Baby Steps Towards Integrating Fuzzing and Symbolic Execution

We will discuss our initial steps trying to integrate a fuzzer and a concolic execution tool for Java. The fuzzer, called JAFL, is a version of AFL in Java and the concolic tool analyses Java bytecode using an instrumentation based approach. We will show the tool architecture, discuss our experiences and show some demos.

Willem Visser is a professor in the Division of Computer Science at Stellenbosch University (from 2009 till 2013 he was the Head of the Division). His research is mostly focussed around finding bugs in software. More specifically he works on testing, program analysis, symbolic execution, probabilistic symbolic execution and model checking. He is probably most well known for his work on Java PathFinder (JPF) and Symbolic PathFinder (SPF). He previously worked at NASA Ames Research Center, and SEVEN Networks.