The performance of the AFL++ CmpLog feature varies considerably for specific programs under test (PUTs). In this paper it is demonstrated that the main cause of the poor performance is low seed entropy, and a lack of deduplication of magic bytes candidates. An improvement is proposed by mapping comparisons to input bytes, in order to track which comparisons are controlled by what input bytes. This mapping is then used to fuzz only the comparison values that are magic byte candidates for that input part. Second, a caching mechanism is introduced to reduce the number of redundant executions. The evaluation of the improved versions shows a significant coverage gain compared to the original AFL++ implementation of CmpLog for all PUTs, without breaking functionality. The proposed solution in this paper provides a solid basis for a redesign of CmpLog.
翻译:ALF++ CmpLog 特性的性能在测试中的具体方案(PUTs)上差异很大。 本文表明,表现不佳的主要原因是种子灵敏度低,而且魔法字节候选人不易复制。 提议通过对输入字节进行绘图比较加以改进, 以便跟踪哪些比较受输入字节的控制。 然后, 绘制该图仅用来模糊该输入部分的神奇字节候选者的比较值。 其次, 引入一个缓存机制, 以减少多余的处决数量。 对改进版本的评估显示,与原用所有PUTs 的 ALF++ 执行 CmpLog相比,覆盖率大增, 但没有中断功能。 本文中提议的解决方案为重新设计 CmpLog 提供了坚实的基础 。
相关内容
微信扫码咨询专知VIP会员