Yu-Chuan Liang, Hsu-Chun Hsiao (National Taiwan University)

libFuzzer is a powerful fuzzer that has helped find thousands of bugs in real-world programs. However, fuzzers that seek to compare with libFuzzer and its variants face two significant limitations. First, they are restricted to use the time-to-first-crash metric rather than the code-coverage metric because libFuzzer will abort whenever the fuzzing target crashes. Second, even if libFuzzer in the ignore-crash mode can continue after finding a crash, it may produce wrong results for programs expecting a clean global context. Thus, fuzzers wishing to compare with libFuzzer are restricted to use carefully modified programs or programs without global-context dependency. To solve this context pollution problem and enhance comparability between libFuzzer and other fuzzers, we present a new libFuzzer mode called isolated-context mode (icLibFuzzer) that isolates the contexts of each fuzzer instance and fuzzing target, allowing to reinitialize the fuzzing target’s context after each execution efficiently. To implement icLibFuzzer, we modify libFuzzer’s in-process infrastructure into a lightweight forkserver infrastructure inspired by AFL’s design and propose structure packing, which speeds up the fuzzing speed by about 2x. We compare icLibFuzzer with four state-of-the-art fuzzers (AFL, Angora, QSYM, and Honggfuzz) using several real-world programs. The experiment result shows that icLibFuzzer outperforms these four fuzzers in most target programs after 24 hours of fuzzing and maintains the lead from 24 to 72 hours. To demonstrate that we can easily keep up with libFuzzer’s updates, we upgrade icLibFuzzer to using the latest libFuzzer (from LLVM9 to LLVM11) with no change to our code base. Our preliminary evaluation hints at icLibFuzzer-LLVM11’s promising improvement compared with icLibFuzzer-LLVM9 and AFL++, one of the latest fuzzers in the AFL family. We hope icLibFuzzer can serve as another baseline for fuzzing research. Our source code is available at GitHub.

View More Papers

Performance, Correctness, Exceptions: Pick Three

Andrea Gussoni (Politecnico di Milano), Alessandro Di Federico (Politecnico di Milano), Pietro Fezzardi (Politecnico di Milano), Giovanni Agosta (Politecnico di Milano)

Read More

Digital Technologies in Pandemic: The Good, the Bad and...

Moderator: Ahmad-Reza Sadeghi, TU Darmstadt, Germany Panelists: Mario Guglielmetti, Legal Officer, European Data Protection Supervisor* Jaap-Henk Hoepman, Radbaud University, The Netherlands Alexandra Dmitrienko, University of Würzburg, Germany, Farinaz Koushanfar, UCSD, USA *attending in his personal capacity

Read More

Symbolic Path Tracing to Find Android Permission-Use Triggers

Kristopher Micinski (Haverford College), Thomas Gilray (University of Alabama, Birmingham), Daniel Votipka (University of Maryland), Michelle L. Mazurek (University of Maryland), Jeffrey S. Foster (Tufts University)

Read More

Understanding the Growth and Security Considerations of ECS

Athanasios Kountouras (Georgia Institute of Technology), Panagiotis Kintis (Georgia Institute of Technology), Athanasios Avgetidis (Georgia Institute of Technology), Thomas Papastergiou (Georgia Institute of Technology), Charles Lever (Georgia Institute of Technology), Michalis Polychronakis (Stony Brook University), Manos Antonakakis (Georgia Institute of Technology)

Read More