Hashing fuzzing: introducing input diversity to improve crash detection

Article


Menéndez, H. and Clark, D. 2022. Hashing fuzzing: introducing input diversity to improve crash detection. IEEE Transactions on Software Engineering. 48 (9), pp. 3540-3553. https://doi.org/10.1109/TSE.2021.3100858
TypeArticle
TitleHashing fuzzing: introducing input diversity to improve crash detection
AuthorsMenéndez, H. and Clark, D.
Abstract

The utility of a test set of program inputs is strongly influenced by its diversity and its size. Syntax coverage has become a standard proxy for diversity. Although more sophisticated measures exist, such as proximity of a sample to a uniform distribution, methods to use them tend to be type dependent. We use r-wise hash functions to create a novel, semantics preserving, testability transformation for C programs that we call HashFuzz. Use of HashFuzz improves the diversity of test sets produced by instrumentation-based fuzzers. We evaluate the effect of the HashFuzz transformation on eight programs from the Google Fuzzer Test Suite using four state-of-the-art fuzzers that have been widely used in previous research. We demonstrate pronounced improvements in the performance of the test sets for the transformed programs across all the fuzzers that we used. These include strong improvements in diversity in every case, maintenance or small improvement in branch coverage – up to 4.8% improvement in the best case, and significant improvement in unique crash detection numbers – between 28% to 97% increases compared to test sets for untransformed programs

PublisherInstitute of Electrical and Electronics Engineers
JournalIEEE Transactions on Software Engineering
ISSN0098-5589
Electronic1939-3520
Publication dates
Online30 Jul 2021
Print01 Sep 2022
Publication process dates
Deposited27 Jul 2021
Submitted10 Jul 2020
Accepted15 Jul 2021
Output statusPublished
Accepted author manuscript
Copyright Statement

© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Digital Object Identifier (DOI)https://doi.org/10.1109/TSE.2021.3100858
LanguageEnglish
Permalink -

https://repository.mdx.ac.uk/item/89720

Download files


Accepted author manuscript
  • 39
    total views
  • 49
    total downloads
  • 4
    views this month
  • 1
    downloads this month

Export as