Hashing fuzzing: introducing input diversity to improve crash detection
Article
Menéndez, H. and Clark, D. 2022. Hashing fuzzing: introducing input diversity to improve crash detection. IEEE Transactions on Software Engineering. 48 (9), pp. 3540-3553. https://doi.org/10.1109/TSE.2021.3100858
Type | Article |
---|---|
Title | Hashing fuzzing: introducing input diversity to improve crash detection |
Authors | Menéndez, H. and Clark, D. |
Abstract | The utility of a test set of program inputs is strongly influenced by its diversity and its size. Syntax coverage has become a standard proxy for diversity. Although more sophisticated measures exist, such as proximity of a sample to a uniform distribution, methods to use them tend to be type dependent. We use r-wise hash functions to create a novel, semantics preserving, testability transformation for C programs that we call HashFuzz. Use of HashFuzz improves the diversity of test sets produced by instrumentation-based fuzzers. We evaluate the effect of the HashFuzz transformation on eight programs from the Google Fuzzer Test Suite using four state-of-the-art fuzzers that have been widely used in previous research. We demonstrate pronounced improvements in the performance of the test sets for the transformed programs across all the fuzzers that we used. These include strong improvements in diversity in every case, maintenance or small improvement in branch coverage – up to 4.8% improvement in the best case, and significant improvement in unique crash detection numbers – between 28% to 97% increases compared to test sets for untransformed programs |
Publisher | Institute of Electrical and Electronics Engineers |
Journal | IEEE Transactions on Software Engineering |
ISSN | 0098-5589 |
Electronic | 1939-3520 |
Publication dates | |
Online | 30 Jul 2021 |
01 Sep 2022 | |
Publication process dates | |
Deposited | 27 Jul 2021 |
Submitted | 10 Jul 2020 |
Accepted | 15 Jul 2021 |
Output status | Published |
Accepted author manuscript | |
Copyright Statement | © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
Digital Object Identifier (DOI) | https://doi.org/10.1109/TSE.2021.3100858 |
Language | English |
https://repository.mdx.ac.uk/item/89720
Download files
35
total views48
total downloads0
views this month0
downloads this month