Generator-based Fuzzing with Input Features
Generator-based fuzzing is a capable technique for testing semantic processing stages of a system under test (SUT). The idea is to use format-specific input generators, which can guarantee that inputs will be syntactically valid. One open question however is how to create inputs with generator-based...
Uloženo v:
| Vydáno v: | 2024 IEEE/ACM International Workshop on Search-Based and Fuzz Testing (SBFT) s. 13 - 20 |
|---|---|
| Hlavní autoři: | , , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
ACM
14.04.2024
|
| Témata: | |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Shrnutí: | Generator-based fuzzing is a capable technique for testing semantic processing stages of a system under test (SUT). The idea is to use format-specific input generators, which can guarantee that inputs will be syntactically valid. One open question however is how to create inputs with generator-based fuzzing whose content exhibits particular qualities (or input features). This is a downside, as previous research suggests the importance of input features for triggering otherwise rarely reached functionalities of an SUT. We propose an approach to identify input features for rarely visited code by performing sequential pattern mining on the tree model of generated inputs. These features are regenerated by splicing (i.e., inserting) them into the model of newly generated inputs. We evaluate our approach on Ant, Maven, Closure and Rhino. The results indicate an increased diversity in the exploration of rarely executed code in most benchmarks. Significant improvements in valid rare branch hits were observed in half of the SUTs. JavaScript benchmarks tend to benefit more in terms of overall coverage but no statistically significant difference was found. |
|---|---|
| DOI: | 10.1145/3643659.3643925 |