Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach

by   Saahil Ognawala, et al.

Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all paths in the program. Due to the path-explosion problem and dependence on SMT solvers, symbolic execution may also not achieve high path coverage. A hybrid technique involving fuzzing and symbolic execution may achieve better function coverage than fuzzing or symbolic execution alone. In this paper, we present Munch, an open source framework implementing two hybrid techniques based on fuzzing and symbolic execution. We empirically show using nine large open-source programs that overall, Munch achieves higher (in-depth) function coverage than symbolic execution or fuzzing alone. Using metrics based on total analyses time and number of queries issued to the SMT solver, we also show that Munch is more efficient at achieving better function coverage.


page 1

page 2

page 3

page 4


Reviewing KLEE's Sonar-Search Strategy in Context of Greybox Fuzzing

Automatic test-case generation techniques of symbolic execution and fuzz...

Compositional Fuzzing Aided by Targeted Symbolic Execution

Guided fuzzing has, in recent years, been able to uncover many new vulne...

Badger: Complexity Analysis with Fuzzing and Symbolic Execution

Hybrid testing approaches that involve fuzz testing and symbolic executi...

An Exploratory Survey of Hybrid Testing Techniques Involving Symbolic Execution and Fuzzing

Recent efforts in practical symbolic execution have successfully mitigat...

Countering the Path Explosion Problem in the Symbolic Execution of Hardware Designs

Symbolic execution is a powerful verification tool for hardware designs,...

Fuzzing Symbolic Expressions

Recent years have witnessed a wide array of results in software testing,...

Defeating Opaque Predicates Statically through Machine Learning and Binary Analysis

We present a new approach that bridges binary analysis techniques with m...

Please sign up or login with your details

Forgot password? Click here to reset