A major bottleneck that remains when fuzzing software libraries is the need for fuzz drivers, i.e., the glue code between the fuzzer and the library. Despite years of fuzzing, critical security flaws are still found, e.g., by manual auditing, because the fuzz drivers do not cover the complex interactions between the library and the host programs using it.
In this work we propose an alternative approach to library fuzzing, which leverages a valid execution context that is set up by a given program using the library (the host), and amplify its execution. More specifically, we execute the host until a designated function from a list of target functions has been reached, and then perform coverage-guided function-level fuzzing on it. Once the fuzzing quota is exhausted, we move on to fuzzing the next target from the list. In this way we not only reduce the amount of manual work needed by a developer to incorporate fuzzing into their workflow, but we also allow the fuzzer to explore parts of the library as they are used in real-world programs that may otherwise not have been tested due to the simplicity of most fuzz drivers.
Thu 1 MayDisplayed time zone: Eastern Time (US & Canada) change
14:00 - 15:30 | Testing and QA 3Research Track / Journal-first Papers at 205 Chair(s): Michael Pradel University of Stuttgart | ||
14:00 15mTalk | Increasing the Effectiveness of Automatically Generated Tests by Improving Class ObservabilityAward Winner Research Track Geraldine Galindo-Gutierrez Centro de Investigación en Ciencias Exactas e Ingenierías, Universidad Católica Boliviana, Juan Pablo Sandoval Alcocer Pontificia Universidad Católica de Chile, Nicolas Jimenez-Fuentes Pontificia Universidad Católica de Chile, Alexandre Bergel University of Chile, Gordon Fraser University of Passau | ||
14:15 15mTalk | Invivo Fuzzing by Amplifying Actual Executions Research Track | ||
14:30 15mTalk | Towards High-strength Combinatorial Interaction Testing for Highly Configurable Software Systems Research Track Chuan Luo Beihang University, Shuangyu Lyu Beihang University, Wei Wu Central South University; Xiangjiang Laboratory, Hongyu Zhang Chongqing University, Dianhui Chu Harbin Institute of Technology, Chunming Hu Beihang University | ||
14:45 15mTalk | WDD: Weighted Delta Debugging Research Track Xintong Zhou University of Waterloo, Zhenyang Xu University of Waterloo, Mengxiao Zhang University of Waterloo, Yongqiang Tian , Chengnian Sun University of Waterloo | ||
15:00 15mTalk | TopSeed: Learning Seed Selection Strategies for Symbolic Execution from Scratch Research Track | ||
15:15 15mTalk | Hunting bugs: Towards an automated approach to identifying which change caused a bug through regression testing Journal-first Papers Michel Maes Bermejo Universidad Rey Juan Carlos, Alexander Serebrenik Eindhoven University of Technology, Micael Gallego Universidad Rey Juan Carlos, Francisco Gortázar Universidad Rey Juan Carlos, Gregorio Robles Universidad Rey Juan Carlos, Jesus M. Gonzalez-Barahona Universidad Rey Juan Carlos | ||