TY - GEN
T1 - SLF
T2 - 41st IEEE/ACM International Conference on Software Engineering, ICSE 2019
AU - You, Wei
AU - Liu, Xuwei
AU - Ma, Shiqing
AU - Perry, David
AU - Zhang, Xiangyu
AU - Liang, Bin
N1 - Funding Information:
The authors would like to thank the anonymous reviewers for their constructive comments. Also, the authors would like to express their thanks to Yang Xiao and Hui Peng for their help in experiment settings and Xinjie Wang for her help in illustration. The authors were supported in part by DARPA FA8650-15-C-7562,NSF 1748764 and 1409668, ONR N000141410468 and N000141712947, Sandia National Lab under award 1701331, and NSFC U1836209.
Publisher Copyright:
© 2019 IEEE.
PY - 2019/5
Y1 - 2019/5
N2 - Fuzzing is an important technique to detect software bugs and vulnerabilities. It works by mutating a small set of seed inputs to generate a large number of new inputs. Fuzzers' performance often substantially degrades when valid seed inputs are not available. Although existing techniques such as symbolic execution can generate seed inputs from scratch, they have various limitations hindering their applications in real-world complex software. In this paper, we propose a novel fuzzing technique that features the capability of generating valid seed inputs. It piggy-backs on AFL to identify input validity checks and the input fields that have impact on such checks. It further classifies these checks according to their relations to the input. Such classes include arithmetic relation, object offset, data structure length and so on. A multi-goal search algorithm is developed to apply class-specific mutations in order to satisfy inter-dependent checks all together. We evaluate our technique on 20 popular benchmark programs collected from other fuzzing projects and the Google fuzzer test suite, and compare it with existing fuzzers AFL and AFLFast, symbolic execution engines KLEE and S2E, and a hybrid tool Driller that combines fuzzing with symbolic execution. The results show that our technique is highly effective and efficient, out-performing the other tools.
AB - Fuzzing is an important technique to detect software bugs and vulnerabilities. It works by mutating a small set of seed inputs to generate a large number of new inputs. Fuzzers' performance often substantially degrades when valid seed inputs are not available. Although existing techniques such as symbolic execution can generate seed inputs from scratch, they have various limitations hindering their applications in real-world complex software. In this paper, we propose a novel fuzzing technique that features the capability of generating valid seed inputs. It piggy-backs on AFL to identify input validity checks and the input fields that have impact on such checks. It further classifies these checks according to their relations to the input. Such classes include arithmetic relation, object offset, data structure length and so on. A multi-goal search algorithm is developed to apply class-specific mutations in order to satisfy inter-dependent checks all together. We evaluate our technique on 20 popular benchmark programs collected from other fuzzing projects and the Google fuzzer test suite, and compare it with existing fuzzers AFL and AFLFast, symbolic execution engines KLEE and S2E, and a hybrid tool Driller that combines fuzzing with symbolic execution. The results show that our technique is highly effective and efficient, out-performing the other tools.
KW - fuzzing
KW - seed inputs
UR - http://www.scopus.com/inward/record.url?scp=85072286018&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85072286018&partnerID=8YFLogxK
U2 - 10.1109/ICSE.2019.00080
DO - 10.1109/ICSE.2019.00080
M3 - Conference contribution
AN - SCOPUS:85072286018
T3 - Proceedings - International Conference on Software Engineering
SP - 712
EP - 723
BT - Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering, ICSE 2019
PB - IEEE Computer Society
Y2 - 25 May 2019 through 31 May 2019
ER -