Litcius/Paper detail

One Fuzz Doesn’t Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction

Prashast Srivastava, Stefan Nagy, Matthew Hicks, Antonio Bianchi, Mathias Payer

202215 citationsDOIOpen Access PDF

Abstract

Fuzzing is the de-facto default technique to discover software flaws, randomly testing programs to discover crashing test cases. Yet, a particular scenario may only care about specific code regions (for, e.g., bug reproduction, patch or regression testing)—spurring the adoption of directed fuzzing. Given a set of pre-determined target locations, directed fuzzers drive exploration toward them through distance minimization strategies that (1) isolate the closest-reaching test cases and (2) mutate them stochastically. However, these strategies are applied onto every explored test case—irrespective of whether they ever reach the targets—stalling progress on the paths where targets are unreachable. Accelerating directed fuzzing requires prioritizing target-reachable paths.

Topics & Concepts

Fuzz testingComputer scienceSet (abstract data type)Regression testingCode coverageTest caseCode (set theory)MinificationJavaSoftware bugSoftwareMachine learningProgramming languageSoftware developmentRegression analysisSoftware constructionSoftware Testing and Debugging TechniquesSoftware Reliability and Analysis ResearchSoftware Engineering Research
One Fuzz Doesn’t Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction | Litcius