Using Fuzzing to Help Abstract Interpretation Based Program Verification.

Interpretation has been successfully applied to static analysis, by computing over-approximation of the concrete semantics of various program for many years. However, in the context of program verification, abstract interpretation is not apt to generate counter-examples when the property does not hold. Dynamic analysis is known for its ability to generate inputs to find program vulnerabilities. In this paper, we propose an method that uses fuzzing to help abstract interpretation based program verification, especially to help generating inputs that violate the target property. During the verification process, we feed the fuzzer with the necessary precondition of violating the target assertion computed by abstract interpretation, and then run the fuzzer to generate inputs satisfying the necessary precondition but violating the target assertion. The result shows promising ability of our approach in generating counter-example for target property in comparison with other state-of-the-art tools.