FairFuzz-TC: a fuzzer targeting rare branches (original) (raw)

Abstract

FairFuzz is a coverage-guided mutational fuzzing tool based on AFL, which targets its mutation strategy towards rare branches in the program. FairFuzz was built to run on command-line C\({\backslash }\)C++ programs which accept a single file as input. We introduce the modifications to FairFuzz which enable it to run on Test-Comp benchmarks; we refer to this altered version as FairFuzz-TC. FairFuzz-TC placed in the middle of the testing competition. FairFuzz-TC had better performance on the error-finding benchmarks than on the branch coverage benchmarks. We analyze the results and find that the benchmarks on which FairFuzz-TC has the most difficulties are those where (a) most functionality is under hard comparisons (requiring precise input values), (b) getting a seed input on which the program does not crash or time out is difficult, or (c) the program takes too much time to execute.

Access this article

Log in via an institution

Subscribe and save

• Starting from 10 chapters or articles per month
• Access and download chapters and articles from more than 300k books and 2,500 journals
• Cancel anytime View plans

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

Notes

1. Technically, branch coverage used by FairFuzz and AFL does not map directly to source code branches. Rather, FairFuzz looks at the coverage of basic block transitions, which also covers function calls and returns, while loop entries and exits, etc. We use the term branch for simplicity of presentation.

References

1. Zalewski, M.: American fuzzy lop. http://lcamtuf.coredump.cx/afl (2014). Accessed 18 Aug 2017
2. Lemieux, C., Sen, K.: FairFuzz: a targeted mutation strategy for increasing greybox fuzz testing coverage. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. ASE ’18 (2018)
3. Böhme, M., Pham, V.T., Roychoudhury, A.: Coverage-based greybox fuzzing as Markov chain. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS ’16 (2016)
4. Rawat, S., Jain, V., Kumar, A., Cojocar, L., Giuffrida, C., Bos, H.: VUzzer: application-aware evolutionary fuzzing. In: Proceedings of the 2017 Network and Distributed System Security Symposium. NDSS ’17 (2017)
5. Li, Y., Chen, B., Chandramohan, M., Lin, S.W., Liu, Y., Tiu, A.: Steelix: program-state based binary fuzzing. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ESEC/FSE 2017 (2017)
6. laf-intel. https://lafintel.wordpress.com/ (2016). Accessed 23 Aug 2017
7. Klees, G.T., Ruef, A., Cooper, B., Wei, S., Hicks, M.: Evaluating fuzz testing. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2018)

Download references

Author information

Authors and Affiliations

1. University of California Berkeley, Berkeley, CA, 94709, USA
   Caroline Lemieux & Koushik Sen

Authors

1. Caroline Lemieux
2. Koushik Sen

Corresponding author

Correspondence toCaroline Lemieux.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Caroline Lemieux: Test-Comp 2019 Jury Member.

Rights and permissions

About this article

Cite this article

Lemieux, C., Sen, K. FairFuzz-TC: a fuzzer targeting rare branches.Int J Softw Tools Technol Transfer 23, 863–866 (2021). https://doi.org/10.1007/s10009-020-00569-w

Download citation

• Published: 06 July 2020
• Version of record: 06 July 2020
• Issue date: December 2021
• DOI: https://doi.org/10.1007/s10009-020-00569-w

Keywords