The paper introduces PrescientFuzz, a grey-box fuzzing approach that aims to improve the early exploration of the system under test (SUT) by leveraging information from the SUT's control flow graph.
The key ideas are:
Direct Neighbours: PrescientFuzz identifies the set of basic blocks that are directly reachable from the blocks covered by the current input, but have not yet been covered by other inputs in the fuzzing queue. This information is used to prioritize inputs that can reach more uncovered blocks.
Reachable Blocks: PrescientFuzz extends the direct neighbour concept by considering all blocks that are reachable from the covered blocks without visiting any already covered blocks. This provides a more comprehensive view of the exploration potential of each input.
Rarity Weighting: To balance the fuzzing effort across different reachable blocks, PrescientFuzz assigns higher weights to inputs that can reach less frequently seen reachable blocks.
Depth Weighting: PrescientFuzz also considers the depth (number of conditional branches) required to reach each reachable block, prioritizing inputs that can reach more immediately accessible blocks.
The authors implemented PrescientFuzz using the LibAFL fuzzing framework and evaluated it against state-of-the-art fuzzers on the FuzzBench benchmark suite. The results show that PrescientFuzz outperformed other fuzzers on 5 out of the 11 benchmarks tested, demonstrating the effectiveness of their approach in improving early coverage exploration.
To Another Language
from source content
arxiv.org
Thông tin chi tiết chính được chắt lọc từ
by Daniel Black... lúc arxiv.org 04-30-2024
https://arxiv.org/pdf/2404.18887.pdfYêu cầu sâu hơn