FUDGE: Fuzz Driver Generation at Scale
[PDF]
[PS] [PS.BZ2]
[VIEW]
Bibtex:
@inproceedings{esecfse19fudge,
author = {Domagoj Babi\'c and Stefan Bucur and Yaohui Chen and Franjo Ivan\v{c}i\'c and
Tim King and Markus Kusano and Caroline Lemieux and L\'aszl\'o Szekeres and Wei Wang},
title = {{FUDGE: Fuzz Driver Generation at Scale}},
booktitle = {ESEC/FSE'19: Proc. of the 27th ACM Joint European Software Engineering
Conference and Symposium on the Foundations of Software Engineering},
year = {2019},
location = {Tallinn, Estonia}
}
Abstract:
At Google we have found tens of thousands of security and robustness bugs by fuzzing C and C++ libraries. To fuzz a library, a fuzzer requires a fuzz driver—which exercises some library code—to which it can pass inputs. Unfortunately, writing fuzz drivers remains a primarily manual exercise, a major hindrance to the widespread adoption of fuzzing. In this paper, we address this major hindrance by introducing the Fudge system for automated fuzz driver generation. Fudge automatically generates fuzz driver candidates for libraries based on existing client code. We have used Fudge to generate thousands of new drivers for a wide variety of libraries.
Each generated driver includes a synthesized C/C++ program and a corresponding build script, and is automatically analyzed for quality. Developers have integrated over 200 of these generated drivers into continuous fuzzing services and have committed to address reported security bugs. Further, several of these fuzz drivers have been upstreamed to open source projects and integrated into the OSS-Fuzz fuzzing infrastructure. Running these fuzz drivers has resulted in over 150 bug fixes, including the elimination of numerous exploitable security vulnerabilities.