Data dependency analysis using data-write detection techniques

2010 ◽  
Author(s):  
Anish Sane ◽  
Priti Ranadive ◽  
Sudhakar Sah
Keyword(s):  
Data Dependency ◽  
Dependency Analysis ◽  
Detection Techniques ◽  
Using Data

scholarly journals CONFUZZIUS: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts

2021 ◽  
Author(s):  
Christof Ferreira Torres ◽  
Antonio Ken Iannillo ◽  
Arthur Gervais ◽  
Radu State
Keyword(s):  
State Of The Art ◽  
Symbolic Execution ◽  
Hybrid Approach ◽  
Data Dependency ◽  
Smart Contracts ◽  
Dependency Analysis ◽  
Bug Detection ◽  
Code Coverage ◽  
Traditional Programs ◽  
Turing Complete

<div> <div> <p>Smart contracts are Turing-complete programs that are executed across a blockchain. Unlike traditional programs, once deployed, they cannot be modified. As smart contracts carry more value, they become more of an exciting target for attackers. Over the last years, they suffered from exploits costing millions of dollars due to simple programming mistakes. As a result, a variety of tools for detecting bugs have been proposed. Most of these tools rely on symbolic execution, which may yield false positives due to over-approximation. Recently, many fuzzers have been proposed to detect bugs in smart contracts. However, these tend to be more effective in finding shallow bugs and less effective in finding bugs that lie deep in the execution, therefore achieving low code coverage and many false negatives. An alternative that has proven to achieve good results in traditional programs is hybrid fuzzing, a combination of symbolic execution and fuzzing. In this work, we study hybrid fuzzing on smart contracts and present ConFuzzius, the first hybrid fuzzer for smart contracts. ConFuzzius uses evolutionary fuzzing to exercise shallow parts of a smart contract and constraint solving to generate inputs that satisfy complex conditions that prevent evolutionary fuzzing from exploring deeper parts. Moreover, ConFuzzius leverages dynamic data dependency analysis to efficiently generate sequences of transactions that are more likely to result in contract states in which bugs may be hidden. We evaluate the effectiveness of ConFuzzius by comparing it with state-of-the-art symbolic execution tools and fuzzers for smart contracts. Our evaluation on a curated dataset of 128 contracts and a dataset of 21K real-world contracts shows that our hybrid approach detects more bugs than state-of-the-art tools (up to 23%) and that it outperforms existing tools in terms of code coverage (up to 69%). We also demonstrate that data dependency analysis can boost bug detection up to 18%.</p> </div> </div>

Decentralized Communication for Data Dependency Analysis Among Process Execution Agents

2011 ◽  
Vol 8 (4) ◽  
pp. 1-28 ◽  
Author(s):  
Susan D. Urban ◽  
Ziao Liu ◽  
Le Gao
Keyword(s):  
Data Dependency ◽  
Grid Services ◽  
Dependency Analysis ◽  
Data Dependencies ◽  
Dependency Graphs ◽  
Service Oriented ◽  
Distributed Process ◽  
Concurrent Processes ◽  
Process Execution ◽  
Intelligent Approach

This paper presents the authors results with the investigation of decentralized data dependency analysis among concurrently executing processes in a service-oriented environment. Distributed Process Execution Agents (PEXAs) are responsible for controlling the execution of processes that are composed of web services. PEXAs are also associated with specific distributed sites for the purpose of capturing data changes that occur at those sites in the context of service executions using Delta-Enabled Grid Services. PEXAs then exchange this information with other PEXAs to dynamically discover data dependencies that can be used to enhance recovery activities for concurrent processes that execute with relaxed isolation properties. This paper outlines the functionality of PEXAs, describing the data structures, algorithms, and communication mechanisms that are used to support decentralized construction of distributed process dependency graphs, demonstrating a more dynamic and intelligent approach to identifying how the failure of one process can potentially affect other concurrently executing processes.

Sign in / Sign up

Export Citation Format

Share Document