Improving and Augmenting LAVA There is a pressing need for a way to evaluate the effectiveness of vulnerability discovery programs. LAVA a system that can inject bugs in a C program provides a promising technique to easily generate large corpora of known buggy programs that can be used for evaluation however the bugs that LAVA injects currently suffer from a lack of realism. We will focus on improving the realism of LAVA bugs by improving their data flow.
A lot of people have tried to research how to discover bugs in software. My project is essentially to do the opposite: inject realistic-looking bugs into software at a large scale. Why? Simply put being able to easily generate buggy code allows us to evaluate how effective bug-finding program are at actually spotting errors.