FairFuzz: Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage.
作者: Caroline Lemieux , Koushik Sen
关键词:
摘要: In recent years, fuzz testing has proven itself to be one of the most effective techniques for finding correctness bugs and security vulnerabilities in practice. One particular tool, American Fuzzy Lop or AFL, become popular thanks its ease-of-use bug-finding power. However, AFL remains limited depth program coverage it achieves, because does not consider which parts inputs should mutated order maintain deep coverage. We propose an approach, FairFuzz, that helps alleviate this limitation two key steps. First, FairFuzz automatically prioritizes exercising rare under test. Second, adjusts mutation so are more likely exercise these same program. conduct evaluation on real-world programs against state-of-the-art versions thoroughly repeating experiments get good measures variability. find certain benchmarks shows significant increases after 24 hours compared while others achieves high at a significantly faster rate.
arxiv.org
harvard.edu
sci-hub.se 参考文章(39)
Guodong Li, Indradeep Ghosh, Sreeranga P. Rajan, KLOVER: a symbolic execution and automatic test generation tool for C++ programs computer aided verification. pp. 609- 615 ,(2011) , 10.1007/978-3-642-22110-1_49
Matthias Neugschwandtner, Asia Slowinska, Istvan Haller, Herbert Bos, Dowsing for overflows: a guided fuzzer to find buffer boundary violations usenix security symposium. pp. 49- 64 ,(2013)
Kim Herzig, Andreas Zeller, Christian Holler, Fuzzing with code fragments usenix security symposium. pp. 38- 38 ,(2012)
Sang Kil Cha, Maverick Woo, David Brumley, Program-Adaptive Mutational Fuzzing 2015 IEEE Symposium on Security and Privacy. pp. 725- 741 ,(2015) , 10.1109/SP.2015.50
Koushik Sen, Gul Agha, CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools Computer Aided Verification. pp. 419- 423 ,(2006) , 10.1007/11817963_38
J. Clark, M. Harman, Metrics are fitness functions too ieee international software metrics symposium. pp. 58- 69 ,(2004) , 10.1109/METRICS.2004.30
Cristian Cadar, Daniel Dunbar, Dawson Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs operating systems design and implementation. pp. 209- 224 ,(2008) , 10.5555/1855741.1855756
Carlos Pacheco, Michael D. Ernst, Randoop Companion to the 22nd ACM SIGPLAN conference on Object oriented programming systems and applications companion - OOPSLA '07. pp. 815- 816 ,(2007) , 10.1145/1297846.1297902
Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, David Brumley, Enhancing symbolic execution with veritesting international conference on software engineering. pp. 1083- 1094 ,(2014) , 10.1145/2568225.2568293
Gordon Fraser, Andrea Arcuri, EvoSuite: automatic test suite generation for object-oriented software foundations of software engineering. pp. 416- 419 ,(2011) , 10.1145/2025113.2025179