RDFuzz: Accelerating Directed Fuzzing with Intertwined Schedule and Optimized Mutation

Abstract EN

Directed fuzzing is a practical technique, which concentrates its testing energy on the process toward the target code areas, while costing little on other unconcerned components.

It is a promising way to make better use of available resources, especially in testing large-scale programs.

However, by observing the state-of-the-art-directed fuzzing engine (AFLGo), we argue that there are two universal limitations, the balance problem between the exploration and the exploitation and the blindness in mutation toward the target code areas.

In this paper, we present a new prototype RDFuzz to address these two limitations.

In RDFuzz, we first introduce the frequency-guided strategy in the exploration and improve its accuracy by adopting the branch-level instead of the path-level frequency.

Then, we introduce the input-distance-based evaluation strategy in the exploitation stage and present an optimized mutation to distinguish and protect the distance sensitive input content.

Moreover, an intertwined testing schedule is leveraged to perform the exploration and exploitation in turn.

We test RDFuzz on 7 benchmarks, and the experimental results demonstrate that RDFuzz is skilled at driving the program toward the target code areas, and it is not easily stuck by the balance problem of the exploration and the exploitation.