Crash Report Accumulation During Continuous Fuzzing

Ilya Yegorov; Georgy Savidov

arXiv:2405.18174·cs.CR·May 29, 2024

Crash Report Accumulation During Continuous Fuzzing

Ilya Yegorov, Georgy Savidov

PDF

Open Access 1 Repo

TL;DR

This paper introduces a crash accumulation method integrated into the CASR toolset to help distinguish new errors from old ones during continuous fuzzing, addressing resource constraints and improving analysis efficiency.

Contribution

The paper presents a novel crash accumulation technique and its implementation in CASR, enhancing crash report analysis during continuous fuzzing.

Findings

01

Effective differentiation of new and old crashes

02

Improved efficiency in crash report analysis

03

Validated approach on fuzzing crash data

Abstract

Crash report accumulation is a necessary step during continuous fuzzing. Dynamic software analysis techniques like fuzzing and dynamic symbolic execution generate a large number of crashes for analysis. However, the time and resource constraints often lead to the postponement of fixing some less critical issues, potentially introducing new errors in future releases. Thus, there is a need to distinguish new errors from old ones. We propose a crash accumulation method and implemented it as part of the CASR toolset. We evaluated our approach on crash reports collected from fuzzing results.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

ispras/casr
noneOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsRisk and Safety Analysis · Automotive and Human Injury Biomechanics · Transportation Safety and Impact Analysis