FuzzTastic: A Fine-grained, Fuzzer-agnostic Coverage Analyzer

Stephan Lipp, Daniel Elsner, Thomas Hutzelmann, Sebastian Banescu, Alexander Pretschner, Marcel Bohme

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

Performing sound and fair fuzzer evaluations can be challenging, not only because of the randomness involved in fuzzing, but also due to the large number of fuzz tests generated. Existing evaluations use code coverage as a proxy measure for fuzzing effectiveness. Yet, instead of considering coverage of all generated fuzz inputs, they only consider the inputs stored in the fuzzer queue. However, as we show in this paper, this approach can lead to biased assessments due to path collisions. Therefore, we developed FuzzTastic, a fuzzer-agnostic coverage analyzer that allows practitioners and researchers to perform uniform fuzzer evaluations that are not affected by such collisions. In addition, its time-stamped coverage-probing approach enables frequency-based coverage analysis to identify barely tested source code and to visualize fuzzing progress over time and across code. To foster further studies in this field, we make FuzzTastic, together with a benchmark dataset worth ~12 CPU-years of fuzzing, publicly available; the demo video can be found at https://youtu.be/Lm-eBx0aePA.

Original languageEnglish
Title of host publicationProceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering
Subtitle of host publicationCompanion Proceedings, ICSE-Companion 2022
PublisherIEEE Computer Society
Pages75-79
Number of pages5
ISBN (Electronic)9781665495981
DOIs
StatePublished - 2022
Event44th ACM/IEEE International Conference on Software Engineering: Companion, ICSE-Companion 2022 - Pittsburgh, United States
Duration: 22 May 202227 May 2022

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257

Conference

Conference44th ACM/IEEE International Conference on Software Engineering: Companion, ICSE-Companion 2022
Country/TerritoryUnited States
CityPittsburgh
Period22/05/2227/05/22

Keywords

  • • Security and privacy → Software security engineering.

Fingerprint

Dive into the research topics of 'FuzzTastic: A Fine-grained, Fuzzer-agnostic Coverage Analyzer'. Together they form a unique fingerprint.

Cite this