Casr-Cluster: Crash Clustering for Linux Applications
This work addresses the challenge for developers in efficiently analyzing crashes to prioritize fixes, though it appears incremental as it builds on existing crash reporting tools.
The paper tackles the problem of managing numerous crash reports from fuzzing Linux applications by proposing a clustering and deduplication approach, which was implemented as a tool and evaluated on collected crash reports.
Crash report analysis is a necessary step before developers begin fixing errors. Fuzzing or hybrid (with dynamic symbolic execution) fuzzing is often used in the secure development lifecycle. Modern fuzzers could produce many crashes and developers do not have enough time to fix them till release date. There are two approaches that could reduce developers' effort on crash analysis: crash clustering and crash severity estimation. Crash severity estimation could help developers to prioritize crashes and close security issues first. Crash clustering puts similar crash reports in one cluster what could speed up the analyzing time for all crash reports. In this paper, we focus on crash clustering. We propose an approach for clustering and deduplicating of crashes that occurred in Linux applications. We implement this approach as a tool that could cluster Casr~\cite{fedotov2020casr} crash reports. We evaluated our tool on a set of crash reports that was collected from fuzzing results.