NIDS , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[5]  Camil Demetrescu,et al.  Input-Sensitive Profiling , 2012, IEEE Transactions on Software Engineering.

[6]  Thomas R. Gross,et al.  Performance problems you can fix: a dynamic analysis of memoization opportunities , 2015, OOPSLA.

[7]  Helmut Veith,et al.  Complexity and Resource Bound Analysis of Imperative Programs Using Difference Constraints , 2017, Journal of Automated Reasoning.

[8]  Matthias Hauswirth,et al.  Algorithmic profiling , 2012, PLDI.

[9]  Christel Baier,et al.  Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems - Volume 9035 , 2015 .

[10]  Isil Dillig,et al.  Static detection of asymptotic performance bugs in collection traversals , 2015, PLDI.

[11]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[12]  Sumit Gulwani,et al.  SPEED: precise and efficient static estimation of program computational complexity , 2009, POPL '09.

[13]  Thomas R. Gross,et al.  Performance regression testing of concurrent classes , 2014, ISSTA 2014.

[14]  Koushik Sen,et al.  Travioli: A Dynamic Analysis for Detecting Data-Structure Traversals , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[15]  Andrew V. Goldberg,et al.  A new approach to the maximum flow problem , 1986, STOC '86.

[16]  Angelos D. Keromytis,et al.  SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities , 2017, CCS.

[17]  Xiang Cai,et al.  Exploiting Unix File-System Races via Algorithmic Complexity Attacks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[18]  Shan Lu,et al.  Toddler: Detecting performance problems via similar memory-access patterns , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[19]  Thomas R. Gross,et al.  Synthesizing programs that expose performance bottlenecks , 2018, CGO.

[20]  Emina Torlak,et al.  Optimizing synthesis with metasketches , 2016, POPL.

[21]  Corina S. Pasareanu,et al.  Symbolic Complexity Analysis Using Context-Preserving Histories , 2017, 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST).

[22]  Matthew B. Dwyer,et al.  Automatic generation of load tests , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[23]  Isil Dillig,et al.  Static Detection of DoS Vulnerabilities in Programs that Use Regular Expressions , 2017, TACAS.

[24]  Ankush Das,et al.  Towards automatic resource bound analysis for OCaml , 2016, POPL.

[25]  Shan Lu,et al.  Performance Diagnosis for Inefficient Loops , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[26]  Simon Goldsmith,et al.  Measuring empirical computational complexity , 2007, ESEC-FSE '07.

[27]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[28]  Koushik Sen,et al.  WISE: Automated test generation for worst-case complexity , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[29]  Murali Krishna Ramanathan,et al.  Directed test generation to detect loop inefficiencies , 2016, SIGSOFT FSE.

[30]  Jürgen Giesl,et al.  Analyzing Runtime and Size Complexity of Integer Programs , 2016, ACM Trans. Program. Lang. Syst..

[31]  Barbara G. Ryder,et al.  Blended analysis for performance understanding of framework-based applications , 2007, ISSTA '07.

[32]  Vitaly Shmatikov,et al.  Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.