ENHANCING FUZZ TESTING EFFICIENCY THROUGH AUTOMATED FUZZ TARGET GENERATION

Cover Page

Cite item

Full Text

Open Access Open Access
Restricted Access Access granted
Restricted Access Subscription Access

Abstract

Fuzzing remains to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise critical sections of the client code. Various studies have focused on optimizing and developing advanced fuzzers, such as AFL++, libFuzzer, Hongfuzz, syzkaller, ISP-Fuzzer, which have substantially enhanced vulnerability detection in widely used software and libraries. Nevertheless, achieving greater coverage necessitates improvements in both the quality and quantity of fuzz targets. In large-scale software projects and libraries — characterized by numerous user defined functions and data types — manual creation of fuzz targets is both labor-intensive and time-consuming. This challenge underscores the need for automated techniques not only to generate fuzz targets but also to streamline the execution and analysis of their results. In this paper, we introduce an approach to improving fuzz target generation through static analysis of library source code. The proposed method encompasses several key aspects: it analyzes source code structures to accurately construct function calls and generate fuzz targets; it maps fuzzer input data to the corresponding function parameters; it synthesizes compilation information for the fuzz targets; and it automatically collects and analyzes execution results. Experimental results on C/C++ libraries demonstrate that this approach outperforms several existing methods in the field.

About the authors

Tran Chi Thien

University of Management and Technology Ho Chi Minh City

Email: tranchithien@tdtu.edu.vn
ORCID iD: 0000-0003-3591-872X
Ho Chi Minh City, Vietnam

References

  1. Bohme M., Cadar C., Roychoudhury A. Fuzzing: Challenges and reflections // IEEE Software. 2020. 13 apr. V. 38(3). P. 79-86.
  2. Zalewski M. AFL: American fuzzy lop. 2021. https://github.com/mirrorer/afl
  3. Serebryany K. Continuous fuzzing with libfuzzer and addresssanitizer // In: 2016 IEEE Cybersecurity Development (SecDev). 2016. Nov. 3. P. 157.
  4. Google // Syzkaller. https://github.com/google/syzkaller
  5. Google // Honggfuzz. https://github.com/google/honggfuzz
  6. Tran C.T., Kurmangaleev S. Futag: Automated fuzz target generator for testing software libraries // Ivannikov Memorial Workshop (IVMEM). 2021. P. 80-85. doi: 10.1109/IVMEM53963.2021.00021.
  7. Tran C.T., Ponomarev D., Kuznhesoy A. Research on automatic generation of fuzz-target for software library functions // Ivannikov Ispras Open Conference (ISPRAS). 2022. P. 95-99. doi: 10.1109/ISPRAS57371.2022.10076871.
  8. Vishnyakov A., Kuts D., Logunova V., Parygina D., Kobrin E., Savidov G., Fedotov A. Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle // Ivannikov Ispras Open Conference (ISPRAS). 2022. P. 111-123. doi: 10.1109/ISPRAS57371.2022.10076861.
  9. Babic D., Bucur S., Chen Y., Ivancic F., King T., Kusano M., Lemieux C., Szekeres L., Wang W. Fudge: fuzz driver generation at scale // Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 2019, Aug. 12. P. 975-985.
  10. Sargsyan S., Hakobyan J., Mehrabyan M., Mishechkin M., Akozin V., Kurmangaleev S. ISP-Fuzzer: Extensible fuzzing framework // Ivannikov Memorial Workshop (IVMEM). Mockba, Poccina, 2019, Sep. 13. P. 68-71.
  11. Ispoglou K., Austin D., Mohan V., Payer M. {FuzzGen}: Automatic fuzzer generation // USENIX Security Symposium (USENIX Security). 2020. P. 2271-2287.
  12. Gao W., Pham V.-T., Liu D., Chang O., Murray T., Rubinstein B.I.P. Beyond the Coverage Plateau: A Comprehensive Study of Fuzz Blockers (Registered Report) // B cborhniec: Proceedings of the 2nd International Fuzzing Workshop (FUZZING). 2023. P. 47-55. doi: 10.1145/3605157.3605177.
  13. Google // AI-Powered Fuzzing: Breaking the Bug Hunting Barrier. https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html
  14. Serebryany K. {OSS-Fuzz}-Google's continuous fuzzing service for open source software, 2017.
  15. Futag. https://github.com/ispras/Futag/
  16. Allen F.E. Control Flow Analysis // Proceedings of a Symposium on Compiler Optimization — Urbana-Champaign. Illinois: ACM, 1970. P. 1-19. doi: 10.1145/800028.808479.
  17. Kennedy K. A survey of data flow analysis techniques // IBM Thomas J. Watson Research Division. 1979.
  18. Allen F.E., Cocke J. A program data flow analysis procedure // Communications of the ACM. 1976. Mar. V. 19(3). P. 137.
  19. Futag-test. Futag-tests/json-c-contexts/succeeded/json_object_put/json_object_put-1
  20. Weiser M. Program slicing // IEEE Transactions on Software Engineering. 2009, May. № 4. P. 352-357.
  21. Jeon S., Ryu M., Kim D., Kim H.K. Automatically Seed Corpus and Fuzzing Executables Generation Using Test Framework // IEEE Access. 2022. V. 10. P. 90408-90428. doi: 10.1109/ACCESS.2022.3202005.
  22. LLVM // Data Flow Analysis Intro. https://clang.llvm.org/docs/DataFlowAnalysisIntro.html

Supplementary files

Supplementary Files
Action
1. JATS XML
Download

Copyright (c) 2025 Russian Academy of Sciences

Согласие на обработку персональных данных

 

Используя сайт https://journals.rcsi.science, я (далее – «Пользователь» или «Субъект персональных данных») даю согласие на обработку персональных данных на этом сайте (текст Согласия) и на обработку персональных данных с помощью сервиса «Яндекс.Метрика» (текст Согласия).