Improving AFL++ CmpLog: Tackling the bottlenecks
Sander Wiebing, Thomas Rooijakkers, Sebastiaan Tesink
TL;DR
This paper enhances AFL++ CmpLog by addressing seed entropy and deduplication issues, using comparison-to-input mapping and caching to significantly improve fuzzing coverage without losing functionality.
Contribution
It introduces a novel comparison-to-input mapping and caching mechanism to optimize AFL++ CmpLog performance, overcoming previous bottlenecks.
Findings
Significant coverage gain with the improved CmpLog.
Effective reduction of redundant executions.
Maintained functionality while enhancing performance.
Abstract
The performance of the AFL++ CmpLog feature varies considerably for specific programs under test (PUTs). In this paper it is demonstrated that the main cause of the poor performance is low seed entropy, and a lack of deduplication of magic bytes candidates. An improvement is proposed by mapping comparisons to input bytes, in order to track which comparisons are controlled by what input bytes. This mapping is then used to fuzz only the comparison values that are magic byte candidates for that input part. Second, a caching mechanism is introduced to reduce the number of redundant executions. The evaluation of the improved versions shows a significant coverage gain compared to the original AFL++ implementation of CmpLog for all PUTs, without breaking functionality. The proposed solution in this paper provides a solid basis for a redesign of CmpLog.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Testing and Debugging Techniques · Parallel Computing and Optimization Techniques · Software System Performance and Reliability