SHF: Small: Collaborative Research: Fuzzing Cyber-Physical System Development Tool Chains with Deep Learning (DeepFuzz-CPS)
Developing a modern technical product such as a car, plane, or a complex medical device includes designing the complex interplay between sensors (which measure physical product and environment state) and actuators (such as small electric motors that control the product). To design this interplay, engineers rely on complex design software tools. This project will address two problems these engineers face. (1) First, little systematic knowledge of the design tools or the resulting designs is available to guide engineers. For example, little is known about how basic design properties (such as various design size measures) relate to design quality attributes (such as design complexity and comprehensibility). This project will thus collect and analyze a large number of publicly available designs to build such knowledge. (2) Second, since the design tools are complex they can contain software bugs. These bugs may in turn silently introduce bugs into widely-deployed safety-critical systems, since product control software generated from designs is often deployed in safety-critical environments. Bugs in such systems often lead to costly product recalls and may have serious consequences. This project will thus develop techniques for automatically finding software bugs in such design tools.
This project consists of the following three major components. (1) First, this project will build the largest curated corpus of publicly available cyber-physical system models and related artifacts. Preliminary results analyzing this corpus both confirms and contradicts earlier findings that are based on significantly fewer models, suggesting the utility of a large corpus for future research. (2) Second, to side-step the age-old problem of missing complete formal specifications of cyber-physical system tool chains, this project instead will design a novel scheme to infer the cyber-physical system language validity rules via deep learning from the project's model corpus. Sampling the deep learner will enable generating additional models for the researchers' existing differential cyber-physical system tool chain testing infrastructure. (3) Third, this project will supplement the deep learner's training set via the first systematic cyber-physical system-model mutation scheme based on equivalence modulo inputs. Initial experiments have found several bugs in a commercial cyber-physical system tool chain that have been confirmed by the vendor of the tool chain.