计算机应用与软件2024,Vol.41Issue(11):15-22,32,9.DOI:10.3969/j.issn.1000-386x.2024.11.002
面向结构化输入的模糊测试
FUZZING FOR STRUCTURED INPUTS
摘要
Abstract
Fuzzing is one of the most effective software testing techniques currently.However,the state-of-the-art fuzzers have limited ability to generate structured inputs which can satisfy the format requirements,leading to the poor performance.In order to solve such problems,this paper proposes a structure-aware fuzzer ChunkFuzzer that automatically analyzes the input structure.ChunkFuzzer constructed the inputs'tree structure according to the way the program uses the inputs,and used it as additional information of the seed inputs.We performed heuristic structure-aware mutations,so that the generated inputs could satisfy the specific format requirements and explore the deep logic of the program.The test results on 6 open source softwares show that ChunkFuzzer has improved code line coverage by 55%,61%,and 50%compared with AFL,AFL++,and FairFuzz in the same time limit.关键词
模糊测试/自动化测试/结构化输入Key words
Fuzzing test/Automated test/Structured inputs分类
信息技术与安全科学引用本文复制引用
乔丹,周顺帆,杨哲慜..面向结构化输入的模糊测试[J].计算机应用与软件,2024,41(11):15-22,32,9.基金项目
国家自然科学基金项目(U1736208,61972099,U1836210,U1836213,U1636204) (U1736208,61972099,U1836210,U1836213,U1636204)
国家重点基础研究发展计划项目(2015CB358800) (2015CB358800)
上海市自然科学基金项目(19ZR1404800). (19ZR1404800)
