P-Fuzz: A Parallel Grey-Box Fuzzing Framework

Song, Congxi; Zhou, Xu; Yin, Qidi; He, Xinglu; Zhang, Hangwei; Lü, Kai

doi:10.3390/app9235100

Cited by 12 publications

(10 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Depending on the number of instances we launch, we can averagely reduce 57.1% -60.3% of the overlaps and bring a 9.5% -10.2% increase in code coverage with AFL. Our evaluation also demonstrates that, compared to the state-of-the-art solutions of improving parallel fuzzing [22,39], our solution not only brings higher improvement to efficiency of edge coverage but also better preserves the capacity of the fuzzing tools. As a side benefit, AFL-EDGE triggers over 6K unique crashes, corresponding to 14 new bugs.…”

Section: Introductionmentioning

confidence: 80%

“…We run AFL as the baseline of our evaluation. To compare AFL-EDGE with the existing solutions, we also run P-FUZZ [39] and PAFL [22] on top of AFL. Because the implementations of P-FUZZ and PAFL are not publicly available, we re-implemented the two solutions following the algorithms presented in their publications [39,22].…”

Section: Methodsmentioning

confidence: 99%

“…In the literature, two solutions of improving parallel fuzzing, P-FUZZ [39] and PAFL [22], fit into our model. Both P-FUZZ and PAFL consider a fuzzing task is to run a round of mutations to a unique seed and they distribute a similar amount of unique seeds to each instance.…”

Section: Applications Of Our Modelmentioning

confidence: 99%

“…This line of efforts facilitates parallel fuzzing from a system perspective, which is orthogonal to our approach. Following the other line, P-FUZZ [39], PAFL [22] and Ye et al [47] propose to distribute fuzzing tasks to different instances to avoid overlaps. We omit the details of P-FUZZ and PAFL since they have been discussed in § 4 and evaluated in § 6.…”

Section: Improvements To Parallel Fuzzingmentioning

confidence: 99%

See 3 more Smart Citations

Facilitating Parallel Fuzzing with mutually-exclusive Task Distribution

Wang¹,

Zhang²,

Pang³

et al. 2021

Preprint

View full text Add to dashboard Cite

Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry. In general, fuzzing provides various inputs to the target program with the goal of discovering un-handled exceptions and crashes. In business sectors where the time budget is limited, software vendors often launch many fuzzing instances in parallel as a common means of increasing code coverage. However, most of the popular fuzzing tools -in their parallel modenaively run multiple instances concurrently, without elaborate distribution of workload. This can lead different instances to explore overlapped code regions, eventually reducing the benefits of concurrency. In this paper, we propose a general model to describe parallel fuzzing. This model distributes mutually-exclusive but similarly-weighted tasks to different instances, facilitating concurrency and also fairness across instances. Following this model, we develop a solution, called AFL-EDGE, to improve the parallel mode of AFL, considering a round of mutations to a unique seed as a task and adopting edge coverage to define the uniqueness of a seed. We have implemented AFL-EDGE on top of AFL and evaluated the implementation with AFL on 9 widely used benchmark programs. It shows that AFL-EDGE can benefit the edge coverage of AFL. In a 24-hour test, the increase of edge coverage brought by AFL-EDGE to AFL ranges from 9.5% to 10.2%, depending on the number of instances. As a side benefit, we discovered 14 previously unknown bugs.

show abstract

Section: Introductionmentioning

confidence: 80%

Section: Methodsmentioning

confidence: 99%

Section: Applications Of Our Modelmentioning

confidence: 99%

Section: Improvements To Parallel Fuzzingmentioning

confidence: 99%

See 2 more Smart Citations

Facilitating Parallel Fuzzing with mutually-exclusive Task Distribution

Wang¹,

Zhang²,

Pang³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Then, the researcher takes a step further by sharing seeds between fuzzer instances. In this mode, the program starts to schedule tasks between fuzzing instances to alleviate task conflicts [32,33]. To optimize parallel fuzzing towards resource-saving, we still need to overcome the following technical challenges.…”

Section: B Parallel Fuzzingmentioning

confidence: 99%

UltraFuzz: Towards Resource-Saving in Distributed Fuzzing

Zhou

Wang

Liu

et al. 2023

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Recent research has sought to improve fuzzing performance via parallel computing. However, researchers focus on improving efficiency while ignoring the increasing cost of testing resources. Parallel fuzzing in the distributed environment amplifies the resource-wasting problem caused by the random nature of fuzzing. In the parallel mode, owing to the lack of an appropriate task dispatching scheme and timely fuzzing status synchronization among different fuzzing instances, task conflicts and workload imbalance occur, making the resourcewasting problem severe. In this paper, we design UltraFuzz, a fuzzer for resource-saving in distributed fuzzing. Based on centralized dynamic scheduling, UltraFuzz can dispatch tasks and schedule power globally and reasonably to avoid resourcewasting. Besides, UltraFuzz can elastically allocate computing power for fuzzing and seed evaluation, thereby avoiding the potential bottleneck of seed evaluation that blocks the fuzzing process. UltraFuzz was evaluated using real-world programs, and the results show that with the same testing resource, UltraFuzz outperforms state-of-the-art tools, such as AFL, AFL-P, PAFL, and EnFuzz. Most importantly, the experiment reveals certain results that seem counter-intuitive, namely that parallel fuzzing can achieve "super-linear acceleration" when compared with single-core fuzzing. We conduct additional experiments to reveal the deep reasons behind this phenomenon and dig deep into the inherent advantages of parallel fuzzing over serial fuzzing, including the global optimization of seed energy scheduling and the escape of local optimal seed. Additionally, 24 real-world vulnerabilities were discovered using UltraFuzz.

show abstract