FuSeBMC v4: Improving Code Coverage with Smart Seeds via BMC, Fuzzing and Static Analysis-Reference-Cited by-同舟云学术

FuSeBMC v4: Improving Code Coverage with Smart Seeds via BMC, Fuzzing and Static Analysis

Published:2024-06-26 Issue:2 Volume:36 Page:1-25
ISSN:0934-5043
Container-title:Formal Aspects of Computing
language:en
Short-container-title:Form. Asp. Comput.

Author:

Alshmrany Kaled¹^ORCID,Aldughaim Mohannad²^ORCID,Bhayat Ahmed³^ORCID,Cordeiro Lucas²^ORCID

Affiliation:

1. Institute of Public Administration, Jeddah, Saudi Arabia and Department of Computer Science, The University of Manchester, Manchester, United Kingdom of Great Britain and Northern Ireland

2. The University of Manchester, Manchester United Kingdom of Great Britain and Northern Ireland

3. The University of Manchester, Manchester, United Kingdom of Great Britain and Northern Ireland

Abstract

Bounded model checking (BMC) and fuzzing techniques are among the most effective methods for detecting errors and security vulnerabilities in software. However, there are still shortcomings in detecting these errors due to the inability of existing methods to cover large areas in target code. We propose FuSeBMC v4, a test generator that synthesizes seeds with useful properties, that we refer to as smart seeds , to improve the performance of its hybrid fuzzer thereby achieving high C program coverage. FuSeBMC works by first analyzing and incrementally injecting goal labels into the given C program to guide BMC and Evolutionary Fuzzing engines. After that, the engines are employed for an initial period to produce the so–called smart seeds. Finally, the engines are run again, with these smart seeds as starting seeds, in an attempt to achieve maximum code coverage/find bugs. During seed generation and normal running, the Tracer subsystem aids coordination between the engines. This subsystem conducts additional coverage analysis and updates a shared memory with information on goals covered so far. Furthermore, the Tracer evaluates test-cases dynamically to convert cases into seeds for subsequent test fuzzing. Thus, the BMC engine can provide the seed that allows the fuzzing engine to bypass complex mathematical guards (e.g., input validation). As a result, we received three awards for participation in the fourth international competition in software testing (Test-Comp 2022), outperforming all state-of-the-art tools in every category, including the coverage category.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3665337

Reference76 articles.

1. 2015. Clang Documentation. Retrieved August 2019 from http://clang.llvm.org/docs/index.html

2. 2021. American Fuzzy Lop. Retrieved 10 Nov. 2021 from https://lcamtuf.coredump.cx/afl/

3. F. K. Aljaafari R. Menezes E. Manino F. Shmarov M. A. Mustafa and L. C. Cordeiro. 2022. Combining BMC and fuzzing techniques for finding software vulnerabilities in concurrent programs. In IEEE Access 10 (2022) 121365–121384. DOI:10.1109/ACCESS.2022.3223359

4. Kaled M. Alshmrany, Mohannad Aldughaim, Ahmed Bhayat, and Lucas C. Cordeiro. 2021. FuSeBMC: An energy-efficient test generator for finding security vulnerabilities in C programs. In Proceedings of the International Conference on Tests and Proofs (TAP). Springer, 85–105.

5. Kaled M. Alshmrany, Mohannad Aldughaim, Ahmed Bhayat, and Lucas C. Cordeiro. 2022. FuSeBMC v4: Smart seed generation for hybrid fuzzing. In Proceedings of the 25th International Conference on Fundamental Approaches to Software Engineering (FASE). Springer, 336–340.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Refining CEGAR-Based Test-Case Generation with Feasibility Annotations;Lecture Notes in Computer Science;2024-09-10