Gray-Box Fuzzing in Local Space
Martin Jon\'a\v{s}, Jan Strej\v{c}ek, Marek Trt\'ik
TL;DR
This paper introduces a formal approach and an effective algorithm for gray-box fuzzing that manipulates program execution paths by altering Boolean evaluations of numerical expressions, demonstrated on benchmark tests.
Contribution
It formalizes the problem of path-specific input generation in gray-box fuzzing and provides an effective algorithm to solve it, validated on benchmark data.
Findings
Algorithm effectively finds inputs that alter Boolean expression evaluations.
Empirical evaluation demonstrates the algorithm's practical utility.
The approach enhances fuzzing techniques by controlling expression evaluation paths.
Abstract
We consider gray-box fuzzing of a program instrumented such that information about evaluation of program expressions converting values of numerical types to Boolean, like x <= y, is recorded during each program's execution. Given that information for an executed program path, we formally define the problem for finding input such that program's execution with that input evaluates all those expressions in the same order and with the same Boolean values as in the original execution path, except for the last one, which is evaluated to the opposite value. Then we also provide an algorithm searching for a solution of the problem effectively. The effectiveness of the algorithm is demonstrated empirically via its evaluation on the TestComp 2024 benchmark suite.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsIndustrial Vision Systems and Defect Detection · Image Processing and 3D Reconstruction · Manufacturing Process and Optimization