Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
Thu 24 Sep 2020 01:30 - 01:50 at Kangaroo - Test Efficiency Chair(s): Darko Marinov

Coverage-guided fuzzing is one of the most popular software testing techniques for vulnerability detection. While effective, current fuzzing methods suffer from significant performance penalty due to instrumentation overhead, which limits its practical use. Existing solutions improve the fuzzing speed by decreasing instrumentation overheads but sacrificing coverage accuracy, which results in unstable performance of vulnerability detection.

In this paper, we propose a coverage-sensitive tracing and scheduling framework Zeror that can improve the performance of existing fuzzers, especially in their speed and vulnerability detection. The Zeror is mainly made up of two parts: (1) a self-modifying tracing mechanism to provide a zero-overhead instrumentation for more effective coverage collection, and (2) a real-time scheduling mechanism to support adaptive switch between the zero-overhead instrumented binary and the fully instrumented binary for better vulnerability detection. In this way, Zeror is able to decrease collection overhead and preserve fine-grained coverage for guidance.

For evaluation, we implement a prototype of Zeror and evaluate it on Google fuzzer-test-suite, which consists of 24 widely-used applications. The results show that Zeror performs better than existing fuzzing speed-up frameworks such as Untracer and INSTRIM, improves the execution speed of the state-of-the-art fuzzers such as AFL and MOPT by 159.80%, helps them achieve better coverage (averagely 10.14% for AFL, 6.91% for MOPT) and detect vulnerabilities faster (averagely 29.00% for AFL, 46.99% for MOPT).

Thu 24 Sep

Displayed time zone: (UTC) Coordinated Universal Time change

01:10 - 02:10
Test EfficiencyResearch Papers / NIER track at Kangaroo
Chair(s): Darko Marinov University of Illinois at Urbana-Champaign
Research paper
Multiplex Symbolic Execution: Exploring Multiple Paths by Solving Once
Research Papers
Yufeng Zhang College of Information Science and Engineering, Hunan University, Zhenbang Chen College of Computer, National University of Defense Technology, Changsha, PR China, Ziqi Shuai National University of Defense Technology, Tianqi Zhang National University of Defense Technology, Kenli Li College of Information Science and Engineering, National Supercomputing Center in Changsha, Hunan University, Ji Wang National University of Defense Technology
Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling
Research Papers
Chijin Zhou Tsinghua University, Mingzhe Wang School of Software, Tsinghua University, Jie Liang School of Software, Tsinghua University, Zhe Liu Nanjing University of Aeronautics and Astronautics, Yu Jiang
SRRTA: Regression Testing Acceleration via State Reuse
NIER track
Jinhao Dong Peking University, Yiling Lou Peking University, China, Dan Hao Peking University, China