Treffer: Systematic bug finding and fault localization enhanced with input data tracking

Abstract: Fault localization (FL) is the process of debugging erroneous code and directing analysts to the root cause of the bug. With this in mind, we have developed a distributed, end-to-end fuzzing and analysis system that starts with a binary, identifies bugs, and subsequently localizes the bug''s root cause. Our system does not require the test subject''s source code, nor do we require a test suite. Our work focuses on an important class of bugs, memory corruption errors, which usually have software security implications. Thus, our approach appeals to software attack researchers as well. In addition to our bug hunting and analysis framework, we have enhanced code-coverage based fault localization by incorporating input data tainting and tracking using a light-weight binary instrumentation technique. By capturing code coverage and select input data usage, our new FL algorithm is able to better localize faults, and therefore better assist analysts. We report the application of our approach on large, real-world applications (Firefox and VLC), as well as the classic Siemens benchmark and other test programs. [Copyright &y& Elsevier]

Copyright of Computers & Security is the property of Pergamon Press - An Imprint of Elsevier Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)