FuzzingDriver: the Missing Dictionary to Increase Code Coverage in Fuzzers

Arash Ale Ebrahim, Mohammadreza Hazhirpasand, Oscar Nierstrasz, and Mohammad Ghafari. FuzzingDriver: the Missing Dictionary to Increase Code Coverage in Fuzzers. In 29th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), March 2022. Details.

Abstract

We propose a tool, called FuzzingDriver, to generate dictionary tokens for coverage-based greybox fuzzers (CGF) from the codebase of any target program. FuzzingDriver does not add any overhead to the fuzzing job as it is run beforehand. We compared FuzzingDriver to Google dictionaries by fuzzing six open-source targets, and we found that FuzzingDriver consistently achieves higher code coverage in all tests. We also executed eight benchmarks on FuzzBench to demonstrate how utilizing FuzzingDriver’s dictionaries can outperform six widely-used CGF fuzzers. In future work, investigating the impact of FuzzingDriver’s dictionaries on improving bug coverage might prove important.

Posted by scg at 1 April 2022, 9:15 am link
Last changed by admin on 21 April 2009