FuSeBMC v4: Improving code coverage with smart seeds via BMC, fuzzing and static analysis

IF 1.4 4区 计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING Formal Aspects of Computing Pub Date : 2024-05-20 DOI:10.1145/3665337
Kaled Alshmrany, Mohannad Aldughaim, Ahmed Bhayat, Lucas Cordeiro
{"title":"FuSeBMC v4: Improving code coverage with smart seeds via BMC, fuzzing and static analysis","authors":"Kaled Alshmrany, Mohannad Aldughaim, Ahmed Bhayat, Lucas Cordeiro","doi":"10.1145/3665337","DOIUrl":null,"url":null,"abstract":"<p>Bounded model checking (BMC) and fuzzing techniques are among the most effective methods for detecting errors and security vulnerabilities in software. However, there are still shortcomings in detecting these errors due to the inability of existent methods to cover large areas in target code. We propose <i>FuSeBMC</i> v4, a test generator that synthesizes seeds with useful properties, that we refer to as <i>smart seeds</i>, to improve the performance of its hybrid fuzzer thereby achieving high C program coverage. <i>FuSeBMC</i> works by first analyzing and incrementally injecting goal labels into the given C program to guide BMC and Evolutionary Fuzzing engines. After that, the engines are employed for an initial period to produce the so–called smart seeds. Finally, the engines are run again, with these smart seeds as starting seeds, in an attempt to achieve maximum code coverage / find bugs. During seed generation and normal running, the <i>Tracer</i> subsystem aids coordination between the engines. This subsystem conducts additional coverage analysis and updates a shared memory with information on goals covered so far. Furthermore, the <i>Tracer</i> evaluates test-cases dynamically to convert cases into seeds for subsequent test fuzzing. Thus, the BMC engine can provide the seed that allows the fuzzing engine to bypass complex mathematical guards (e.g., input validation). As a result, we received three awards for participation in the fourth international competition in software testing (Test-Comp 2022), outperforming all state-of-the-art tools in every category, including the coverage category.</p>","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":"40 1","pages":""},"PeriodicalIF":1.4000,"publicationDate":"2024-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Formal Aspects of Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3665337","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

Abstract

Bounded model checking (BMC) and fuzzing techniques are among the most effective methods for detecting errors and security vulnerabilities in software. However, there are still shortcomings in detecting these errors due to the inability of existent methods to cover large areas in target code. We propose FuSeBMC v4, a test generator that synthesizes seeds with useful properties, that we refer to as smart seeds, to improve the performance of its hybrid fuzzer thereby achieving high C program coverage. FuSeBMC works by first analyzing and incrementally injecting goal labels into the given C program to guide BMC and Evolutionary Fuzzing engines. After that, the engines are employed for an initial period to produce the so–called smart seeds. Finally, the engines are run again, with these smart seeds as starting seeds, in an attempt to achieve maximum code coverage / find bugs. During seed generation and normal running, the Tracer subsystem aids coordination between the engines. This subsystem conducts additional coverage analysis and updates a shared memory with information on goals covered so far. Furthermore, the Tracer evaluates test-cases dynamically to convert cases into seeds for subsequent test fuzzing. Thus, the BMC engine can provide the seed that allows the fuzzing engine to bypass complex mathematical guards (e.g., input validation). As a result, we received three awards for participation in the fourth international competition in software testing (Test-Comp 2022), outperforming all state-of-the-art tools in every category, including the coverage category.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
FuSeBMC v4:通过 BMC、模糊处理和静态分析利用智能种子提高代码覆盖率
有界模型检查(BMC)和模糊技术是检测软件错误和安全漏洞的最有效方法之一。然而,由于现有方法无法覆盖目标代码中的大面积区域,因此在检测这些错误方面仍存在不足。我们提出的 FuSeBMC v4 是一种测试生成器,它能合成具有有用特性的种子(我们称之为智能种子),以提高混合模糊器的性能,从而实现 C 程序的高覆盖率。FuSeBMC 的工作原理是,首先分析并逐步向给定的 C 程序中注入目标标签,以指导 BMC 和进化模糊引擎。然后,在初始阶段使用引擎生成所谓的智能种子。最后,以这些智能种子作为起始种子,再次运行引擎,试图实现最大的代码覆盖率/发现错误。在种子生成和正常运行期间,跟踪子系统会帮助引擎之间进行协调。该子系统会进行额外的覆盖率分析,并更新共享内存中有关迄今为止所覆盖目标的信息。此外,跟踪器还动态评估测试用例,将案例转化为种子,供后续测试模糊处理使用。因此,BMC 引擎可以提供种子,让模糊引擎绕过复杂的数学防护(如输入验证)。因此,在第四届国际软件测试竞赛(Test-Comp 2022)中,我们获得了三个奖项,在包括覆盖率在内的每个类别中都超越了所有最先进的工具。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Formal Aspects of Computing
Formal Aspects of Computing 工程技术-计算机:软件工程
CiteScore
3.30
自引率
0.00%
发文量
17
审稿时长
>12 weeks
期刊介绍: This journal aims to publish contributions at the junction of theory and practice. The objective is to disseminate applicable research. Thus new theoretical contributions are welcome where they are motivated by potential application; applications of existing formalisms are of interest if they show something novel about the approach or application. In particular, the scope of Formal Aspects of Computing includes: well-founded notations for the description of systems; verifiable design methods; elucidation of fundamental computational concepts; approaches to fault-tolerant design; theorem-proving support; state-exploration tools; formal underpinning of widely used notations and methods; formal approaches to requirements analysis.
期刊最新文献
A Calculus for the Specification, Design, and Verification of Distributed Concurrent Systems Trace Semantics for C++11 Memory Model SecCT: Secure and scalable count query models on encrypted genomic data On Formal Methods Thinking in Computer Science Education FuSeBMC v4: Improving code coverage with smart seeds via BMC, fuzzing and static analysis
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1