Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
Thu 24 Sep 2020 01:30 - 01:50 at Kangaroo - Test Efficiency Chair(s): Darko Marinov

Coverage-guided fuzzing is one of the most popular software testing techniques for vulnerability detection. While effective, current fuzzing methods suffer from significant performance penalty due to instrumentation overhead, which limits its practical use. Existing solutions improve the fuzzing speed by decreasing instrumentation overheads but sacrificing coverage accuracy, which results in unstable performance of vulnerability detection.

In this paper, we propose a coverage-sensitive tracing and scheduling framework Zeror that can improve the performance of existing fuzzers, especially in their speed and vulnerability detection. The Zeror is mainly made up of two parts: (1) a self-modifying tracing mechanism to provide a zero-overhead instrumentation for more effective coverage collection, and (2) a real-time scheduling mechanism to support adaptive switch between the zero-overhead instrumented binary and the fully instrumented binary for better vulnerability detection. In this way, Zeror is able to decrease collection overhead and preserve fine-grained coverage for guidance.

For evaluation, we implement a prototype of Zeror and evaluate it on Google fuzzer-test-suite, which consists of 24 widely-used applications. The results show that Zeror performs better than existing fuzzing speed-up frameworks such as Untracer and INSTRIM, improves the execution speed of the state-of-the-art fuzzers such as AFL and MOPT by 159.80%, helps them achieve better coverage (averagely 10.14% for AFL, 6.91% for MOPT) and detect vulnerabilities faster (averagely 29.00% for AFL, 46.99% for MOPT).

Thu 24 Sep
Times are displayed in time zone: (UTC) Coordinated Universal Time change

01:10 - 02:10: Test EfficiencyResearch Papers / NIER track at Kangaroo
Chair(s): Darko MarinovUniversity of Illinois at Urbana-Champaign
01:10 - 01:30
Research paper
Multiplex Symbolic Execution: Exploring Multiple Paths by Solving Once
Research Papers
Yufeng ZhangCollege of Information Science and Engineering, Hunan University, Zhenbang ChenCollege of Computer, National University of Defense Technology, Changsha, PR China, Ziqi ShuaiNational University of Defense Technology, Tianqi ZhangNational University of Defense Technology, Kenli LiCollege of Information Science and Engineering, National Supercomputing Center in Changsha, Hunan University, Ji WangNational University of Defense Technology
01:30 - 01:50
Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling
Research Papers
Chijin ZhouTsinghua University, Mingzhe WangSchool of Software, Tsinghua University, Jie LiangSchool of Software, Tsinghua University, Zhe LiuNanjing University of Aeronautics and Astronautics, Yu Jiang
01:50 - 02:00
SRRTA: Regression Testing Acceleration via State Reuse
NIER track
Jinhao DongPeking University, Yiling LouPeking University, China, Dan HaoPeking University, China