🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Awesome survey to bridge machine learning and symbolic reasoning.

My student Ziyuan Zhong will present arxiv.org/abs/2109.06404 at #issta2022 in a few hours. Please come and join us!!

AI-guided refactoring 🤔!!! Read our paper "CARGO: AI-Guided Dependency Analysis for Migrating Monolithic Applications to Microservices Architecture" (arxiv.org/abs/2207.11784) that received the distinguished paper award at ASE 2024 !!

Code LMs need to know BOTH in- and cross-file context to write better code! Check our new preprint arxiv.org/abs/2212.10007 to see how we improve Code LMs by jointly learning in- and cross-file context. Joint work w/ Zijian Wang Wasi Ahmad and others at AWS AI Labs. (1/5)

Very insightful thread. Fuzzing, an iterative search process, is a typical search and learning problem. Lessons from AI research are valuable. 1) Strike for general, simple and elegant design; 2) Scalable and adaptive data-driven approach over human-centric approach.

Excellent work uses the diffusion model and differentiable signal temporal logic (STL) to test autonomous driving!

Cool work to fuzz ML system in a bottom-up approach! This fuzzer directly targets low-level C++ APIs, rather than high-level Python APIs with force execution. Then it synthesizes a PoV to ensure true positive bug findings.

Fuzzing researchers should design new evaluation metrics, that are more expressive and can reflect true fuzzing performance, beyond the existing code coverage and crash number. "Saturation (hit count) of vulnerable functions" seems quite an interesting new metric to fuzzer.

Thrilled to announce that I will join the amazing CSE department @HKUST HKUST Computer Science and Engineering in Fall 2023!!! Multiple Ph.D./RA openings. Drop me an email if you are interested in security and machine learning, program analysis, fuzzing.

Fuzzing throughput is a critical yet often ignored factor in fuzzing evaluation. Carelessly comparing a file-retrieval fuzzer with an in-memory fuzzer, even a well-known researcher would make such a mistake and draw a completely WRONG conclusion in a top-tier conference paper.

What happens if you write buggy code and misconfigure the experimental setup when evaluating a fuzzer’s performance? Wrong and misleading conclusion! We found several fatal bugs and wrong experimental settings in MLFuzz (arxiv.org/pdf/2309.16618, a revisit work on NEUZZ published

Ep5. Rebuttal MLFuzz Thanks Irina’s response. We never heard back from you and Andreas Zeller since last month when we sent the last email to ask if you guys were willing to write an errata of MLFuzz to acknowledge the bugs and wrong conclusion. So I am happy to communicate

Are general-purpose fuzzing research dead? Our answer is probably no. Check our new fuzzer work FOX. The awesome fuzzer @aflplusplus is already super-powerful and quite an effective baseline in academics and industry. But there is still room to improve upon. We introduce FOX

Xin'an Emmanuel Zhou will present "Untangling the Knot: Breaking Access Control in Home Wireless Mesh Networks" at ACM CCS 2024 this afternoon at 2:15pm. We show a LAN attacker can gain root shells on access points, affecting popular vendors such as Netgear, Asus, TP-link, Linksys.

Thanks is-eqv.bsky.social for raising such an important question for the fuzzing research. Open questions and discussion are the keys to the advancement of fuzzing research. Chengyu Song, Andrea Fioraldi, I fully agree that results from the third-party fuzzbench infra are more reliable and

We are recruiting! Applications including 1) a cover letter, 2) a full curriculum vitae, 3) names and contact information of at least three referees, 4) a research statement, and 5) a teaching statement should be submitted via facrecruit.hkust.edu.hk.