DeepAI
Log In Sign Up

Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach

11/26/2017
by   Saahil Ognawala, et al.
0

Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all paths in the program. Due to the path-explosion problem and dependence on SMT solvers, symbolic execution may also not achieve high path coverage. A hybrid technique involving fuzzing and symbolic execution may achieve better function coverage than fuzzing or symbolic execution alone. In this paper, we present Munch, an open source framework implementing two hybrid techniques based on fuzzing and symbolic execution. We empirically show using nine large open-source programs that overall, Munch achieves higher (in-depth) function coverage than symbolic execution or fuzzing alone. Using metrics based on total analyses time and number of queries issued to the SMT solver, we also show that Munch is more efficient at achieving better function coverage.

READ FULL TEXT

page 1

page 2

page 3

page 4

03/13/2018

Reviewing KLEE's Sonar-Search Strategy in Context of Greybox Fuzzing

Automatic test-case generation techniques of symbolic execution and fuzz...
03/07/2019

Compositional Fuzzing Aided by Targeted Symbolic Execution

Guided fuzzing has, in recent years, been able to uncover many new vulne...
06/08/2018

Badger: Complexity Analysis with Fuzzing and Symbolic Execution

Hybrid testing approaches that involve fuzz testing and symbolic executi...
12/19/2017

An Exploratory Survey of Hybrid Testing Techniques Involving Symbolic Execution and Fuzzing

Recent efforts in practical symbolic execution have successfully mitigat...
02/12/2021

Fuzzing Symbolic Expressions

Recent years have witnessed a wide array of results in software testing,...
09/04/2019

Defeating Opaque Predicates Statically through Machine Learning and Binary Analysis

We present a new approach that bridges binary analysis techniques with m...
08/06/2022

MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware

In this paper we present MetaEmu, an architecture-agnostic emulator synt...