FuSeBMC v.4: Smart Seed Generation for Hybrid Fuzzing
This work addresses the challenge of efficient test generation for software security, though it appears incremental as it builds on a previous version of the tool.
The paper tackles the problem of generating test cases for security vulnerabilities in C programs by introducing FuSeBMC v.4, which uses hybrid fuzzing with smart seeds to improve code coverage and bug finding, resulting in outperforming all tools in a competition with a significant increase in code coverage score.
FuSeBMC is a test generator for finding security vulnerabilities in C programs. In earlier work [4], we described a previous version that incrementally injected labels to guide Bounded Model Checking (BMC) and Evolutionary Fuzzing engines to produce test cases for code coverage and bug finding. This paper introduces a new version of FuSeBMC that utilizes both engines to produce smart seeds. First, the engines are run with a short time limit on a lightly instrumented version of the program to produce the seeds. The BMC engine is particularly useful in producing seeds that can pass through complex mathematical guards. Then, FuSeBMC runs its engines with more extended time limits using the smart seeds created in the previous round. FuSeBMC manages this process in two main ways using its Tracer subsystem. Firstly, it uses shared memory to record the labels covered by each test case. Secondly, it evaluates test cases, and those of high impact are turned into seeds for subsequent test fuzzing. As a result, we significantly increased our code coverage score from last year, outperforming all tools that participated in this year's competition in every single category.