Ahcheong Lee  Yunho Kim  Moonzoo Kim

10.5626/JOK.2021.48.4.391

Fuzzing dynamic function relevance test case generation Software Testing

Coverage Guided Fuzzing (CGF) is one of the famous test case generation technique. The technique is actively researched and used based on its simplicity and scalability for large real software. However, most of the fuzzing techniques do not utilize valuable semantic information of target programs. This paper presents two new heuristics that use dynamic function relevance to select the appropriate input bytes which can be mutated to increase the coverage. The function relevance between the two functions is defined as the number of test cases that execute the functions together, and the high relevance means the two functions executing high dependency on each other. To improve coverage of a target function, the new heuristics determines bytes that are used by functions that are highly relevant to the target function, and only the valuable bytes are mutated. As these bytes have high data dependency on the variables in the target function, mutating them improves the coverage of the target function. We implemented the two heuristics on the top of the state-of-the-art fuzzers, Angora and FairFuzz, and evaluated on real-world C programs that are used by recent fuzzing works. The heuristics showed 17.88% and 11.03% path coverage improvement, respectively.