MASFuzzer: Fuzz Driver Generation and Adaptive Scheduling via Multidimensional API Sequences

TL;DR

MASFUZZER enhances library fuzz testing by synthesizing multidimensional API sequences and employing adaptive scheduling, leading to higher code coverage and discovery of new vulnerabilities.

Contribution

It introduces a novel fuzzing framework that combines API sequence synthesis with adaptive scheduling to improve driver effectiveness and code coverage.

Findings

Achieves 8.54% higher code coverage than state-of-the-art methods.

Uncovers 16 previously unknown vulnerabilities, with 14 confirmed and 9 assigned CVEs.

Effectively generates drivers that explore untested code regions.

Abstract

Fuzz testing of software libraries relies on fuzz drivers to invoke library APIs. Traditionally, these drivers are written manually by developers - a process that is time-consuming and often inadequate for exercising complex program behaviors. While recent studies have explored the use of Large Language Models (LLMs) to automate fuzz driver generation, the resulting drivers often fail to cover deep program branches. To address these challenges, we propose MASFUZZER, a fuzzing framework that integrates multidimensional API sequence construction with adaptive fuzzing scheduling strategies to improve library testing. At its core, MASFUZZER synthesizes context-relevant API call sequences by referring to API usage examples from the codebase and applying mutation-propagation-based and semantic-aware API sequence mining. These multidimensional API sequences serve as the basis for LLMs to generate effective initial drivers. In addition, MASFUZZER incorporates a coverage-guided scheduler that prioritizes testing time for the most promising drivers, along with a driver mutation strategy to evolve them. This enables systematic generation of fuzz drivers to explore previously untested code regions. We evaluate MASFUZZER on 12 widely used open-source libraries. The results show that MASFUZZER achieves 8.54 percent higher code coverage than state-of-the-art techniques. Moreover, MASFUZZER uncovers 16 previously unknown vulnerabilities in extensively tested libraries, with 14 confirmed by developers and 9 assigned CVE identifiers. These results indicate that MASFUZZER provides an efficient and practical approach for fuzzing software libraries.