Abstract
FairFuzz is a coverage-guided mutational fuzzing tool based on AFL, which targets its mutation strategy towards rare branches in the program. FairFuzz was built to run on command-line C\({\backslash }\)C++ programs which accept a single file as input. We introduce the modifications to FairFuzz which enable it to run on Test-Comp benchmarks; we refer to this altered version as FairFuzz-TC. FairFuzz-TC placed in the middle of the testing competition. FairFuzz-TC had better performance on the error-finding benchmarks than on the branch coverage benchmarks. We analyze the results and find that the benchmarks on which FairFuzz-TC has the most difficulties are those where (a) most functionality is under hard comparisons (requiring precise input values), (b) getting a seed input on which the program does not crash or time out is difficult, or (c) the program takes too much time to execute.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Technically, branch coverage used by FairFuzz and AFL does not map directly to source code branches. Rather, FairFuzz looks at the coverage of basic block transitions, which also covers function calls and returns, while loop entries and exits, etc. We use the term branch for simplicity of presentation.
References
Zalewski, M.: American fuzzy lop. http://lcamtuf.coredump.cx/afl (2014). Accessed 18 Aug 2017
Lemieux, C., Sen, K.: FairFuzz: a targeted mutation strategy for increasing greybox fuzz testing coverage. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. ASE ’18 (2018)
Böhme, M., Pham, V.T., Roychoudhury, A.: Coverage-based greybox fuzzing as Markov chain. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS ’16 (2016)
Rawat, S., Jain, V., Kumar, A., Cojocar, L., Giuffrida, C., Bos, H.: VUzzer: application-aware evolutionary fuzzing. In: Proceedings of the 2017 Network and Distributed System Security Symposium. NDSS ’17 (2017)
Li, Y., Chen, B., Chandramohan, M., Lin, S.W., Liu, Y., Tiu, A.: Steelix: program-state based binary fuzzing. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ESEC/FSE 2017 (2017)
laf-intel. https://lafintel.wordpress.com/ (2016). Accessed 23 Aug 2017
Klees, G.T., Ruef, A., Cooper, B., Wei, S., Hicks, M.: Evaluating fuzz testing. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2018)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Caroline Lemieux: Test-Comp 2019 Jury Member.
Rights and permissions
About this article
Cite this article
Lemieux, C., Sen, K. FairFuzz-TC: a fuzzer targeting rare branches. Int J Softw Tools Technol Transfer 23, 863–866 (2021). https://doi.org/10.1007/s10009-020-00569-w
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-020-00569-w