Related papers: TOPr: Enhanced Static Code Pruning for Fast and Precise Directed Fuzzing

TOPr: Enhanced Static Code Pruning for Fast and Precise Directed Fuzzing

URL: http://arxiv.org/abs/2309.09522v1
Date: Mon, 18 Sep 2023 06:59:34 GMT
Title: TOPr: Enhanced Static Code Pruning for Fast and Precise Directed Fuzzing
Authors: Chaitra Niddodi, Stefan Nagy, Darko Marinov, Sibin Mohan
Abstract summary: Directed fuzzing is a dynamic testing technique that focuses exploration on specific, pre targeted program locations. Current approaches are imprecise failing to capture indirect control flow. We show that TOPr's enhanced pruning outperforms these fuzzers in (1) speed (achieving 222% and 73% higher test case throughput), (2) reachability (achieving 149% and 9% more target relevant coverage), and (3) bug discovery time (triggering bugs faster and 8%, respectively).
Score: 8.32371059323843
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Directed fuzzing is a dynamic testing technique that focuses exploration on specific, pre targeted program locations. Like other types of fuzzers, directed fuzzers are most effective when maximizing testing speed and precision. To this end, recent directed fuzzers have begun leveraging path pruning: preventing the wasteful testing of program paths deemed irrelevant to reaching a desired target location. Yet, despite code pruning's substantial speedup, current approaches are imprecise failing to capture indirect control flow requiring additional dynamic analyses that diminish directed fuzzers' speeds. Thus, without code pruning that is both fast and precise, directed fuzzers' effectiveness will continue to remain limited. This paper aims to tackle the challenge of upholding both speed and precision in pruning-based directed fuzzing. We show that existing pruning approaches fail to recover common case indirect control flow; and identify opportunities to enhance them with lightweight heuristics namely, function signature matching enabling them to maximize precision without the burden of dynamic analysis. We implement our enhanced pruning as a prototype, TOPr (Target Oriented Pruning), and evaluate it against the leading pruning based and pruning agnostic directed fuzzers SieveFuzz and AFLGo. We show that TOPr's enhanced pruning outperforms these fuzzers in (1) speed (achieving 222% and 73% higher test case throughput, respectively); (2) reachability (achieving 149% and 9% more target relevant coverage, respectively); and (3) bug discovery time (triggering bugs faster 85% and 8%, respectively). Furthermore, TOPr's balance of speed and precision enables it to find 24 new bugs in 5 open source applications, with 18 confirmed by developers, 12 bugs labelled as "Priority - 1. High", and 12 bugs fixed, underscoring the effectiveness of our framework.

Related papers

LLAMA: Multi-Feedback Smart Contract Fuzzing Framework with LLM-Guided Seed Generation [56.84049855266145]
We propose a Multi-feedback Smart Contract Fuzzing framework (LLAMA) that integrates evolutionary mutation strategies, and hybrid testing techniques.<n>LLAMA achieves 91% instruction coverage and 90% branch coverage, while detecting 132 out of 148 known vulnerabilities.<n>These results highlight LLAMA's effectiveness, adaptability, and practicality in real-world smart contract security testing scenarios.
arXiv Detail & Related papers (2025-07-16T09:46:58Z)
Hybrid Approach to Directed Fuzzing [0.0]
We propose a hybrid approach to directed fuzzing with novel seed scheduling algorithm.<n>We implement our approach in Sydr-Fuzz tool using LibAFL-DiFuzz as directed fuzzer and Sydr as dynamic symbolic executor.
arXiv Detail & Related papers (2025-07-07T10:29:16Z)
Delta Attention: Fast and Accurate Sparse Attention Inference by Delta Correction [52.14200610448542]
A transformer has a quadratic complexity, leading to high inference costs and latency for long sequences.<n>We propose a simple, novel, and effective procedure for correcting this distributional shift.<n>Our method can maintain approximately 98.5% sparsity over full quadratic attention, making our model 32 times faster than Flash Attention 2 when processing 1M token prefills.
arXiv Detail & Related papers (2025-05-16T13:48:33Z)
Directed Greybox Fuzzing via Large Language Model [5.667013605202579]
HGFuzzer is an automatic framework that transforms path constraint problems into targeted code generation tasks.<n>We evaluate HGFuzzer on 20 real-world vulnerabilities, successfully triggering 17, including 11 within the first minute.<n>HGFuzzer discovered 9 previously unknown vulnerabilities, all of which were assigned CVE IDs.
arXiv Detail & Related papers (2025-05-06T11:04:07Z)
Fine-Grained 1-Day Vulnerability Detection in Binaries via Patch Code Localization [12.73365645156957]
1-day vulnerabilities in binaries have become a major threat to software security. patch presence test is one of the effective ways to detect the vulnerability. We propose a novel approach named PLocator, which leverages stable values from both the patch code and its context.
arXiv Detail & Related papers (2025-01-29T04:35:37Z)
HuntFUZZ: Enhancing Error Handling Testing through Clustering Based Fuzzing [19.31537246674011]
This paper introduces HuntFUZZ, a novel SFI-based fuzzing framework that addresses the issue of redundant testing of error points with correlated paths. We evaluate HuntFUZZ on a diverse set of 42 applications, and HuntFUZZ successfully reveals 162 known bugs, with 62 of them being related to error handling.
arXiv Detail & Related papers (2024-07-05T06:58:30Z)
Detecting Stimuli with Novel Temporal Patterns to Accelerate Functional Coverage Closure [0.7499722271664147]
This paper introduces two novel test selectors designed to identify stimuli with novel temporal patterns. Experiments reveal that both test selectors can accelerate the functional coverage for a commercial bus bridge, compared to random test selection.
arXiv Detail & Related papers (2024-06-19T15:00:02Z)
FOX: Coverage-guided Fuzzing as Online Stochastic Control [13.3158115776899]
Fuzzing is an effective technique for discovering software vulnerabilities by generating random test inputs executing them against the target program. This paper addresses the limitations of existing coverage-guided fuzzers, focusing on the scheduler and mutator components. We present FOX, a proof-of-concept implementation of our control-theoretic approach, and compare it to industry-standard fuzzers.
arXiv Detail & Related papers (2024-06-06T21:21:05Z)
PrescientFuzz: A more effective exploration approach for grey-box fuzzing [0.45053464397400894]
We produce an augmented version of LibAFL's fuzzbench' fuzzer, called PrescientFuzz, that makes use of semantic information from the target program's control flow graph (CFG) We develop an input corpus scheduler that prioritises the selection of inputs for mutation based on the proximity of their execution path to uncovered edges.
arXiv Detail & Related papers (2024-04-29T17:21:18Z)
SpirDet: Towards Efficient, Accurate and Lightweight Infrared Small Target Detector [60.42293239557962]
We propose SpirDet, a novel approach for efficient detection of infrared small targets. We employ a new dual-branch sparse decoder to restore the feature map. Extensive experiments show that the proposed SpirDet significantly outperforms state-of-the-art models.
arXiv Detail & Related papers (2024-02-08T05:06:14Z)
Rethinking SIGN Training: Provable Nonconvex Acceleration without First- and Second-Order Gradient Lipschitz [66.22095739795068]
Sign-based methods have gained attention due to their ability to achieve robust performance despite only using only the sign information for parameter updates. The current convergence analysis of sign-based methods relies on the strong assumptions of first-order acceleration and second-order acceleration. In this paper we analyze their convergence under more realistic assumptions of first- and second-order acceleration.
arXiv Detail & Related papers (2023-10-23T06:48:43Z)
ASAG: Building Strong One-Decoder-Layer Sparse Detectors via Adaptive Sparse Anchor Generation [50.01244854344167]
We bridge the performance gap between sparse and dense detectors by proposing Adaptive Sparse Anchor Generator (ASAG) ASAG predicts dynamic anchors on patches rather than grids in a sparse way so that it alleviates the feature conflict problem. Our method outperforms dense-d ones and achieves a better speed-accuracy trade-off.
arXiv Detail & Related papers (2023-08-18T02:06:49Z)
Vulnerability Detection Through an Adversarial Fuzzing Algorithm [2.074079789045646]
This project aims to increase the efficiency of existing fuzzers by allowing fuzzers to explore more paths and find more bugs in shorter amounts of time. adversarial methods are built on top of current evolutionary algorithms to generate test cases for further and more efficient fuzzing.
arXiv Detail & Related papers (2023-07-21T21:46:28Z)
Improving Dual-Encoder Training through Dynamic Indexes for Negative Mining [61.09807522366773]
We introduce an algorithm that approximates the softmax with provable bounds and that dynamically maintains the tree. In our study on datasets with over twenty million targets, our approach cuts error by half in relation to oracle brute-force negative mining.
arXiv Detail & Related papers (2023-03-27T15:18:32Z)
Certified Error Control of Candidate Set Pruning for Two-Stage Relevance Ranking [57.42241521034744]
We propose the concept of certified error control of candidate set pruning for relevance ranking. Our method successfully prunes the first-stage retrieved candidate sets to improve the second-stage reranking speed.
arXiv Detail & Related papers (2022-05-19T16:00:13Z)
DARTS-: Robustly Stepping out of Performance Collapse Without Indicators [74.21019737169675]
Differentiable architecture search suffers from long-standing performance instability. indicators such as Hessian eigenvalues are proposed as a signal to stop searching before the performance collapses. In this paper, we undertake a more subtle and direct approach to resolve the collapse.
arXiv Detail & Related papers (2020-09-02T12:54:13Z)

This list is automatically generated from the titles and abstracts of the papers in this site.