Entry Date:
January 14, 2016

Snap: Automatically Identifying Critical Input Regions and Code in Applications

Principal Investigator Michael Carbin


Applications that process complex inputs often react in different ways to changes in different regions of the input. Small changes to forgiving regions induce correspondingly small changes in the behavior and output. Small changes to critical regions, on the other hand, can induce disproportionally large changes in the behavior or output. This paper presents Snap, a system for automatically classifying each input field and corresponding regions of code as critical or forgiving. Given an application and one or more inputs, Snap uses targeted input fuzzing in combination with dynamic execution and influence tracing to classify regions of input fields and code as critical or forgiving. Snap works well in practice and therefore enables developers and programming systems to automatically identify portions of the program that may be amenable change.