Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling
Coverage-guided fuzzing is one of the most popular software testing techniques for vulnerability detection. While effective, current fuzzing methods suffer from significant performance penalty due to instrumentation overhead, which limits its practical use. Existing solutions improve the fuzzing speed by decreasing instrumentation overheads but sacrificing coverage accuracy, which results in unstable performance of vulnerability detection.
In this paper, we propose a coverage-sensitive tracing and scheduling framework Zeror that can improve the performance of existing fuzzers, especially in their speed and vulnerability detection. The Zeror is mainly made up of two parts: (1) a self-modifying tracing mechanism to provide a zero-overhead instrumentation for more effective coverage collection, and (2) a real-time scheduling mechanism to support adaptive switch between the zero-overhead instrumented binary and the fully instrumented binary for better vulnerability detection. In this way, Zeror is able to decrease collection overhead and preserve fine-grained coverage for guidance.
For evaluation, we implement a prototype of Zeror and evaluate it on Google fuzzer-test-suite, which consists of 24 widely-used applications. The results show that Zeror performs better than existing fuzzing speed-up frameworks such as Untracer and INSTRIM, improves the execution speed of the state-of-the-art fuzzers such as AFL and MOPT by 159.80%, helps them achieve better coverage (averagely 10.14% for AFL, 6.91% for MOPT) and detect vulnerabilities faster (averagely 29.00% for AFL, 46.99% for MOPT).
Thu 24 SepDisplayed time zone: (UTC) Coordinated Universal Time change
01:10 - 02:10 | Test EfficiencyResearch Papers / NIER track at Kangaroo Chair(s): Darko Marinov University of Illinois at Urbana-Champaign | ||
01:10 20mResearch paper | Multiplex Symbolic Execution: Exploring Multiple Paths by Solving Once Research Papers Yufeng Zhang College of Information Science and Engineering, Hunan University, Zhenbang Chen College of Computer, National University of Defense Technology, Changsha, PR China, Ziqi Shuai National University of Defense Technology, Tianqi Zhang National University of Defense Technology, Kenli Li College of Information Science and Engineering, National Supercomputing Center in Changsha, Hunan University, Ji Wang National University of Defense Technology Pre-print | ||
01:30 20mTalk | Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling Research Papers Chijin Zhou Tsinghua University, Mingzhe Wang School of Software, Tsinghua University, Jie Liang School of Software, Tsinghua University, Zhe Liu Nanjing University of Aeronautics and Astronautics, Yu Jiang | ||
01:50 10mTalk | SRRTA: Regression Testing Acceleration via State Reuse NIER track Jinhao Dong Peking University, Yiling Lou Peking University, China, Dan Hao Peking University, China |