FuSeBMC v4: Smart Seed Generation for Hybrid Fuzzing-Reference-Cited by-同舟云学术

FuSeBMC v4: Smart Seed Generation for Hybrid Fuzzing

Published:2022 Issue: Volume: Page:336-340
ISSN:0302-9743
Container-title:Fundamental Approaches to Software Engineering
language:
Short-container-title:

Author:

Alshmrany Kaled M.^ORCID,Aldughaim Mohannad^ORCID,Bhayat Ahmed^ORCID,Cordeiro Lucas C.^ORCID

Abstract

AbstractFuSeBMC is a test generator for finding security vulnerabilities in C programs. In Test-Comp 2021, we described a previous version that incrementally injected labels to guide Bounded Model Checking (BMC) and Evolutionary Fuzzing engines to produce test cases for code coverage and bug finding. This paper introduces an improved version of FuSeBMC that utilizes both engines to produce smart seeds. First, the engines run with a short time limit on a lightly instrumented version of the program to produce the seeds. The BMC engine is particularly useful in producing seeds that can pass through complex mathematical guards. Then, FuSeBMC runs its engines with extended time limits using the smart seeds created in the previous round. FuSeBMC manages this process in two main ways. Firstly, it uses shared memory to record the labels covered by each test case. Secondly, it evaluates test cases, and those of high impact are turned into seeds for subsequent test fuzzing. In this year’s competition, we participate in the Cover-Error, Cover-Branches, and Overall categories. The Test-Comp 2022 results show that we significantly increased our code coverage score from last year, outperforming all tools in all categories.

Publisher

Springer International Publishing

Link

https://link.springer.com/content/pdf/10.1007/978-3-030-99429-7_19

Reference12 articles.

1. Clang documentation. http://clang.llvm.org/docs/index.html.

2. American fuzzy lop. https://lcamtuf.coredump.cx/afl/.

3. Kaled Alshmrany et al. FuSeBMC: A white-box fuzzer for finding security vulnerabilities in C programs. In FASE, pages 363–367, 2021.

4. Kaled Alshmrany et al. FuSeBMC: An energy-efficient test generator for finding security vulnerabilities in C programs. International Conference on TAP, pages 85-105, 2021.

5. Beyer, D.: Status report on software testing: Test-Comp 2021. In FASE, pages 341–357, 2021.

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Towards Integrity and Reliability in Embedded Systems: The Synergy of ESBMC and Arduino Integration;2023 XIII Brazilian Symposium on Computing Systems Engineering (SBESC);2023-11-21

2. Reducing non-occurrence of specified runtime errors to all-path reachability problems of constrained rewriting;Journal of Logical and Algebraic Methods in Programming;2023-10

3. Interactive Application Security Testing with Hybrid Fuzzing and Statistical Estimators;CyberSecurity in a DevOps Environment;2023-08-23

4. The Cubicle Fuzzy Loop: A Fuzzing-Based Extension for the Cubicle Model Checker;Software Engineering and Formal Methods;2023

5. FuSeBMC_IA: Interval Analysis and Methods for Test Case Generation;Fundamental Approaches to Software Engineering;2023