Improving function coverage with munch: A hybrid fuzzing and directed symbolic execution approach

Saahil Ognawala, Thomas Hutzelmann, Eirini Psallida, Alexander Pretschner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

35 Scopus citations

Abstract

Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all paths in the program. Due to the path-explosion problem and dependence on SMT solvers, symbolic execution may also not achieve high path coverage. A hybrid technique involving fuzzing and symbolic execution may achieve better function coverage than fuzzing or symbolic execution alone. In this paper, we present Munch, an open-source framework implementing two hybrid techniques based on fuzzing and symbolic execution. We empirically show using nine large open-source programs that overall, Munch achieves higher (in-depth) function coverage than symbolic execution or fuzzing alone. Using metrics based on total analyses time and number of queries issued to the SMT solver, we also show that Munch is more efficient at achieving better function coverage.

Original languageEnglish
Title of host publicationProceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC 2018
PublisherAssociation for Computing Machinery
Pages1475-1482
Number of pages8
ISBN (Electronic)9781450351911
DOIs
StatePublished - 9 Apr 2018
Event33rd Annual ACM Symposium on Applied Computing, SAC 2018 - Pau, France
Duration: 9 Apr 201813 Apr 2018

Publication series

NameProceedings of the ACM Symposium on Applied Computing

Conference

Conference33rd Annual ACM Symposium on Applied Computing, SAC 2018
Country/TerritoryFrance
CityPau
Period9/04/1813/04/18

Keywords

  • Compositional analysis
  • Function coverage
  • Fuzzing
  • Software testing
  • Symbolic execution

Fingerprint

Dive into the research topics of 'Improving function coverage with munch: A hybrid fuzzing and directed symbolic execution approach'. Together they form a unique fingerprint.

Cite this