Research And Implementation Of Defects Detection System Based On Directed Fuzzing Technology

Fuzzing is a widely used software testing technology that demonstrates excellent capabilities in terms of defects mining.However,fuzzing has the problem of blindness and randomness when exploring the program state space,which consumes a lot of computing resources and time on the paths unrelated to defects.Directed fuzzing technique can focus on a specific set of targets(usually target statements)in a program,and guide the fuzzing process towards the code areas where the targets are located,greatly shrinking the search space.The existing directed fuzzing tools are not efficient enough.Directed symbolic-execution-based white-box fuzzing performs lots of heavyweight program analysis and constraints solving at runtime,making it inefficient at runtime.Directed grey-box fuzzing,such as AFLGo,moves most of program analysis and calculation to instrumentation phrase in exchange for high efficiency at runtime,but considerable calculation during instrumentation phrase hinders the overall performance.This thesis innovatively proposes a sequence-coverage directed grey-box fuzzing technique(SDF for short).Given a set of target statement sequences,SDF technique attempts to generate test cases to exercise the statements in a sequence in order.In addition,we propose a novel seed energy-scheduling algorithm.It adjusts the number of new inputs generated by fuzzing a seed,according to the ability of its execution trace to cover the given statement sequences,called sequence coverage,to guide the directed fuzzing process producing test cases with higher sequence coverage.This thesis combines SDF technique with static analyzer to build a defect detection system called Lolly.The system uses the results of static analysis to guide the directed fuzzing process,and supports the integration and separate use of static analysis component and directed fuzzing component.In this thesis,we separately evaluate the perf;ormance of Lolly system,static analysis component of Lolly and directed fuzzing component of Lolly on general test benchmark and real-world programs,and compare with the existing excellent work AFLGo,Clang static analyzer and BugRedux.The experimental results show that Lolly can find defects in a program under test more effectively and efficiently,and is suitable for various application scenarios such as defects detection and crashes reproduction.