Affiliation:
1. ETH Zurich, Switzerland
Abstract
Coverage-guided fuzzing is one of the most effective approaches for discovering software defects and vulnerabilities. It executes all mutated tests from seed inputs to expose coverage-increasing tests. However, executing all mutated tests incurs significant performance penalties---most of the mutated tests are discarded because they do not increase code coverage. Thus, determining if a test increases code coverage without actually executing it is beneficial, but a paradoxical challenge. In this paper, we introduce the notion of prefix-guided execution (PGE) to tackle this challenge. PGE leverages two key observations: (1) Only a tiny fraction of the mutated tests increase coverage, thus requiring full execution; and (2) whether a test increases coverage may be accurately inferred from its partial execution. PGE monitors the execution of a test and applies early termination when the execution prefix indicates that the test is unlikely to increase coverage.
To demonstrate the potential of PGE, we implement a prototype on top of AFL++, which we call AFL++-PGE. We evaluate AFL++-PGE on MAGMA, a ground-truth benchmark set that consists of 21 programs from nine popular real-world projects. Our results show that, after 48 hours of fuzzing, AFL++-PGE finds more bugs, discovers bugs faster, and achieves higher coverage.
Prefix-guided execution is general and can benefit the AFL-based family of fuzzers.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,Software
Reference55 articles.
1. Mike Aizatsky Kostya Serebryany Oliver Chang Abhishek Arya and Meredith Whittaker. 2016. Announcing OSS-Fuzz: Continuous fuzzing for open source software. Google Testing Blog. Mike Aizatsky Kostya Serebryany Oliver Chang Abhishek Arya and Meredith Whittaker. 2016. Announcing OSS-Fuzz: Continuous fuzzing for open source software. Google Testing Blog.
2. Austin Appleby. 2016. MurmurHash3. https://github.com/aappleby/smhasher/wiki/MurmurHash3 Austin Appleby. 2016. MurmurHash3. https://github.com/aappleby/smhasher/wiki/MurmurHash3
3. REDQUEEN: Fuzzing with Input-to-State Correspondence;Aschermann Cornelius;Network and Distributed System Security.,2019
4. Fuzzing: on the exponential cost of vulnerability discovery
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Logos: Log Guided Fuzzing for Protocol Implementations;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11
2. Instiller: Toward Efficient and Realistic RTL Fuzzing;IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems;2024-07
3. Machine Translation Testing via Syntactic Tree Pruning;ACM Transactions on Software Engineering and Methodology;2024-06-04
4. UBFuzz: Finding Bugs in Sanitizer Implementations;Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 1;2024-04-17
5. DiPri
: Distance-based Seed Prioritization for Greybox Fuzzing;ACM Transactions on Software Engineering and Methodology;2024-03-26