Filters








7 Hits in 1.8 sec

QuickFuzz: an automatic random fuzzer for common file formats

Gustavo Grieco, Martín Ceresa, Pablo Buiras
2016 Proceedings of the 9th International Symposium on Haskell - Haskell 2016  
QuickFuzz is a fuzzer that leverages QuickCheck-style random test-case generation to automatically test programs that manipulate common file formats by fuzzing.  ...  In addition, we introduce a mechanism to automatically derive random generators for the types representing these formats.  ...  Acknowledgments We would like to thank Alejandro Russo and Daniel Schoepe for interesting discussions, as well as the anonymous reviewers for their useful feedback and comments.  ... 
doi:10.1145/2976002.2976017 dblp:conf/haskell/GriecoCB16 fatcat:fd33bgrvrjah7kbswixtxo2zym

QuickFuzz: an automatic random fuzzer for common file formats

Gustavo Grieco, Martín Ceresa, Pablo Buiras
2016 SIGPLAN notices  
QuickFuzz is a fuzzer that leverages QuickCheck-style random test-case generation to automatically test programs that manipulate common file formats by fuzzing.  ...  In addition, we introduce a mechanism to automatically derive random generators for the types representing these formats.  ...  Acknowledgments We would like to thank Alejandro Russo and Daniel Schoepe for interesting discussions, as well as the anonymous reviewers for their useful feedback and comments.  ... 
doi:10.1145/3241625.2976017 fatcat:54gmjqwybfhr7es5jvumc5ihwa

UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers [article]

Yuwei Li, Shouling Ji, Yuan Chen, Sizhuang Liang, Wei-Han Lee, Yueyao Chen, Chenyang Lyu, Chunming Wu, Raheem Beyah, Peng Cheng, Kangjie Lu, Ting Wang
2020 arXiv   pre-print
In this paper, we design and develop UNIFUZZ, an open-source and metrics-driven platform for assessing fuzzers in a comprehensive and quantitative manner.  ...  To date, it is however still challenging to compare fuzzers due to the inconsistency of the benchmarks, performance metrics, and/or environments for evaluation, which buries the useful insights and thus  ...  Acknowledgments We sincerely appreciate the anonymous reviewers for their valuable comments to improve our paper.  ... 
arXiv:2010.01785v1 fatcat:krrt244bqnceziadu3ftrvivrq

The Art, Science, and Engineering of Fuzzing: A Survey [article]

Valentin J.M. Manes, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, Maverick Woo
2019 arXiv   pre-print
We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective  ...  QuickFuzz [94] utilizes existing Haskell libraries that describe file formats when generating test cases.  ...  Many file formats have corresponding encoder programs, which can be thought of as an implicit model of the file format.  ... 
arXiv:1812.00140v4 fatcat:zk2ow477dffc5pllixqigz24ba

Evaluating Fuzz Testing [article]

George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, Michael Hicks
2018 arXiv   pre-print
We then performed our own extensive experimental evaluation using an existing fuzzer.  ...  Such new ideas are primarily evaluated experimentally so an important question is: What experimental setup is needed to produce trustworthy results?  ...  We thank Marcel Böhme and Abhik Roychoudhury for their help with AFLFast.  ... 
arXiv:1808.09700v2 fatcat:i266zlc72jbvbhe7o7hgyzpbnm

Corpus Distillation for Effective Fuzzing: A Comparative Evaluation [article]

Adrian Herrera, Hendra Gunadi, Liam Hayes, Shane Magrath, Felix Friedlander, Maggi Sebastian, Michael Norrish, Antony L. Hosking
2020 arXiv   pre-print
formats across 16 programs.  ...  Our experiments compare the effectiveness of distillation approaches, targeting the Google Fuzzer Test Suite and a diverse set of six real-world libraries and programs, covering 13 different input file  ...  For image files, crawling started with Google search results and the Wikimedia Commons repository.  ... 
arXiv:1905.13055v2 fatcat:rgzkznvip5fdlfndwsxuennjta

Magma: A Ground-Truth Fuzzing Benchmark [article]

Ahmad Hazimeh, Adrian Herrera, Mathias Payer
2020 arXiv   pre-print
By introducing real bugs into real software, Magma allows for realistic evaluation of fuzzers against a broad set of targets.  ...  Magma is an open benchmark consisting of seven targets that perform a variety of input manipulations and complex computations, presenting a challenge to state-of-the-art fuzzers.  ...  For example, grammar-based fuzzers (e.g., Superion [55] , Peachfuzz [37] , and QuickFuzz [21] ) leverage the target program's input format (which must be specified a priori) to intelligently craft inputs  ... 
arXiv:2009.01120v1 fatcat:5uskgzhfnjhejask3ymynh6sha