FuSeBMC v4: Improving code coverage with smart seeds via fuzzing and static analysis

Bounded model checking (BMC) and fuzzing techniques are among the most effective methods for detecting errors and security vulnerabilities in software. However, there is still a shortcoming in detecting these errors due to the inability to cover large areas in the target code. Coverage standards and measures are also an excellent way to ascertain the effectiveness of the test suite. We propose FuSeBMC v4, a test generator that relies on smart seeds to improve the hybrid fuzzer to achieve high C programs coverage. First, FuSeBMC analyses and incrementally injects goal labels into the given C program to guide BMC and Evolutionary Fuzzing engines. Also, It ranks these goal labels according to the given strategy. After that, the engines are employed to produce smart seeds quickly to use later. Then, FuSeBMC coordinates between the engines and seed distribution by the Tracer. This Tracer generally manages the tool to record the goals covered and transfer the information between the engines by providing a shared memory to harness the power and take advantage of the power of each engine. So that the BMC engine helps give the seed that makes the fuzzing engine not struggle with complex mathematical guards. Furthermore, Tracer evaluates test cases dynamically to convert high-impact cases into seeds for subsequent test fuzzing. As a result, we received three awards for participation in the fourth international competition in software testing (Test-Comp 2022), outperforming all state-of-the-art tools in every category, including the coverage category.