DeltaFuzz: Historical Version Information Guided Fuzz Testing

Zhang, Jiaming; Cui, Zhanqi; Chen, Xiang; Wu, Huanhuan; Zheng, Lihua; Liu, Jianbin

doi:10.1007/s11390-021-1663-7

Cited by 8 publications

(8 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this study, we use vulnerability reproduction time and change point coverage time as indicators to confirm whether the testing resources are focussed on the change points and the change impact areas. These indicators are also commonly used by other fuzz testing works [19,28].…”

Section: Threates To Validitymentioning

confidence: 99%

“…Experiments show that BEACON can reproduce vulnerabilities faster than other tools, such as AFLGo and Hawkeye. Zhang et al implemented DeltaFuzz [28] to perform change impact analysis before fuzz testing begins and calculate the fitness of the seed test case according to its execution path. Testing resources will be allocated to the seeds with higher fitness.…”

Section: Directed Fuzz Testingmentioning

confidence: 99%

See 1 more Smart Citation

CIDFuzz: Fuzz testing for continuous integration

et al. 2023

View full text Add to dashboard Cite

As agile software development and extreme programing have become increasingly popular, continuous integration (CI) has become a widely used collaborative work method. However, it is common to make changes frequently to a project during CI. If existing testing methods are applied to CI directly, it will be difficult to make testing resources focus on changes generated by CI, which results in insufficient testing for changes. To solve this problem, we propose a fuzz testing method for CI. First, differential analysis is performed to determine the change points generated during CI, change points are added to the taint source set, and static analysis is conducted to calculate the distances between each basic block and the taint sources. Then, the project under test is instrumented according to the distances. During fuzz testing, testing resources are allocated based on seed coverage to test the change points effectively. Using the proposed methods, we implement CIDFuzz as a prototype tool, and experiments are conducted on four open-source projects that use CI. Experimental results show that, compared with AFL and AFLGo, CIDFuzz can reduce the time costs of covering change points up to 39.59% and 41.64%, respectively. Also, CIDFuzz can reduce the time costs of reproducing vulnerabilities up to 34.78% and 25.55%.

show abstract

Section: Threates To Validitymentioning

confidence: 99%

Section: Directed Fuzz Testingmentioning

confidence: 99%

CIDFuzz: Fuzz testing for continuous integration

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Thus, directed fuzzing towards problematic changes or patches has a higher chance of exposing bugs. For example, DeltaFuzz [25] and AFLChurn [26] are designed for regression testing. SemFuzz [22] uses code changes from git commit logs.…”

Section: Application Of Dgfmentioning

confidence: 99%

“…Meanwhile, CVE information, commit changes, binary diffing techniques, and tools such as UBSan and AddressSanitizer, are adopted to label various potential vulnerable code regions. Examples include DrillerGo [28], TortoiseFuzz [27], AFLChurn [26], GREYHOUND [15], DeltaFuzz [25], 1DVUL [23], SAVIOR [100] and HDR‐Fuzz [101]. The fuzzing process has been enhanced with various approaches, such as using data‐flow analysis and semantic analysis to generate valid input, using symbolic execution to pass complex constraints.…”

Section: Research Progress On Dgfmentioning

confidence: 99%

“…Current DGF tools can not only identify targets automatically but also expose target program behavior in a directed manner. A great number of variations have been used to boost software testing under different scenarios, such as patch testing [22][23][24], regression testing [25,26], bug reproduction [24,27,28], knowledge integration [29], result validation [30][31][32][33], energy-saving [15] and special bug detection [15,24,[34][35][36][37][38]. Though fast-growing and useful, DGF has general limitations and challenges that are worth further study.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

SummaryGreybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage‐guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs, blindly extending code coverage is less efficient, especially for corner cases. Unlike coverage‐guided greybox fuzzing which increases code coverage in an undirected manner, directed greybox fuzzing (DGF) spends most of its time allocation on reaching specific targets (e.g. the bug‐prone zone) without wasting resources stressing unrelated parts. Thus, DGF is particularly suitable for scenarios such as patch testing, bug reproduction, and special bug detection. For now, DGF has become an active research area. However, DGF has general limitations and challenges that are worth further studying. Based on the investigation of 42 state‐of‐the‐art fuzzers that are closely related to DGF, we conducted the first in‐depth study to summarize the empirical evidence on the research progress of DGF. This paper studies DGF from a broader view, which takes into account not only the location‐directed type that targets specific code parts but also the behavior‐directed type that aims to expose abnormal program behaviors. By analyzing the benefits and limitations of DGF research, we try to identify gaps in current research, meanwhile, reveal new research opportunities and suggest areas for further investigation.

show abstract