Qiping:
Hi group,
Milestone: 1st version of the LLM-based paper. (January 21st, 2025)
I have checked 19 papers citing the Symvalic paper, only a couple of which are related to the Symvalic paper or Datalog-based symbolic execution. Most of them are about detecting specific vulnerabilities.
I have dived deeper into MythrilQL. I have a runnable version of MythrilQL without one component. The results indicate that the runnable MythrilQL suffers from a serious overfitting problem.
Regarding the safety conditions in Smartest, they can be automatically inserted (for common vulnerabilities) or provided by users via adding assert statements in the source code.
I have not yet finished searching for Datalog-based symbolic execution tools. I plan to end this task before This Friday’s meeting.
I would like to have about 20 minutes to show what I have found regarding to MythrilQL.
Replies:
Dr. Lei:
sounds good. now it is probably time for you to start writing
Qiping:
Hi group,
Milestone: 1st version of the LLM-based paper. (January 21st, 2025)
I have done some extra experiments on LLM-based approach (the past milestone).
I have evaluated MythrilQL and Smartest.
I would like to have about 20 minutes discussion.
Action items for the next week:
Find and Evaluate Datalog-based symbolic execution tools to check if they can be involved in experiments. (12/17)
Experiments Setup for Datalog-based tools if found (12/17)
Resource request (12/17)
Replies:
Dr. Lei:
sounds good
Qiping:
Hi group,
Milestone: experiments on more smart contracts for the LLM-based method (12/10)
Plan to address comments during the proposal meeting.
· Evaluate if MythrilQL and Smartest can be involved in experiments. (12/10)
· Find and Evaluate Datalog-based symbolic execution tools to check if they can be involved in experiments. (12/17)
· Experiments Setup for Datalog-based tools if found (12/17)
· Resource request (12/17)
· Experiments (12/24 )
Hyperparameters(Execution timeout, depth limit, solver timeout, times)
o Mythril (15 minutes, 3, 10s, 3)
o Mythril (15 minutes, 4, 10s, 3)
o SmartExecutor (15 minutes, 3, 10s, 3) (without state-prioritization)
o other tools if possible
· Experiment Result Collection: (12/24 )
o Collect experiment results
o Obtain more details about vulnerability data
Replies:
Dr. Lei:
sounds good
Qiping:
Hi group,
Milestone: experiments on more smart contracts for the LLM-based method (12/10)
I have completed the proposal milestone.
Action Items for Next Week:
Develop a detailed plan to address the feedback and comments from the proposal meeting.
Qiping:
Hi group,
Milestone: do the proposal (11/25)
I am busy preparing for the proposal presentation. It is much more time-consuming than I expect.
project repo: https://github.com/qiana0223/llm_to_engineering_tasks
Qiping:
Hi group,
Milestone: do the proposal (11/25)
The milestone of finishing the draft of the proposal writing is due to 11/12 and I have completed this milestone.
Action items for the next week:
Improve the proposal writing based on suggestions
prepare for the slides.
Qiping:
Hi group,
Milestone: finish the draft of the proposal writing (11/12)
I have implemented the new approach using LLMs for sequence generation.
I have done experiments on randomly chosen 200 smart contracts.
I would like to have a discussion within 20 minutes to show the results and to discuss the baseline of using LLMs.
Replies:
Dr. Lei:
sounds good. look forward to the latest results.
Qiping:
Hi group,
Milestone: finish the draft of the proposal writing (11/12)
I would like to change the milestone of finishing the first draft of the proposal writing from 11/8 to 11/12
I have checked the concepts: context sensitivity and context insensitivity. When it comes to the symbolic execution of smart contracts, an inter-transaction state can be considered as a call site (i.e., a context). To ensure context sensitivity, each function should be executed more than once in different contexts (i.e., different states). However, for non-critical functions, this is not true in my approaches. Perhaps, it is better not to include this concept at this moment as I am afraid that it may cause significant changes in my approaches.
Instead of using “state depth”, I will, as suggested, directly use the sequence length to reflect the deepness of states.
I have started to implement the new approach.
Action items for next week
finish implementation of the new approach
do experiments on 200 contracts to see the performance of the new approach
Qiping:
Hi group,
Milestone: finish the draft of the proposal writing (11/8)
I will present a new approach for the symbolic execution of smart contracts using LLMs tomorrow for the new idea section.
Qiping:
Hi group,
Milestone: finish the draft of the proposal writing (11/8)
Read the paper titled “A Survey of Zero-shot Generalisation in Deep Reinforcement Learning”https://robertkirk.github.io/2022/01/17/generalisation-in-reinforcement-learning-survey.html
I would like to have a technical discussion session to briefly show CMDP and how it relates to my approach.
Next Action Items:
to be determined after the technical discussion session.
Replies:
Dr. Lei:
sounds good.
Qiping:
Milestone: finish the draft of the proposal writing (11/8)
Have prepared to explain why the information given in an observation can allow the agent to make decisions.
Show the state presentation and action design in RLF fuzzing paper.
Have done experiments using embeddings of functions on a single contract. The results show that the training reward is lower and the training time is much longer.
I would like to have a technical discussion session to show the above.
Next Action Items:
to be determined after the technical discussion session.
Replies:
Dr. Lei:
sounds good. one comment: RL is a very heavy-weight approach. one possible question people can ask is, since you are using RL, why don’t just use RL for vulnerability detection all the way? Now you are using RL to just predict which function to execute next during symbolic execution. note that both RL and symbolic execution are considered heavy-weight approaches.
Qiping:
Hi Group,
Milestone: make proposal 11/21
In the past week, I have no real progress on research. I just complete the experiments that should be done.
I would like to register the technical discussion to continue presenting my approach.
Action Items:
Create a structure for the proposal (even though I may not ready to make a proposal)
Replies:
Dr. Lei:
you need to be critical about your own ideas. the idea of making decisions about which function to explore based on the sequence of read/write on state variables is very shaky, to say the least. think about the following question: ideally what information do you need to make such a decision? this should be your starting point. you cannot justify your idea just because it is difficult to do otherwise.
Qiping:
Hi group,
Milestone: make proposal 11/21
The past milestone is done that I need to complete the second draft for the RL-based sequence generation paper on .
Action Items:
start preparing for proposal(any suggestions)
Replies:
Dr. Lei:
you need to finish your presentation of the main idea of your main to the group. also you need to address concerns raised in the group discussion. your approach needs to be validated before you go into the proposal.
Qiping:
Hi group,
Milestone: complete the second draft of the RL-based paper 9/24
updated the motivation section
updated the part about the game description
Action items for the next week:
Update the approach section
add the training section
update the evaluation section.
Qiping:
Milestone: complete the second draft of the RL-based paper 9/24
In the past week, I focused on the presentation
Action item for the next week:
Replies:
Dr. Lei:
try to finish your presentation about your approach tomorrow, Friday. as Fadul and I suggested, focus your presentation on the three components: state representation, action space, and reward function. also try to compare to your approach to existing RL-based approaches to testing smart contracts in terms of these three components.
© 2023 Jeff Lei's Lab.
Site made with Jekyll. Template from the Allan Lab
We are part of the CSE Department at University of Texas at Arlington.