FuzzerAid: Grouping Fuzzed Crashes Based On Fault Signatures
Ashwin Kallingal Joshy, Wei Le
TL;DR
FuzzerAid introduces a fault signature-based method to accurately group fuzzing crashes by their root causes, significantly reducing duplicate bug reports and improving bug diagnosis efficiency.
Contribution
The paper presents FuzzerAid, a novel fault signature approach for crash grouping that outperforms existing heuristics in accuracy and bug deduplication.
Findings
Correctly grouped 99.1% of crashes
Reported only 17 (+2) unique bugs
Outperformed state-of-the-art fuzzers
Abstract
Fuzzing has been an important approach for finding bugs and vulnerabilities in programs. Many fuzzers deployed in industry run daily and can generate an overwhelming number of crashes. Diagnosing such crashes can be very challenging and time-consuming. Existing fuzzers typically employ heuristics such as code coverage or call stack hashes to weed out duplicate reporting of bugs. While these heuristics are cheap, they are often imprecise and end up still reporting many "unique" crashes corresponding to the same bug. In this paper, we present FuzzerAid that uses fault signatures to group crashes reported by the fuzzers. Fault signature is a small executable program and consists of a selection of necessary statements from the original program that can reproduce a bug. In our approach, we first generate a fault signature using a given crash. We then execute the fault signature with other…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Engineering Research · Software Testing and Debugging Techniques · Advanced Malware Detection Techniques