Treffer: HuntFUZZ: Enhancing error handling testing through clustering based fuzzing.

Testing a program's capability to effectively handle errors is a significant challenge, given that program errors are relatively uncommon. To address this, software fault injection (SFI)-based fuzzing combines SFI with traditional fuzzing to inject faults and trigger errors, enabling the testing of (error handling) code. However, current SFI-based fuzzing approaches have overlooked the correlation between paths housing error points. In fact, the execution paths of error points often share common paths. As a result, fuzzers usually generate test cases repeatedly to explore these common paths. This practice can compromise the efficiency of the fuzzer(s). To address this issue, this paper introduces HuntFUZZ, a novel SFI-based fuzzing framework designed to minimize redundant exploration of error points with correlated paths. HuntFUZZ achieves this by clustering these correlated error points and using concolic execution to resolve the path constraints necessary for approaching or reaching these clusters. This approach provides the fuzzer with optimized test cases, allowing it to efficiently explore error points within the cluster while minimizing redundancy. We evaluate HuntFUZZ on a diverse set of 42 applications, and HuntFUZZ successfully reveals 162 known bugs, with 62 of them being related to error handling. Additionally, due to its efficient error point detection method, HuntFUZZ discovers seven unique zero-day bugs, which are all missed by existing fuzzers. Furthermore, we compare HuntFUZZ with four existing fuzzing approaches, including AFL, AFL++, AFLGo, and EH-FUZZ. Our evaluation confirms that HuntFUZZ can cover a broader range of error points, and it exhibits better performance in terms of bug-finding speed. [ABSTRACT FROM AUTHOR]

Copyright of Journal of Computer Security is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)