FuSeBMC is a test generator for finding security vulnerabilities in C programs. In earlier work [4], we described a previous version that incrementally injected labels to guide Bounded Model Checking (BMC) and Evolutionary Fuzzing engines to produce test cases for code coverage and bug finding. This paper introduces a new version of FuSeBMC that utilizes both engines to produce smart seeds. First, the engines are run with a short time limit on a lightly instrumented version of the program to produce the seeds. The BMC engine is particularly useful in producing seeds that can pass through complex mathematical guards. Then, FuSeBMC runs its engines with more extended time limits using the smart seeds created in the previous round. FuSeBMC manages this process in two main ways using its Tracer subsystem. Firstly, it uses shared memory to record the labels covered by each test case. Secondly, it evaluates test cases, and those of high impact are turned into seeds for subsequent test fuzzing. As a result, we significantly increased our code coverage score from last year, outperforming all tools that participated in this year's competition in every single category.
翻译:FOSBMC是C程序安全弱点的测试生成器。在早期的工作 [4] 中,我们描述了前一个版本,前一个版本是逐步注入标签,以指导Bounded Model Check(BMC)和进化模糊引擎,以生成代码覆盖和错误查找的测试案例。本文介绍了FOSBMC的新版本,该版本使用两种引擎来生成智能种子。首先,引擎运行时间短于一个简易仪器版本的程序,以生产种子。BMC引擎在生产通过复杂的数学卫士传递的种子方面特别有用。然后,FOSBMC使用上一轮生成的智能种子,以更长的时限运行引擎。FOSBMC以两种主要方式管理这一过程,即使用追踪系统子系统。首先,它使用共享记忆记录每个测试案例覆盖的标签。第二,它评估测试案例,高影响案例转化为种子,随后进行测试。结果,我们大幅提高了去年的代码覆盖率,超过了每年参加每个类别竞争的所有工具。
相关内容
微信扫码咨询专知VIP会员