CovRL: Fuzzing JavaScript Engines with Coverage-Guided Reinforcement Learning for LLM-based Mutation

Proceedings 2019 Network and Distributed System Security Symposium

Nautilus: Fishing for deep bugs with grammars

C. Aschermann, T. Frassetto, T. Holz, P. Jauernig, A.-R. Sadeghi, D. Teuchert

Published: 2019

Program synthesis with large language models

J. Austin, A. Odena, M. Nye, M. Bosma, H. Michalewski, D. Dohan, E. Jiang, C. Cai, M. Terry, Q. Le

Published: 2021

2018 IEEE Security and Privacy Workshops (SPW)

Deep reinforcement fuzzing

K. Böttinger, P. Godefroid, R. Singh

Published: 2018

OpenAI Technical Report

Language models are few-shot learners

T. B. Brown, B. Mann, N. Ryder, M. Subbiah, J. Kaplan, P. Dhariwal, A. Neelakantan, P. Shyam, G. Sastry, A. Askell, S. Agarwal, A. Herbert-Voss, G. Krueger, T. Henighan, R. Child, A. Ramesh, D. M. Ziegler, J. Wu, C. Winter, C. Hesse, M. Chen, E. Sigler, M. Litwin, S. Gray, B. Chess, J. Clark, C. Berner, S. McCandlish, A. Radford, I. Sutskever, D. Amodei

Published: 2020

Fuzz by number

Charlie Miller

Published: 2008

Evaluating large language models trained on code

M. Chen, J. Tworek, H. Jun, Q. Yuan, H. P. d. O. Pinto, J. Kaplan, H. Edwards, Y. Burda, N. Joseph, G. Brockman

Published: 2021

CoRR

PaLM: Scaling Language Modeling with Pathways

Aakanksha Chowdhery, Sharan Narang, Jacob Devlin, Maarten Bosma, Gaurav Mishra, Adam Roberts, Paul Barham, Hyung Won Chung, Charles Sutton, Sebastian Gehrmann, Parker Schuh, Kensen Shi, Sasha Tsvyashchenko, Joshua Maynez, Abhishek Rao, Parker Barnes, Yi Tay, Noam Shazeer, Vinodkumar Prabhakaran, Emily Reif, Nan Du, Ben Hutchinson, Reiner Pope, James Bradbury, Jacob Austin, Michael Isard, Guy Gur-Ari, Pengcheng Yin, Toju Duke, Anselm Levskaya, Sanjay Ghemawat, Sunipa Dev, Henryk Michalewski, Xavier Garcia, Vedant Misra, Kevin Robinson, Liam Fedus, Denny Zhou, Daphne Ippolito, David Luan, Hyeontaek Lim, Barret Zoph, Alexander Spiridonov, Ryan Sepassi, David Dohan, Shivani Agrawal, Mark Omernick, Andrew M. Dai, Thanumalayan Sankaranarayana Pillai, Marie Pellat, Aitor Lewkowycz, Erica Moreira, Rewon Child, Oleksandr Polozov, Katherine Lee, Zongwei Zhou, Xuezhi Wang, Brennan Saeta, Mark Diaz, Orhan Firat, Michele Catasta, Jason Wei, Kathy Meier-Hellstern, Douglas Eck, Jeff Dean, Slav Petrov, Noah Fiedel

Published: 2022

Training verifiers to solve math word problems

Karl Cobbe, Vineet Kosaraju, Mohammad Bavarian, Mark Chen, Heewoo Jun, Lukasz Kaiser, Matthias Plappert, Jerry Tworek, Jacob Hilton, Reiichiro Nakano, Christopher Hesse, John Schulman

Published: 2021

Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

Compiler fuzzing through deep learning

C. Cummins, P. Petoumenos, A. Murray, H. Leather

Published: 2018

Proc. ACM ISSTA

Large language models are zero-shot fuzzers: Fuzzing deep-learning libraries via large language models

Yinlin Deng, Chunqiu Steven Xia, Haoran Peng, Chenyuan Yang, Lingming Zhang

Published: 2023

Large language models are edge-case fuzzers: Testing deep learning libraries via fuzzgpt

Y. Deng, C. S. Xia, C. Yang, S. D. Zhang, S. Yang, L. Zhang

Published: 2023

Proceedings of NAACL-HLT

Bert: Pre-training of deep bidirectional transformers for language understanding

Jacob Devlin, Ming-Wei Chang, Kenton Lee, Kristina Toutanova

Published: 2019

Ecmascript language specification

ECMA International

Published: 1997

2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)

Automated repair of programs from large language models

Zhiyu Fan, Xiang Gao, Martin Mirchev, Abhik Roychoudhury, Shin Hwei Tan

Published: 2023

The Eleventh International Conference on Learning Representations

Incoder: A generative model for code infilling and synthesis

Daniel Fried, Armen Aghajanyan, Jessy Lin, Sida Wang, Eric Wallace, Freda Shi, Ruiqi Zhong, Scott Yih, Luke Zettlemoyer, Mike Lewis

Published: 2023

arxiv

被引用数 1

Learn&Fuzz: Machine Learning for Input Fuzzing

Patrice Godefroid, Hila Peleg, Rishabh Singh

Published: 2017.1.25

Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar suitable for input fuzzing using sample inputs and neural-network-based statistical machine-learning techniques. We present a detailed case study with a complex input format, namely PDF, and a large complex security-critical parser for this format, namely, the PDF parser embedded in Microsoft's new Edge browser. We discuss (and measure) the tension between conflicting learning and fuzzing goals: learning wants to capture the structure of well-formed inputs, while fuzzing wants to break that structure in order to cover unexpected code paths and find bugs. We also present a new algorithm for this learn&fuzz challenge which uses a learnt input probability distribution to intelligently guide where to fuzz inputs.

PDF構造モデル評価データオブジェクト

Chrominum issue 729991

Google

Published: 2017

Proceedings 2019 Network and Distributed System Security Symposium

Codealchemist: Semantics-aware code generation to find vulnerabilities in javascript engines

H. Han, D. Oh, S. K. Cha

Published: 2019

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Sofi: Reflection-augmented fuzzing for javascript engines

X. He, X. Xie, Y. Li, J. Sun, F. Li, W. Zou, Y. Liu, L. Yu, J. Zhou, W. Shi

Published: 2021

js-vuln-db

hoongwoo Han

Published: 2010

Jshint: A javascript code quality tool

JSHint

Published: 2013

Proceedings of the 2018 ACM SIGSAC conference on computer and communications security

Evaluating fuzz testing

G. Klees, A. Ruef, B. Cooper, S. Wei, M. Hicks

Published: 2018

Advances in Neural Information Processing Systems (NeurIPS)

Coderl: Mastering code generation through pretrained models and deep reinforcement learning

H. Le, Y. Wang, A. D. Gotmare, S. Savarese, S. C. Hoi

Published: 2022

Rlaif: Scaling reinforcement learning from human feedback with ai feedback

H. Lee, S. Phatale, H. Mansoor, T. Mesnard, J. Ferret, K. Lu, C. Bishop, E. Hall, V. Carbune, A. Rastogi, S. Prakash

Published: 2023

29th USENIX Security Symposium (USENIX Security 20)

Montage: A neural network language Model-Guided JavaScript engine fuzzer

S. Lee, H. Han, S. K. Cha, S. Son

Published: 2020

Proceedings of the 33rd ACM/IEEE international conference on automated software engineering

Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage

C. Lemieux, K. Sen

Published: 2018

Starcoder: may the source be with you!

Raymond Li, Loubna Ben Allal, Yangtian Zi, et al.

Published: 2023

Proceedings of the AAAI Conference on Artificial Intelligence

Alphaprog: reinforcement generation of valid programs for compiler fuzzing

X. Li, X. Liu, L. Chen, R. Prajapati, D. Wu

Published: 2022

Information and Communications Security: 24th International Conference, ICICS 2022, Canterbury, UK, September 5–8, 2022, Proceedings

Fuzzboost: Reinforcement compiler fuzzing

X. Li, X. Liu, L. Chen, R. Prajapati, D. Wu

Published: 2022

Rltf: Reinforcement learning from unit test feedback

J. Liu, Y. Zhu, K. Xiao, Q. Fu, X. Han, W. Yang, D. Ye

Published: 2023

Proceedings of the AAAI Conference on Artificial Intelligence

Deepfuzz: Automatic generation of syntax valid c programs for fuzz testing

X. Liu, X. Li, R. Prajapati, D. Wu

Published: 2019

International Conference on Learning Representations

Decoupled weight decay regularization

Ilya Loshchilov, Frank Hutter

Published: 2018

The annals of mathematical statistics

On a test of whether one of two random variables is stochastically larger than the other

H. B. Mann, D. R. Whitney

Published: 1947

Black Hat USA

$hell on earth: From browser to system compromise

Matt Molinyawe, Adul-Aziz Hariri, J. S.

Published: 2016

Afl: American fuzzy lop

Communications of the ACM (CACM)

An empirical study of the reliability of UNIX utilities

B. P. Miller, L. Fredriksen, B. So

Published: 1990

arxiv

被引用数 29

Conference on Neural Information Processing Systems (NeurIPS)

Training language models to follow instructions with human feedback

Long Ouyang, Jeff Wu, Xu Jiang, Diogo Almeida, Carroll L. Wainwright, Pamela Mishkin, Chong Zhang, Sandhini Agarwal, Katarina Slama, Alex Ray, John Schulman, Jacob Hilton, Fraser Kelton, Luke Miller, Maddie Simens, Amanda Askell, Peter Welinder, Paul Christiano, Jan Leike, Ryan Lowe

Published: 2022.3.4

Making language models bigger does not inherently make them better at following a user's intent. For example, large language models can generate outputs that are untruthful, toxic, or simply not helpful to the user. In other words, these models are not aligned with their users. In this paper, we show an avenue for aligning language models with user intent on a wide range of tasks by fine-tuning with human feedback. Starting with a set of labeler-written prompts and prompts submitted through the OpenAI API, we collect a dataset of labeler demonstrations of the desired model behavior, which we use to fine-tune GPT-3 using supervised learning. We then collect a dataset of rankings of model outputs, which we use to further fine-tune this supervised model using reinforcement learning from human feedback. We call the resulting models InstructGPT. In human evaluations on our prompt distribution, outputs from the 1.3B parameter InstructGPT model are preferred to outputs from the 175B GPT-3, despite having 100x fewer parameters. Moreover, InstructGPT models show improvements in truthfulness and reductions in toxic output generation while having minimal performance regressions on public NLP datasets. Even though InstructGPT still makes simple mistakes, our results show that fine-tuning with human feedback is a promising direction for aligning language models with human intent.

アライメント性能評価ユーザー行動分析

2020 IEEE Symposium on Security and Privacy (SP)

Fuzzing javascript engines with aspect-preserving mutation

S. Park, W. Xu, I. Yun, D. Jang, T. Kim

Published: 2020

Tech. rep., TU Darmstadt, Department of Computer Science

Learning to fuzz: Application-independent fuzz testing with probabilistic, generative models of input data

J. Patra, M. Pradel

Published: 2016

Journal of machine learning research

Exploring the limits of transfer learning with a unified text-to-text transformer

Colin Raffel, Noam Shazeer, Adam Roberts, Katherine Lee, Sharan Narang, Michael Matena, Yanqi Zhou, Wei Li, Peter J Liu

Published: 2020

Factually consistent summarization via reinforcement learning with textual entailment feedback

P. Roit, J. Ferret, L. Shani, R. Aharoni, G. Cideron, R. Dadashi, M. Geist, S. Girgin, L. Hussenot, O. Keller

Published: 2023

30th USENIX Security Symposium (USENIX Security 21)

Token-Level fuzzing

C. Salls, C. Jindal, J. Corina, C. Kruegel, G. Vigna

Published: 2021

Proximal policy optimization algorithms

J. Schulman, F. Wolski, P. Dhariwal, A. Radford, O. Klimov

Published: 2017

2012 USENIX annual technical conference (USENIX ATC 12)

{AddressSanitizer}: A fast address sanity checker

K. Serebryany, D. Bruening, A. Potapenko, D. Vyukov

Published: 2012

Execution-based code generation using deep reinforcement learning

P. Shojaee, A. Jain, S. Tipirneni, C. K. Reddy

Published: 2023

Journal of documentation

A statistical interpretation of term specificity and its application in retrieval

K. Sparck Jones

Published: 1972

Advances in Neural Information Processing Systems

A contrastive framework for neural text generation

Y. Su, T. Lan, Y. Wang, D. Yogatama, L. Kong, N. Collier

Published: 2022

Test262

Technical Committee 39 ECMA International

Published: 2010

Computer Security–ESORICS 2016: 21st European Symposium on Research in Computer Security

Ifuzzer: An evolutionary interpreter fuzzer using genetic programming

S. Veggalam, S. Rawat, I. Haller, H. Bos

Published: 2016

Usage statistics of javascript as client-side programming language on websites

W3Techs

Published: 2024

2017 IEEE Symposium on Security and Privacy (SP)

Skyfire: Data-driven seed generation for fuzzing

J. Wang, B. Chen, L. Wei, Y. Liu

Published: 2017

2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE)

Superion: Grammar-aware greybox fuzzing

J. Wang, B. Chen, L. Wei, Y. Liu

Published: 2019

Codet5+: Open code large language models for code understanding and generation

Y. Wang, H. Le, A. D. Gotmare, N. D. Bui, J. Li, S. C. Hoi

Published: 2023

EMNLP

Codet5: Identifier-aware unified pre-trained encoder-decoder models for code understanding and generation

Y. Wang, W. Wang, S. Joty, S. C. Hoi

Published: 2021

Finetuned language models are zero-shot learners

J. Wei, M. Bosma, V. Y. Zhao, K. Guu, A. W. Yu, B. Lester, N. Du, A. M. Dai, Q. V. Le

Published: 2022

arXiv preprint arXiv:2308.04748

Universal fuzzing via large language models

C. S. Xia, M. Paltenghi, J. L. Tian, M. Pradel, L. Zhang

Published: 2023

Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Less training, more repairing please: revisiting automated program repair via zero-shot learning

C. S. Xia, L. Zhang

Published: 2022

Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation

Automated conformance testing for javascript engines via deep compiler fuzzing

G. Ye, Z. Tang, S. H. Tan, S. Huang, D. Fang, X. Sun, L. Bian, H. Wang, Z. Wang

Published: 2021

Proceedings of the 6th ACM SIGPLAN International Symposium on Machine Programming

Productivity assessment of neural code completion

A. Ziegler, E. Kalliamvakou, X. A. Li, A. Rice, D. Rifkin, S. Simister, G. Sittampalam, E. Aftandilian

Published: 2022