Robustness is a key concern for Rust library development because Rust promises no risks of undefined behaviors if developers use safe APIs only. Fuzzing is a practical approach for examining the robustness of programs. However, existing fuzzing tools are not directly applicable to library APIs due to the absence of fuzz targets. It mainly relies on human efforts to design fuzz targets case by case which is labor-intensive. To address this problem, this paper proposes a novel automated fuzz target generation approach for fuzzing Rust libraries via API dependency graph traversal. We identify several essential requirements for library fuzzing, including validity and effectiveness of fuzz targets, high API coverage, and efficiency. To meet these requirements, we first employ breadth-first search with pruning to find API sequences under a length threshold, then we backward search longer sequences for uncovered APIs, and finally we optimize the sequence set as a set covering problem. We implement our fuzz target generator and conduct fuzzing experiments with AFL++ on several real-world popular Rust projects. Our tool finally generates 7 to 118 fuzz targets for each library with API coverage up to 0.92. We exercise each target with a threshold of 24 hours and find 30 previously-unknown bugs from seven libraries.
翻译:强力是鲁斯特图书馆发展的关键关切, 因为鲁斯特( Rust) 不承诺如果开发者只使用安全的 API, 就会有未定义的行为风险。 模糊是检查程序是否稳健的实用方法。 但是, 由于没有模糊的目标, 现有的模糊工具并不直接适用于图书馆 API 。 它主要依靠人的努力来设计模糊目标, 具体个案是劳动密集型的。 为了解决这个问题, 本文建议了一个新的自动化的自动模糊目标生成方法, 通过 API 依赖性图 Traperal 来模糊鲁斯特 图书馆。 我们确定了图书馆模糊的几项基本要求, 包括模糊目标的有效性和有效性、 高 API 覆盖率和效率。 为了满足这些要求, 我们首先使用宽度的第一次搜索, 在长度阈值下找到 API 序列, 然后我们向后向后搜索被破获的 API 的更长时间序列, 最后我们优化了设置的序列, 以覆盖问题来覆盖问题。 我们实施了我们的模糊目标, 与 AFL++ 在若干真实世界流行的 Rest 项目中进行模糊的实验。 我们的工具最终生成了 7至118 30 目标, 每个图书馆都以 0. 2 。