Facilitating Parallel Fuzzing with mutually-exclusive Task Distribution

TL;DR

This paper introduces AFL-EDGE, a novel approach to parallel fuzzing that distributes mutually-exclusive tasks to improve coverage and fairness, leading to more effective bug discovery in limited time frames.

Contribution

It proposes a general model for parallel fuzzing with mutually-exclusive task distribution and implements AFL-EDGE to enhance AFL's parallel mode.

Findings

AFL-EDGE increases edge coverage by 9.49% to 10.20% in 24-hour tests.

AFL-EDGE discovers 14 previously unknown bugs.

The approach improves fairness and efficiency in parallel fuzzing.

Abstract

Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry. In general, fuzzing provides various inputs to the target program to discover unhandled exceptions and crashes. In business sectors where the time budget is limited, software vendors often launch many fuzzing instances in parallel as common means of increasing code coverage. However, most of the popular fuzzing tools in their parallel mode-naively run multiple instances concurrently, without elaborate distribution of workload. This can lead different instances to explore overlapped code regions, eventually reducing the benefits of concurrency. In this paper, we propose a general model to describe parallel fuzzing. This model distributes mutually-exclusive but similarly-weighted tasks to different instances, facilitating concurrency and also fairness across instances. Following this model, we develop a solution, called AFL-EDGE, to improve the parallel mode of AFL, considering a round of mutations to a unique seed as a task and adopting edge coverage to define the uniqueness of a seed. We have implemented AFL-EDGE on top of AFL and evaluated the implementation with AFL on 9 widely used benchmark programs. It shows that AFL-EDGE can benefit the edge coverage of AFL. In a 24-hour test, the increase of edge coverage brought by AFL-EDGE to AFL ranges from 9.49% to 10.20%, depending on the number of instances. As a side benefit, we discovered 14 previously unknown bugs.