IntelliGen: Automatic Driver Synthesis for FuzzTesting
This addresses the automation bottleneck in fuzz testing for software security, offering a significant improvement over existing automated methods.
The paper tackles the labor-intensive problem of manually writing fuzz drivers for vulnerability detection by proposing IntelliGen, a framework that automatically constructs valid fuzz drivers, achieving 1.08X-2.03X more basic block coverage and 1.36X-2.06X more path coverage over state-of-the-art synthesizers, and finding 10 more bugs.
Fuzzing is a technique widely used in vulnerability detection. The process usually involves writing effective fuzz driver programs, which, when done manually, can be extremely labor intensive. Previous attempts at automation leave much to be desired, in either degree of automation or quality of output. In this paper, we propose IntelliGen, a framework that constructs valid fuzz drivers automatically. First, IntelliGen determines a set of entry functions and evaluates their respective chance of exhibiting a vulnerability. Then, IntelliGen generates fuzz drivers for the entry functions through hierarchical parameter replacement and type inference. We implemented IntelliGen and evaluated its effectiveness on real-world programs selected from the Android Open-Source Project, Google's fuzzer-test-suite and industrial collaborators. IntelliGen covered on average 1.08X-2.03X more basic blocks and 1.36X-2.06X more paths over state-of-the-art fuzz driver synthesizers FUDGE and FuzzGen. IntelliGen performed on par with manually written drivers and found 10 more bugs.