IntelliGen: Automatic Driver Synthesis for FuzzTesting

TL;DR

IntelliGen automates the creation of fuzz driver programs, significantly improving coverage and bug detection in real-world software compared to existing methods, while performing comparably to manual drivers.

Contribution

IntelliGen introduces a novel framework that automatically constructs valid fuzz drivers using hierarchical parameter replacement and type inference, enhancing automation and effectiveness.

Findings

Covered 1.08X-2.03X more basic blocks than existing tools.

Covered 1.36X-2.06X more paths than state-of-the-art synthesizers.

Found 10 additional bugs compared to manual drivers.

Abstract

Fuzzing is a technique widely used in vulnerability detection. The process usually involves writing effective fuzz driver programs, which, when done manually, can be extremely labor intensive. Previous attempts at automation leave much to be desired, in either degree of automation or quality of output. In this paper, we propose IntelliGen, a framework that constructs valid fuzz drivers automatically. First, IntelliGen determines a set of entry functions and evaluates their respective chance of exhibiting a vulnerability. Then, IntelliGen generates fuzz drivers for the entry functions through hierarchical parameter replacement and type inference. We implemented IntelliGen and evaluated its effectiveness on real-world programs selected from the Android Open-Source Project, Google's fuzzer-test-suite and industrial collaborators. IntelliGen covered on average 1.08X-2.03X more basic blocks and 1.36X-2.06X more paths over state-of-the-art fuzz driver synthesizers FUDGE and FuzzGen. IntelliGen performed on par with manually written drivers and found 10 more bugs.