Enhancing Fuzzing Efficacy: an In-Depth Exploration and Development of Fuzzing Strategies

吴明远

WU Mingyuan

12050032

博士

计算机

张煜群

计算机科学与工程系

崔鹤鸣

香港大学

2024-08-31

2024-09-24

香港大学

香港

Fuzzing

英语

联合培养

2020-09

2024-09

[1] SJFuzz’s source code. https://github.com/lochnagarr/JITFuzz. 2022.
[2] All experiments detail in the paper. https://github.com/WorldExecute/exprs.2022.
[3] An example for Depth-Ensured transition. https : / / github . com / lochnagarr /JITFuzz/blob/main/examples/Depth-Ensured/NumberUtils.java.
[4] C. Andrieu, N. De Freitas, A. Doucet, and M. I. Jordan. “An introduction toMCMC for machine learning”. In: Machine learning 50.1 (2003), pp. 5–43.
[5] Apache Project. https : / / projects . apache . org / projects . html ? language.2022.
[6] L. Ardito, L. Barbato, M. Castelluccio, R. Coppola, C. Denizet, S. Ledru, andM. Valsesia. “rust-code-analysis: A Rust library to analyze and extract maintainability information from source codes”. In: SoftwareX 12 (2020), p. 100635.ISSN: 2352-7110. DOI: https://doi.org/10.1016/j.softx.2020.100635. URL:https://www.sciencedirect.com/science/article/pii/S2352711020303484.
[7] P. Auer, N. Cesa-Bianchi, and P. Fischer. “Finite-time analysis of the multiarmedbandit problem”. In: Machine learning 47.2 (2002), pp. 235–256.
[8] I. Bartolini, P. Ciaccia, and M. Patella. “String matching with metric trees using an approximate distance”. In: String Processing and Information Retrieval: 9thInternational Symposium, SPIRE 2002 Lisbon, Portugal, September 11–13, 2002 Proceedings 9. Springer. 2002, pp. 271–283.
[9] S. M. Blackburn, R. Garner, C. Hoffman, A. M. Khan, K. S. McKinley, R. Bentzur,A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, M. Hirzel, A. Hosking, M.Jump, H. Lee, J. E. B. Moss, A. Phansalkar, D. Stefanovi´c, T. VanDrunen, D. vonDincklage, and B. Wiedermann. “The DaCapo Benchmarks: Java BenchmarkingDevelopment and Analysis”. In: OOPSLA ’06: Proceedings of the 21st annual ACMSIGPLAN conference on Object-Oriented Programing, Systems, Languages, and Applications. Portland, OR, USA: ACM Press, Oct. 2006, pp. 169–190. DOI: http://doi.acm.org/10.1145/1167473.1167488.
[10] M. Böhme, V.-T. Pham, M.-D. Nguyen, and A. Roychoudhury. “Directed greybox fuzzing”. In: Proceedings of the 2017 ACM SIGSAC Conference on Computerand Communications Security. 2017, pp. 2329–2344.
[11] M. Böhme, V.-T. Pham, and A. Roychoudhury. “Coverage-Based Greybox Fuzzingas Markov Chain”. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS ’16. Vienna, Austria: Association for Computing Machinery, 2016, pp. 1032–1043. ISBN: 9781450341394. DOI: 10.1145/2976749.2978428. URL: https://doi.org/10.1145/2976749.2978428.
[12] A. S. Boujarwah, K. Saleh, and J. Al-Dallal. “Testing syntax and semantic coverage of Java language compilers”. In: Information and Software Technology 41.1(1999), pp. 15–28.
[13] M. Bravenboer, A. van Dam, K. Olmos, and E. Visser. “Program transformationwith scoped dynamic rewrite rules”. In: Fundamenta Informaticae 69.1-2 (2006),pp. 123–178.
[14] C. E. Brown. “Coefficient of variation”. In: Applied multivariate statistics in geohydrology and related sciences. Springer, 1998, pp. 155–157.
[15] C. Cadar, D. Dunbar, and D. Engler. “KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs”. In: Proceedingsof the 8th USENIX Conference on Operating Systems Design and Implementation.OSDI’08. San Diego, California: USENIX Association, 2008, pp. 209–224.
[16] A. Calleja, J. Tapiador, and J. Caballero. “The MalSource Dataset: QuantifyingComplexity and Code Reuse in Malware Development”. In: IEEE Transactionson Information Forensics and Security 14.12 (2019), pp. 3175–3190. DOI: 10.1109/TIFS.2018.2885512.
[17] S. Chaudhuri and A. Solar-Lezama. “Smoothing a Program Soundly and Robustly”. In: Computer Aided Verification - 23rd International Conference, CAV 2011,Snowbird, UT, USA, July 14-20, 2011. Proceedings. 2011, pp. 277–292. DOI: 10 .1007/978-3-642-22110-1\_22. URL: https://doi.org/10.1007/978-3-642-22110-1%5C_22.
[18] S. Chaudhuri and A. Solar-lezama. “Smooth interpretation”. In: In PLDI. 2010.
[19] J. Chen, J. Wang, C. Song, and H. Yin. “JIGSAW: Efficient and Scalable Path Constraints Fuzzing”. In: 2022 IEEE Symposium on Security and Privacy (SP). 2022,pp. 18–35. DOI: 10.1109/SP46214.2022.9833796.
[20] J. Chen, H. Ma, and L. Zhang. “Enhanced compiler bug isolation via memoizedsearch”. In: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. 2020, pp. 78–89. DOI: 10.1145/3324884.3416570.
[21] P. Chen and H. Chen. “Angora: Efficient fuzzing by principled search”. In: 2018IEEE Symposium on Security and Privacy (SP). IEEE. 2018, pp. 711–725.
[22] P. Chen, J. Liu, and H. Chen. “Matryoshka: fuzzing deeply nested branches”. In:Proceedings of the 2019 ACM SIGSAC Conference on Computer and CommunicationsSecurity. 2019, pp. 499–513. DOI: 10.1145/3319535.3363225.
[23] Y. Chen, A. Groce, C. Zhang, W.-K. Wong, X. Fern, E. Eide, and J. Regehr. “Taming Compiler Fuzzers”. In: SIGPLAN Not. 48.6 (June 2013), pp. 197–208. ISSN:0362-1340. DOI: 10.1145/2499370.2462173. URL: https://doi.org/10.1145/2499370.2462173.
[24] Y. Chen, M. Ahmadi, B. Wang, L. Lu, et al. “{MEUZZ}: Smart Seed Scheduling for Hybrid Fuzzing”. In: 23rd International Symposium on Research in Attacks,Intrusions and Defenses (RAID 2020). 2020, pp. 77–92.
[25] Y. Chen, P. Li, J. Xu, S. Guo, R. Zhou, Y. Zhang, T. Wei, and L. Lu. “Savior: Towards bug-driven hybrid testing”. In: 2020 IEEE Symposium on Security and Privacy (SP). IEEE. 2020, pp. 1580–1596.
[26] Y. Chen, T. Su, and Z. Su. “Deep differential testing of JVM implementations”.In: 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).IEEE. 2019, pp. 1257–1268.
[27] Y. Chen, T. Su, and Z. Su. “Deep differential testing of JVM implementations”.In: 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).IEEE. 2019, pp. 1257–1268.
[28] Y. Chen, T. Su, C. Sun, Z. Su, and J. Zhao. “Coverage-directed differential testingof JVM implementations”. In: proceedings of the 37th ACM SIGPLAN Conferenceon Programming Language Design and Implementation. 2016, pp. 85–99.
[29] K. Cho, B. Van Merriënboer, C. Gulcehre, D. Bahdanau, F. Bougares, H. Schwenk,and Y. Bengio. “Learning phrase representations using RNN encoder-decoderfor statistical machine translation”. In: arXiv preprint arXiv:1406.1078 (2014).
[30] J.-D. Choi, M. Gupta, M. Serrano, V. C. Sreedhar, and S. Midkiff. “Escape Analysis for Java”. In: Proceedings of the 14th ACM SIGPLAN Conference on ObjectOriented Programming, Systems, Languages, and Applications. OOPSLA ’99. Denver, Colorado, USA: Association for Computing Machinery, 1999, pp. 1–19. ISBN:1581132387. DOI: 10.1145/320384.320386. URL: https://doi.org/10.1145/320384.320386.
[31] Y. Choi, H. Kim, and D. Lee. “An Empirical Study for Security of WindowsDLL Files Using Automated API Fuzz Testing”. In: 2008 10th International Conference on Advanced Communication Technology. Vol. 2. 2008, pp. 1473–1475. DOI:10.1109/ICACT.2008.4494042.
[32] Coevolutionary Algorithm. https : / / wiki . ece . cmu . edu / ddl / index . php /Coevolutionary_algorithms. 2022.
[33] Complement (set theory). https://en.wikipedia.org/wiki/Complement_(set_theory). 2023.
[34] Control-flow graph generating pass of LLVM. https://llvm.org/docs/Passes.html#dot-cfg-print-cfg-of-function-to-dot-file. 2022.
[35] L. De Moura and N. Bjørner. “Z3: An Efficient SMT Solver”. In: Proceedings ofthe Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems. TACAS’08/ETAPS’08. Budapest, Hungary: Springer-Verlag, 2008, pp. 337–340. ISBN: 3540787992.
[36] Definition of Distinct Discrepancy. https : / / github . com / fuzzy000 / SJFuzz /blob/main/src/com/djfuzz/solver/JVMOutputParser.java. 2022.
[37] J. DeMott, R. Enbody, and W. F. Punch. “Revolutionizing the field of grey-boxattack surface testing with evolutionary fuzzing”. In: BlackHat and Defcon (2007).
[38] S. Dinesh, N. Burow, D. Xu, and M. Payer. “RetroWrite: Statically InstrumentingCOTS Binaries for Fuzzing and Sanitization”. In: 2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18-21, 2020. IEEE, 2020,pp. 1497–1511. DOI: 10.1109/SP40000.2020.00009. URL: https://doi.org/10.1109/SP40000.2020.00009.
[39] B. Dolan-Gavitt, P. Hulin, E. Kirda, T. Leek, A. Mambretti, W. Robertson, F. Ulrich, and R. Whelan. “LAVA: Large-Scale Automated Vulnerability Addition”.In: 2016 IEEE Symposium on Security and Privacy (SP). 2016, pp. 110–121. DOI:10.1109/SP.2016.15.
[40] Dominator and Immediate dominator, WiKipedia. https : / / en . wikipedia . org /wiki/Dominator_(graph_theory). 2022.
[41] A. F. Donaldson, H. Evrard, A. Lascu, and P. Thomson. “Automated testingof graphics shader compilers”. In: Proceedings of the ACM on Programming Languages 1.OOPSLA (2017), pp. 1–29.
[42] DragonWell11. https://github.com/alibaba/dragonwell11. 2022.
[43] DragonWell8. https://github.com/alibaba/dragonwell8. 2022.
[44] Z. Du, Y. Li, Y. Liu, B. Mao, L. Chen, J. Guo, Z. He, D. Mu, C. Pang, R. Yu, et al.“WindRanger: A Directed Greybox Fuzzer driven by Deviation Basic Blocks”.In: 2022 IEEE/ACM 44st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). 2022. DOI: 10.1145/3510003.3510197.
[45] M. Eberlein, Y. Noller, T. Vogel, and L. Grunske. “Evolutionary Grammar-BasedFuzzing”. In: Search-Based Software Engineering. Ed. by A. Aleti and A. Panichella.Cham: Springer International Publishing, 2020, pp. 105–120. ISBN: 978-3-030-59762-7.
[46] J. L. Elman. “Finding structure in time”. In: Cognitive science 14.2 (1990), pp. 179–211.
[47] S. Embleton, S. Sparks, and R. Cunningham. “Sidewinder: An EvolutionaryGuidance System for Malicious Input Crafting”. In: Black Hat USA (2006).
[48] Escape. https://en.wikipedia.org/wiki/Escape_analysis. 2022.
[49] R. B. Evans and A. Savoia. “Differential Testing: A New Approach to ChangeDetection”. In: Proceedings of the the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering. ESEC-FSE ’07. Dubrovnik, Croatia: Association for Computing Machinery, 2007, pp. 549–552. ISBN: 9781595938114. DOI: 10.1145/1287624.1287707. URL: https://doi.org/10.1145/1287624.1287707.
[50] A. Fioraldi, D. Maier, H. Eißfeldt, and M. Heuse. “AFL++: Combining incremental steps of fuzzing research”. In: 14th {USENIX} Workshop on Offensive Technologies ({WOOT} 20). 2020.
[51] M. E. Garbelini, V. Bedi, S. Chattopadhyay, S. Sun, and E. Kurniawan. “{BrakTooth}:Causing Havoc on Bluetooth Link Manager via Directed Fuzzing”. In: 31st USENIXSecurity Symposium (USENIX Security 22). 2022, pp. 1025–1042. URL: https://www.usenix.org/conference/usenixsecurity22/presentation/garbelini.
[52] Gestalt Pattern Matching Distance. https://en.wikipedia.org/wiki/Gestalt_pattern_matching. 2022.
[53] github. GitHub. 2022. URL: https://github.com/
[54] Github Repository. 2022. MirageFuzz. https : / / github . com / WorldExecute /fuzzer. 2022.
[55] Global Escape. https://wiki.openjdk.org/display/HotSpot/EscapeAnalysis.2022.
[56] P. Godefroid, N. Klarlund, and K. Sen. “DART: Directed automated randomtesting”. In: Proceedings of the 2005 ACM SIGPLAN conference on Programminglanguage design and implementation. 2005, pp. 213–223.
[57] P. Godefroid, M. Y. Levin, D. A. Molnar, et al. “Automated whitebox fuzz testing.” In: NDSS. Vol. 8. 2008, pp. 151–166.
[58] A. Graves and J. Schmidhuber. “Framewise phoneme classification with bidirectional LSTM and other neural network architectures”. In: Neural networks 18.5-6(2005), pp. 602–610.
[59] Z. Gui, H. Shu, F. Kang, and X. Xiong. “FIRMCORN: Vulnerability-OrientedFuzzing of IoT Firmware via Optimized Virtual Execution”. In: IEEE Access 8(2020), pp. 29826–29841. DOI: 10.1109/ACCESS.2020.2973043.
[60] S. Hashima, M. M. Fouda, Z. M. Fadlullah, E. M. Mohamed, and K. Hatano. “Improved UCB-based Energy-Efficient Channel Selection in Hybrid-Band Wireless Communication”. In: 2021 IEEE Global Communications Conference (GLOBECOM). IEEE. 2021, pp. 1–6.
[61] A. Herrera, H. Gunadi, S. Magrath, M. Norrish, M. Payer, and T. Hosking. “SeedSelection for Successful Fuzzing”. In: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis. ISSTA 2021. Virtual Event,USA, 2021.
[62] S. Hochreiter and J. Schmidhuber. “Long short-term memory”. In: Neural computation 9.8 (1997), pp. 1735–1780.
[63] How the JIT compiler optimizes code. https://www.ibm.com/docs/en/sdk-javatechnology/8?topic=compiler-how-jit-optimizes-code. 2022.
[64] C.-C. Hsu, C.-Y. Wu, H.-C. Hsiao, and S.-K. Huang. “Instrim: Lightweight instrumentation for coverage-guided fuzzing”. In: Symposium on Network and Distributed System Security (NDSS), Workshop on Binary Analysis Research. 2018. DOI:10.14722/bar.2018.23014.
[65] D. Huang, J.-B. Tristan, and G. Morrisett. “Compiling Markov chain Monte Carloalgorithms for probabilistic modeling”. In: Proceedings of the 38th ACM SIGPLANConference on Programming Language Design and Implementation. 2017, pp. 111–125.
[66] H. Huang, P. Yao, R. wu, Q. Shi, and C. Zhang. “Pangolin: Incremental HybridFuzzing with Polyhedral Path Abstraction”. In: May 2020, pp. 1613–1627. DOI:10.1109/SP40000.2020.00063.
[67] Inlining. https://en.wikipedia.org/wiki/Inline_expansion. 2022.
[68] J9. http://www.ibm.com/developerworks/java/jdk. 2022.
[69] Jaro Distance. https : / / en . wikipedia . org / wiki / Jaro % E2 % 80 % 93Winkler _distance. 2022.
[70] JDK-8280126. https://bugs.openjdk.org/browse/JDK-8280126. 2022.
[71] jhead use-of-uninitialized-value bug issue. https://github.com/Matthias-Wandel/jhead/issues/53. 2022.
[72] JIt Bug. https://github.com/eclipse/openj9/issues/9381. 2020.
[73] JRockit. https://docs.oracle.com/cd/E13150_01/jrockit_jvm/jrockit/webdocs/index.html. 2022.
[74] JUnit Official Website. https://junit.org/. 2022.
[75] Just-in-time compilation. https://en.wikipedia.org/wiki/Just- in- time_compilation. 2021.
[76] V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis. “libdft: Practical dynamic data flow tracking for commodity systems”. In: Proceedings of the 8th ACMSIGPLAN/SIGOPS conference on Virtual Execution Environments. 2012, pp. 121–132. DOI: 10.1145/2365864.2151042.
[77] J. Kennedy and R. Eberhart. “Particle swarm optimization”. In: Proceedings ofICNN’95-international conference on neural networks. Vol. 4. IEEE. 1995, pp. 1942–1948.
[78] G. Klees, A. Ruef, B. Cooper, S. Wei, and M. Hicks. “Evaluating fuzz testing”. In:Proceedings of the 2018 ACM SIGSAC Conference on Computer and CommunicationsSecurity. 2018, pp. 2123–2138.
[79] J. Kukucka, L. Pina, P. Ammann, and J. Bell. “CONFETTI: Amplifying ConcolicGuidance for Fuzzers”. In: 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE). 2022, pp. 438–450. DOI: 10.1145/3510003.3510628.
[80] A. Kuleshov, P. Trifanov, V. Frolov, and G. Liang. “Diktat: Lightweight StaticAnalysis for Kotlin”. In: 2021 IEEE International Symposium on Software ReliabilityEngineering Workshops (ISSREW). IEEE. 2021, pp. 365–370.
[81] laf-intel instrumentation. https : / / github . com / AFLplusplus / AFLplusplus /blob/stable/instrumentation/README.laf-intel.md. 2022.
[82] C. Lattner. “LLVM and Clang: Next generation compiler technology”. In: TheBSD conference. Vol. 5. 2008, pp. 1–20.
[83] C. Lattner and V. Adve. “LLVM: A compilation framework for lifelong programanalysis & transformation”. In: International Symposium on Code Generation andOptimization, 2004. CGO 2004. IEEE. 2004, pp. 75–86.
[84] V. Le, M. Afshari, and Z. Su. “Compiler Validation via Equivalence modulo Inputs”. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation. PLDI ’14. Edinburgh, United Kingdom: Association for Computing Machinery, 2014, pp. 216–226. ISBN: 9781450327848. DOI:10 . 1145 / 2594291 . 2594334. URL: https : / / doi . org / 10 . 1145 / 2594291 .2594334.
[85] V. Le, C. Sun, and Z. Su. “Finding deep compiler bugs via guided stochasticprogram mutation”. In: ACM SIGPLAN Notices 50.10 (2015), pp. 386–399. DOI:10.1145/2858965.2814319.
[86] Y. LeCun, B. Boser, J. S. Denker, D. Henderson, R. E. Howard, W. Hubbard, andL. D. Jackel. “Backpropagation applied to handwritten zip code recognition”.In: Neural computation 1.4 (1989), pp. 541–551.
[87] C. Lemieux. Comments on Havoc. https://twitter.com/cestlemieux/status/1524438583184138240. 2022.
[88] C. Lemieux and K. Sen. “Fairfuzz: A targeted mutation strategy for increasinggreybox fuzz testing coverage”. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. 2018, pp. 475–485.
[89] V. I. Levenshtein. “Binary codes capable of correcting deletions, insertions, andreversals”. In: Soviet physics doklady. Vol. 10. 8. 1966, pp. 707–710.
[90] Y. Li, B. Chen, M. Chandramohan, S.-W. Lin, Y. Liu, and A. Tiu. “Steelix: programstate based binary fuzzing”. In: Proceedings of the 2017 11th Joint Meeting onFoundations of Software Engineering. 2017, pp. 627–637. DOI: 10.1145/3106237.3106295.
[91] Y. Li, S. Ji, C. Lv, Y. Chen, J. Chen, Q. Gu, and C. Wu. “V-fuzz: Vulnerabilityoriented evolutionary fuzzing”. In: arXiv preprint arXiv:1901.01142 (2019).
[92] J. Liang, M. Wang, C. Zhou, Z. Wu, Y. Jiang, J. Liu, Z. Liu, and J. Sun. “PATA:Fuzzing with Path Aware Taint Analysis”. In: 2022 2022 IEEE Symposium on Security and Privacy (SP) (SP). Los Alamitos, CA, USA: IEEE Computer Society,May 2022, pp. 154–170. DOI: 10 . 1109 / SP46214 . 2022 . 00010. URL: https ://doi.ieeecomputersociety.org/10.1109/SP46214.2022.00010.
[93] J. Liang, M. Wang, Y. Chen, Y. Jiang, and R. Zhang. “Fuzz testing in practice:Obstacles and solutions”. In: 2018 IEEE 25th International Conference on SoftwareAnalysis, Evolution and Reengineering (SANER). 2018, pp. 562–566. DOI: 10.1109/SANER.2018.8330260.
[94] libpng - library for use in applications that read, create, and manipulate PNG. https://github.com/glennrp/libpng. 2022.
[95] List of JVM languages, WiKipedia. https://en.wikipedia.org/wiki/List_of_JVM_languages. 2022.
[96] Y. Liu, Y. Wang, P. Su, Y. Yu, and X. Jia. “InstruGuard: Find and Fix Instrumentation Errors for Coverage-based Greybox Fuzzing”. In: 2021 36th IEEE/ACMInternational Conference on Automated Software Engineering (ASE). 2021, pp. 568–580. DOI: 10.1109/ASE51524.2021.9678671.
[97] C. Lyu, S. Ji, C. Zhang, Y. Li, W.-H. Lee, Y. Song, and R. Beyah. “{MOPT}: Optimized mutation scheduling for fuzzers”. In: 28th {USENIX} Security Symposium({USENIX} Security 19). 2019, pp. 1949–1966.
[98] Main Repo for SJFuzz. https://github.com/fuzzy000/SJFuzz. 2022.
[99] Matthias-Wandel. The jhead Repo. https : / / github . com / Matthias - Wandel /jhead. 2021.
[100] T. McCabe. “A Complexity Measure”. In: vol. SE-2. 4. 1976, pp. 308–320. DOI:10.1109/TSE.1976.233837.
[101] Memory SSA in LLVM. https://llvm.org/docs/MemorySSA.html. 2022.
[102] H. D. Menendez and D. Clark. “Hashing Fuzzing: Introducing Input Diversity to Improve Crash Detection”. In: IEEE Transactions on Software Engineering(2021), pp. 1–1. DOI: 10.1109/TSE.2021.3100858.
[103] J. Metzman, L. Szekeres, L. Simon, R. Sprabery, and A. Arya. “Fuzzbench: anopen fuzzer benchmarking platform and service”. In: Proceedings of the 29thACM joint meeting on European software engineering conference and symposium onthe foundations of software engineering. 2021, pp. 1393–1403. DOI: 10.1145/3468264.3473932.
[104] Monte Carlo Method. https://en.wikipedia.org/wiki/Monte_Carlo_method.2022.
[105] Motivate Examples. https : / / github . com / eclipse / openj9 / issues / 11683.2021.
[106] Motivate Examples. https : / / github . com / eclipse / openj9 / issues / 11684.2021.
[107] S. Nagy and M. Hicks. “Full-Speed Fuzzing: Reducing Fuzzing Overhead throughCoverage-Guided Tracing”. In: 2019 IEEE Symposium on Security and Privacy, SP2019, San Francisco, CA, USA, May 19-23, 2019. IEEE, 2019, pp. 787–802. DOI:10.1109/SP.2019.00069. URL: https://doi.org/10.1109/SP.2019.00069.
[108] D. Novillo et al. “Memory SSA-a unified approach for sparsely representingmemory operations”. In: Proceedings of the GCC Developers’ Summit. Citeseer.2007, pp. 97–110.
[109] OpenJ9. https://www.eclipse.org/openj9/. 2022.
[110] OpenJ9 assertion failure. https : / / github . com / eclipse - openj9 / openj9 /issues/15639. 2022.
[111] OpenJ9 Optimizer Vulnerability. https://github.com/eclipse-openj9/openj9/issues/15764. 2022.
[112] OpenJDK. https://jdk.java.net/. 2022.
[113] OpenJDK JDK 19 Release-Candidate Builds. https://jdk.java.net/19/. 2022.
[114] Oraclejdk. https://www.oracle.com/java/technologies/downloads/. 2022.
[115] Y. Ouyang, K. Shao, K. Chen, R. Shen, C. Chen, M. Xu, Y. Zhang, and L. Zhang.“MirrorTaint: Practical Non-intrusive Dynamic Taint Tracking for JVM-basedMicroservice Systems”. In: Proceedings of the 45th International Conference on Software Engineering. ICSE ’23. Association for Computing Machinery, 2023.
[116] R. Padhye, C. Lemieux, K. Sen, M. Papadakis, and Y. Le Traon. “Semantic fuzzingwith zest”. In: Proceedings of the 28th ACM SIGSOFT International Symposium onSoftware Testing and Analysis. 2019, pp. 329–340.
[117] M. Paleczny, C. Vick, and C. Click. “The Java HotSpot™ Server Compiler”. In:Java (TM) Virtual Machine Research and Technology Symposium (JVM 01). Monterey, CA: USENIX Association, Apr. 2001.
[118] M. Paleczny, C. Vick, and C. Click. “The Java HotspotTM Server Compiler”. In:Proceedings of the 2001 Symposium on JavaTM Virtual Machine Research and Technology Symposium - Volume 1. JVM’01. Monterey, California: USENIX Association,2001, p. 1.
[119] S. Park, W. Xu, I. Yun, D. Jang, and T. Kim. “Fuzzing JavaScript Engines withAspect-preserving Mutation”. In: 2020 IEEE Symposium on Security and Privacy(SP). 2020, pp. 1629–1642. DOI: 10.1109/SP40000.2020.00067.
[120] PCRE2 - Perl-Compatible Regular Expressions. https://github.com/PCRE2Project/pcre2. 2022.
[121] pcre2 infinite loop bug issue. https : / / github . com / PCRE2Project / pcre2 /issues/141. 2022.
[122] H. Peng, Y. Shoshitaishvili, and M. Payer. “T-Fuzz: Fuzzing by Program Transformation”. In: 2018 IEEE Symposium on Security and Privacy (SP). 2018, pp. 697–710. DOI: 10.1109/SP.2018.00056.
[123] Perl - a highly capable, feature-rich programming language. https : / / www . perl .org/. 2022.
[124] pngfix use-of-uninitialized-value bug issue. https://github.com/glennrp/libpng/issues/424. 2022.
[125] R. Potharaju and N. Jain. “Demystifying the dark side of the middle: A fieldstudy of middlebox failures in datacenters”. In: Proceedings of the 2013 conferenceon Internet measurement conference. 2013, pp. 9–22.
[126] E. J. Powley, D. Whitehouse, and P. I. Cowling. “Bandits all the way down: UCB1as a simulation policy in Monte Carlo Tree Search”. In: 2013 IEEE Conference onComputational Inteligence in Games (CIG). IEEE. 2013, pp. 1–8.
[127] S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, and H. Bos. “VUzzer:Application-aware Evolutionary Fuzzing.” In: NDSS. Vol. 17. 2017, pp. 1–14.
[128] S. Reddy, C. Lemieux, R. Padhye, and K. Sen. “Quickly Generating DiverseValid Test Inputs with Reinforcement Learning”. In: 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE). 2020, pp. 1410–1421.
[129] Y. Ren, S. Krishnamurthi, and K. Fisler. “What Help Do Students Seek in TA Office Hours”. In: Proceedings of the 2019 ACM Conference on International ComputingEducation Research. Association for Computing Machinery. 2019, pp. 41–49.
[130] G. Repository. Havoc-Study. https://github.com/MagicHavoc/Havoc-Study.2021.
[131] G. Repository. Program smoothing fuzzing. https : / / github . com / PoShaung /program-smoothing-fuzzing. 2021.
[132] B. K. Rosen, M. N. Wegman, and F. K. Zadeck. “Global value numbers and redundant computations”. In: Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. 1988, pp. 12–27. DOI: 10 . 1145 /73560.73562.
[133] E. J. Schwartz, T. Avgerinos, and D. Brumley. “All You Ever Wanted to Knowabout Dynamic Taint Analysis and Forward Symbolic Execution (but MightHave Been Afraid to Ask)”. In: 2010 IEEE Symposium on Security and Privacy.2010, pp. 317–331. DOI: 10.1109/SP.2010.26.
[134] D. She. Comments on ML-based fuzzing. https://twitter.com/DongdongShe/status/1732271632675447063. 2023.
[135] D. She. neuzz repository. https://github.com/Dongdongshe/neuzz. 2020.
[136] D. She, R. Krishna, L. Yan, S. Jana, and B. Ray. “MTFuzz: fuzzing with a multitask neural network”. In: Proceedings of the 28th ACM Joint Meeting on EuropeanSoftware Engineering Conference and Symposium on the Foundations of Software Engineering. 2020, pp. 737–749.
[137] D. She, K. Pei, D. Epstein, J. Yang, B. Ray, and S. Jana. “NEUZZ: Efficient fuzzingwith neural program smoothing”. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE. 2019, pp. 803–817.
[138] D. She, A. Shah, and S. Jana. “Effective Seed Scheduling for Fuzzing with GraphCentrality Analysis”. In: 2022 IEEE Symposium on Security and Privacy (SP). 2022,pp. 2194–2211. DOI: 10.1109/SP46214.2022.9833761.
[139] Q. Shen, H. Ma, J. Chen, Y. Tian, S.-C. Cheung, and X. Chen. “A comprehensive study of deep learning compiler bugs”. In: Proceedings of the 29th ACM JointMeeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 2021, pp. 968–980.
[140] Z. Shen, R. Roongta, and B. Dolan-Gavitt. “Drifuzz: Harvesting Bugs in DeviceDrivers from Golden Seeds”. In: 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Aug. 2022, pp. 1275–1290. URL: https://www.usenix.org/conference/usenixsecurity22/presentation/shen-zekun.
[141] C. Shou, I. B. Kadron, Q. Su, and T. Bultan. “Corbfuzz: Checking browser security policies with fuzzing”. In: 2021 36th IEEE/ACM International Conference onAutomated Software Engineering (ASE). IEEE. 2021, pp. 215–226. DOI: 10.1109/ASE51524.2021.9678636.
[142] A. Silberschatz, P. B. Galvin, and G. Gagne. Operating System Concepts, 10e AbridgedPrint Companion. John Wiley & Sons, 2018.
[143] Simplification. https://en.wikipedia.org/wiki/Computer_algebra#Simplification.2022.
[144] Spring Verify Error. https://github.com/eclipse/openj9/issues/5676. 2020.
[145] E. Stepanov and K. Serebryany. “MemorySanitizer: fast detector of uninitializedmemory use in C++”. In: 2015 IEEE/ACM International Symposium on Code Generation and Optimization (CGO). IEEE. 2015, pp. 46–55. DOI: 10.1109/CGO.2015.7054186.
[146] strip out-of-memory bug issue. https://sourceware.org/bugzilla/show_bug.cgi?id=29495. 2022.
[147] Structured Locking Issue. https://github.com/eclipse/openj9/issues/9276.2020.
[148] C. Sun, V. Le, and Z. Su. “Finding Compiler Bugs via Live Code Mutation”. In:SIGPLAN Not. 51.10 (Oct. 2016), pp. 849–863. ISSN: 0362-1340. DOI: 10 . 1145 /3022671.2984038. URL: https://doi.org/10.1145/3022671.2984038.
[149] A. Takanen, J. D. Demott, C. Miller, and A. Kettunen. Fuzzing for software securitytesting and quality assurance. Artech House, 2018.
[150] Q. Tao, W. Wu, C. Zhao, and W. Shen. “An automatic testing approach for compiler based on metamorphic testing technique”. In: 2010 Asia Pacific SoftwareEngineering Conference. IEEE. 2010, pp. 270–279.
[151] The Java Virtual Machine Specification. https : / / docs . oracle . com / javase /specs/index.html. 2022.
[152] R. Vallee-Rai and L. J. Hendren. Jimple: Simplifying Java Bytecode for Analyses andTransformations. 1998.
[153] R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan. “Soot: AJava bytecode optimization framework”. In: CASCON First Decade High ImpactPapers. 2010, pp. 214–224.
[154] Verify Bug. https://github.com/eclipse/openj9/issues/9385. 2020.
[155] M. Wang, J. Liang, C. Zhou, Y. Jiang, R. Wang, C. Sun, and J. Sun. “RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing”. In: 2021 USENIXAnnual Technical Conference (USENIX ATC 21). USENIX Association, July 2021,pp. 147–159. URL: https://www.usenix.org/conference/atc21/presentation/wang-mingzhe.
[156] X. Wang, J. Tang, M. Yu, G. Yin, and J. Li. “A UCB1-Based Online Job Dispatcherfor Heterogeneous Mobile Edge Computing System”. In: 2018 Third InternationalConference on Security of Smart Cities, Industrial Control System and Communications (SSIC). IEEE. 2018, pp. 1–6.
[157] Y. Wang, X. Jia, Y. Liu, K. Zeng, T. Bao, D. Wu, and P. Su. “Not All CoverageMeasurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization.” In: NDSS. 2020.
[158] M. Weiser. “Program slicing”. In: IEEE Transactions on software engineering 4 (1984),pp. 352–357. DOI: 10.1109/TSE.1984.5010248.
[159] Wikipedia. Exposing Bugs by Fuzzing. https : / / en . wikipedia . org / wiki /Fuzzing. 2021.
[160] Wikipedia. Fuzzing. en . wikipedia . org / wiki / Fuzzing. Online; accessed 27-Jan-2020. 2020.
[161] Wikipedia. Jaccard Distance. https://en.wikipedia.org/wiki/Jaccard_index.2021.
[162] Wikipedia. Multi-armed Bandit Problem. https : / / en . wikipedia . org / wiki /Multi-armed_bandit. 2021.
[163] Wikipedia. Socket programming. https://en.wikipedia.org/wiki/Network_socket. 2021.
[164] R. Wilhelm, H. Seidl, and S. Hack. Compiler design: syntactic and semantic analysis.Springer Science & Business Media, 2013.
[165] M. Wu, K. Chen, Q. Luo, J. Xiang, J. Qi, J. Chen, H. Cui, and Y. Zhang. “Enhancing Coverage-Guided Fuzzing via Phantom Program”. In: Proceedings of the 31stACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 2023, pp. 1037–1049.
[166] M. Wu, L. Jiang, J. Xiang, Y. Huang, H. Cui, L. Zhang, and Y. Zhang. “OneFuzzing Strategy to Rule Them All”. In: 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE). 2022.
[167] M. Wu, L. Jiang, J. Xiang, Y. Zhang, G. Yang, H. Ma, S. Nie, S. Wu, H. Cui,and L. Zhang. “Evaluating and Improving Neural Program-Smoothing-basedFuzzing”. In: 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE). 2022, pp. 847–858. DOI: 10.1145/3510003.3510089.
[168] M. Wu, M. Lu, H. Cui, J. Chen, Y. Zhang, and L. Zhang. “JITfuzz: Coverageguided Fuzzing for JVM Just-in-Time Compilers”. In: 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). 2023, pp. 56–68. DOI: 10.1109/ICSE48619.2023.00017.
[169] M. Wu, Y. Ouyang, M. Lu, J. Chen, Y. Zhao, H. Cui, G. Yang, and Y. Zhang.“SJFuzz: Seed and Mutator Scheduling for JVM Fuzzing”. In: Proceedings of the31st ACM Joint European Software Engineering Conference and Symposium on theFoundations of Software Engineering. 2023, pp. 1062–1074.
[170] X. Yang, Y. Chen, E. Eide, and J. Regehr. “Finding and Understanding Bugs inC Compilers”. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation. PLDI ’11. San Jose, California, USA:Association for Computing Machinery, 2011, pp. 283–294. ISBN: 9781450306638.DOI: 10.1145/1993498.1993532. URL: https://doi.org/10.1145/1993498.1993532.
[171] Y. Yang, B. Jenny, T. Dwyer, K. Marriott, H. Chen, and M. Cordeil. “Maps andglobes in virtual reality”. In: Computer Graphics Forum. Vol. 37. 3. Wiley OnlineLibrary. 2018, pp. 427–438.
[172] X. Yao, Y. Liu, and G. Lin. “Evolutionary programming made faster”. In: IEEETransactions on Evolutionary computation 3.2 (1999), pp. 82–102.
[173] T. Yoshikawa, K. Shimura, and T. Ozawa. “Random program generator for JavaJIT compiler test system”. In: Third International Conference on Quality Software,2003. Proceedings. 2003, pp. 20–23. DOI: 10.1109/QSIC.2003.1319081.
[174] I. Yun, S. Lee, M. Xu, Y. Jang, and T. Kim. “{QSYM}: A practical concolic execution engine tailored for hybrid fuzzing”. In: 27th {USENIX} Security Symposium({USENIX} Security 18). 2018, pp. 745–761.
[175] I. Yun, S. Lee, M. Xu, Y. Jang, and T. Kim. “{QSYM}: A practical concolic execution engine tailored for hybrid fuzzing”. In: 27th {USENIX} Security Symposium({USENIX} Security 18). 2018, pp. 745–761.
[176] M. Zalewski. Edge Coverage Dopted in AFL. https://groups.google.com/g/afl-users/c/fOPeb62FZUg/m/LYxgPYheDwAJ. 2016.
[177] M. Zalewski. AFL Official Seed Corpus. http : / / lcamtuf . coredump . cx / afl /demo/. 2021.
[178] M. Zalewski. American Fuzz Lop. https://github.com/google/AFL. 2020.
[179] G. Zhang, P. Wang, T. Yue, X. Kong, S. Huang, X. Zhou, and K. Lu. “Mobfuzz:Adaptive multi-objective optimization in gray-box fuzzing”. In: Network andDistributed Systems Security (NDSS) Symposium 2022. 2022. DOI: https://dx.doi.org/10.14722/ndss.2022.24314.
[180] K. Zhang, X. Xiao, X. Zhu, R. Sun, M. Xue, and S. Wen. “Path Transitions TellMore: Optimizing Fuzzing Schedules via Runtime Program States”. In: 2022IEEE/ACM 44th International Conference on Software Engineering (ICSE). 2022, pp. 1658–1668. DOI: 10.1145/3510003.3510063.
[181] M. Zhang, Y. Zhang, L. Zhang, C. Liu, and S. Khurshid. “DeepRoad: GAN-BasedMetamorphic Testing and Input Validation Framework for Autonomous Driving Systems”. In: 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE). 2018, pp. 132–142. DOI: 10.1145/3238147.3238187.
[182] Q. Zhang, C. Sun, and Z. Su. “Skeletal Program Enumeration for Rigorous Compiler Testing”. In: SIGPLAN Not. 52.6 (June 2017), pp. 347–361. ISSN: 0362-1340.DOI: 10.1145/3140587.3062379. URL: https://doi.org/10.1145/3140587.3062379.
[183] Y. Zhao, Z. Wang, J. Chen, M. Liu, M. Wu, Y. Zhang, and L. Zhang. “HistoryDriven Test Program Synthesis for JVM Testing”. In: Proceedings of the 44th International Conference on Software Engineering. ICSE ’22. Pittsburgh, Pennsylvania:Association for Computing Machinery, 2022, pp. 1133–1144. ISBN: 9781450392211.DOI: 10.1145/3510003.3510059. URL: https://doi.org/10.1145/3510003.3510059.
[184] H. Zhou, W. Li, Z. Kong, J. Guo, Y. Zhang, B. Yu, L. Zhang, and C. Liu. “DeepBillboard: Systematic Physical-World Testing of Autonomous Driving Systems”.In: 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE).2020, pp. 347–358.

人工提交

Wu MY. Enhancing Fuzzing Efficacy: an In-Depth Exploration and Development of Fuzzing Strategies[D]. 香港. 香港大学,2024.