TY - GEN
T1 - Sound Predictive Fuzzing for Multi-threaded Programs
AU - Guo, Yuqi
AU - Liang, Zheheng
AU - Zhu, Shihao
AU - Wang, Jinqiu
AU - Yang, Zijiang
AU - Shen, Wuqiang
AU - Zhang, Jinbo
AU - Cai, Yan
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Developing correct multi-threaded programs is challenging and concurrency bugs can be easily introduced. Many of them, known as concurrency vulnerabilities, can be exploited to launch attacks. Fuzzing is shown to be a practical and effective technique to expose vulnerabilities. However, existing works on fuzzing concurrency vulnerabilities almost all follow the framework (like AFL++) designed for fuzzing sequential vulnerabilities. Unlike sequential vulnerabilities, concurrency ones cannot be easily triggered. Concurrency vulnerabilities rely on both inputs and thread interleaving to be exposed while existing fuzzing techniques mainly focus on how to generate effective inputs. We present a new framework based on an existing fuzzing technique, AFL++, to integrate the predictive techniques for effective concurrency vulnerability detection. For every input (the original and the mutated ones), we call a predictive tool such that, even if a concurrency vulnerability is not really triggered, it can be predicted. To overcome heavy efficiency challenges existing in predictive tools, we propose to selectively call a predictive tool based on concurrency coverage criteria. We have selected a sound predictive tool SeqCheck and adapted it to propose our fuzzing framework PredFuzz. We compared our tool with two tools, AFL++ integrated with Google ThreadSanitizer and AFL++ directly integrated with SeqCheck, on six previously studied multi-threaded programs. The experimental results showed that PredFuzz detected significantly more vulnerabilities than AFL++ integrated with ThreadSanitizer and about 70% vulnerabilities detected by AFL++ directly integrated with SeqCheck. Besides, it is extremely efficient without compromising the fuzzing speed of AFL++: it added a smaller slowdown to AFL++ than ThreadSanitizer did and achieved a speedup of more than 1,000x when compared to AFL++ directly integrated with SeqCheck.
AB - Developing correct multi-threaded programs is challenging and concurrency bugs can be easily introduced. Many of them, known as concurrency vulnerabilities, can be exploited to launch attacks. Fuzzing is shown to be a practical and effective technique to expose vulnerabilities. However, existing works on fuzzing concurrency vulnerabilities almost all follow the framework (like AFL++) designed for fuzzing sequential vulnerabilities. Unlike sequential vulnerabilities, concurrency ones cannot be easily triggered. Concurrency vulnerabilities rely on both inputs and thread interleaving to be exposed while existing fuzzing techniques mainly focus on how to generate effective inputs. We present a new framework based on an existing fuzzing technique, AFL++, to integrate the predictive techniques for effective concurrency vulnerability detection. For every input (the original and the mutated ones), we call a predictive tool such that, even if a concurrency vulnerability is not really triggered, it can be predicted. To overcome heavy efficiency challenges existing in predictive tools, we propose to selectively call a predictive tool based on concurrency coverage criteria. We have selected a sound predictive tool SeqCheck and adapted it to propose our fuzzing framework PredFuzz. We compared our tool with two tools, AFL++ integrated with Google ThreadSanitizer and AFL++ directly integrated with SeqCheck, on six previously studied multi-threaded programs. The experimental results showed that PredFuzz detected significantly more vulnerabilities than AFL++ integrated with ThreadSanitizer and about 70% vulnerabilities detected by AFL++ directly integrated with SeqCheck. Besides, it is extremely efficient without compromising the fuzzing speed of AFL++: it added a smaller slowdown to AFL++ than ThreadSanitizer did and achieved a speedup of more than 1,000x when compared to AFL++ directly integrated with SeqCheck.
KW - bug prediction
KW - concurrency bugs
KW - fuzzing
KW - threads
UR - https://www.scopus.com/pages/publications/85168868285
U2 - 10.1109/COMPSAC57700.2023.00110
DO - 10.1109/COMPSAC57700.2023.00110
M3 - 会议稿件
AN - SCOPUS:85168868285
T3 - Proceedings - International Computer Software and Applications Conference
SP - 810
EP - 819
BT - Proceedings - 2023 IEEE 47th Annual Computers, Software, and Applications Conference, COMPSAC 2023
A2 - Shahriar, Hossain
A2 - Teranishi, Yuuichi
A2 - Cuzzocrea, Alfredo
A2 - Sharmin, Moushumi
A2 - Towey, Dave
A2 - Majumder, AKM Jahangir Alam
A2 - Kashiwazaki, Hiroki
A2 - Yang, Ji-Jiang
A2 - Takemoto, Michiharu
A2 - Sakib, Nazmus
A2 - Banno, Ryohei
A2 - Ahamed, Sheikh Iqbal
PB - IEEE Computer Society
T2 - 47th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2023
Y2 - 26 June 2023 through 30 June 2023
ER -