Write a Blog >>
ASE 2021
Sun 14 - Sat 20 November 2021 Australia
Wed 17 Nov 2021 21:00 - 21:20 at Koala - Fuzzing and Smells Chair(s): Xiaoyuan Xie

As one of the most successful methods at vulnerability discovery, coverage-based greybox fuzzing relies on the lightweight compile-time instrumentation to achieve the fine-grained coverage feedback of the target program. Researchers improve it by optimizing the coverage metrics without questioning the correctness of the instrumentation. However, instrumentation errors, including missed instrumentation locations and redundant instrumentation locations, harm the ability of fuzzers. According to our experiments, it is a common and severe problem in various coverage-based greybox fuzzers and at different compiler optimization levels. In this paper, we design and implement InstruGuard, an open-source and pragmatic platform to find and fix instrumentation errors. It detects instrumentation errors by static analysis on target binaries, and fixes them with a general solution based on binary rewriting. To study the impact of instrumentation errors and test our solutions, we built a dataset of 15 real-world programs and selected 6 representative fuzzers as targets. We used InstruGuard to check and repair the instrumented binaries with different fuzzers and different compiler optimization options. To evaluate the effectiveness of the repair, we ran the fuzzers with original instrumented programs and the repaired ones, and compared the fuzzing results from aspects of execution paths, line coverage, and real bug findings. The results showed that InstruGuard had corrected the instrumentation errors of different fuzzers and helped to find more bugs in the dataset. Moreover, we discovered one new zero-day vulnerability missed by other fuzzers with fixed instrumentation but without any changes to the fuzzers.

Wed 17 Nov

Displayed time zone: Hobart change

21:00 - 22:00
Fuzzing and SmellsResearch Papers at Koala
Chair(s): Xiaoyuan Xie School of Computer Science, Wuhan University, China
21:00
20m
Talk
InstruGuard: Find and Fix Instrumentation Errors for Coverage-based Greybox Fuzzing
Research Papers
Yuwei Liu Institute of Software, Chinese Academy of Sciences, Yanhao Wang QiAnXin Technology Research Institute, Purui Su Institute of Software/CAS China, Yuanping Yu Institute of Software, Chinese Academy of Sciences, Xiangkun Jia Institute of Software Chinese Academy of Sciences
21:20
20m
Talk
RULF: Rust Library Fuzzing via API Dependency Graph TraversalACM Distinguished Paper
Research Papers
Jianfeng Jiang Fudan University, Hui Xu Fudan University, Yangfan Zhou Fudan University
Pre-print
21:40
20m
Talk
PyNose: A Test Smell Detector For Python
Research Papers
Tongjie Wang University of California, Irvine, Yaroslav Golubev JetBrains Research, Oleg Smirnov JetBrains Research, Saint Petersburg State University, Jiawei Li University of California, Irvine, Timofey Bryksin JetBrains Research; HSE University, Iftekhar Ahmed University of California, Irvine
Pre-print