Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling

Jie Liang; Mingzhe Wang; Chijin Zhou; Zhiyong Wu; Jianzhong Liu; Yu Jiang

doi:10.1145/3663529.3663844

Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling

Jie Liang
, Mingzhe Wang
, Chijin Zhou
, Zhiyong Wu
, Jianzhong Liu
, Yu Jiang^*

^*Corresponding author for this work

Tsinghua University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

Taint analysis significantly enhances the capacity of fuzzing to navigate intricate constraints and delve into the state spaces of the target program. However, practical scenarios involving taint analysis based fuzzers with the common parallel mode still have limitations in terms of overall throughput. These limitations primarily stem from redundant taint analyses and mutations among different fuzzer instances. In this paper, we propose Dodrio, a framework that parallelizes taint analysis based fuzzing. The main idea is to schedule fuzzing tasks in a balanced way by exploiting real-time global state. It consists of two modules: real-time synchronization and load-balanced task dispatch. Real-time synchronization updates global states among all instances by utilizing dual global coverage bitmaps to reduce data race. Based on the global state, load-balanced task dispatch efficiently allocates different tasks to different instances, thereby minimizing redundant behaviors and maximizing the utilization of computing resources. We evaluated Dodrio on real-world programs both in Google’s fuzzer-test-suite and FuzzBench against AFL’s classical parallel mode, PAFL, and Ye’s PAFL on parallelizing two taint analysis based fuzzer FairFuzz and PATA. The results show that Dodrio achieved an average speedup of 123%–398% in covering basic blocks compared to others. Based on the speedup, Dodrio found 5%–16% more basic blocks. We also assessed the scalability of Dodrio. With the same resources, the coverage improvement increases from 4% to 35% when the number of instances in parallel (i.e., CPU cores) increases from 4 to 64, compared to the classical parallel mode.

Original language	English
Title of host publication	FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering
Editors	Marcelo d�Amorim
Publisher	Association for Computing Machinery, Inc
Pages	244-254
Number of pages	11
ISBN (Electronic)	9798400706585
DOIs	https://doi.org/10.1145/3663529.3663844
State	Published - 10 Jul 2024
Externally published	Yes
Event	32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion - Porto de Galinhas, Brazil Duration: 15 Jul 2024 → 19 Jul 2024

Publication series

Name	FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering

Conference

Conference	32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion
Country/Territory	Brazil
City	Porto de Galinhas
Period	15/07/24 → 19/07/24

Keywords

Fuzzing
Parallel
Software Testing

Access to Document

10.1145/3663529.3663844

Cite this

Liang, J., Wang, M., Zhou, C., Wu, Z., Liu, J., & Jiang, Y. (2024). Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling. In M. d�Amorim (Ed.), FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering (pp. 244-254). (FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering). Association for Computing Machinery, Inc. https://doi.org/10.1145/3663529.3663844

Liang, Jie ; Wang, Mingzhe ; Zhou, Chijin et al. / Dodrio : Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling. FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering. editor / Marcelo d�Amorim. Association for Computing Machinery, Inc, 2024. pp. 244-254 (FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering).

@inproceedings{4cb71475806d470aae72ea663a72c457,

title = "Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling",

abstract = "Taint analysis significantly enhances the capacity of fuzzing to navigate intricate constraints and delve into the state spaces of the target program. However, practical scenarios involving taint analysis based fuzzers with the common parallel mode still have limitations in terms of overall throughput. These limitations primarily stem from redundant taint analyses and mutations among different fuzzer instances. In this paper, we propose Dodrio, a framework that parallelizes taint analysis based fuzzing. The main idea is to schedule fuzzing tasks in a balanced way by exploiting real-time global state. It consists of two modules: real-time synchronization and load-balanced task dispatch. Real-time synchronization updates global states among all instances by utilizing dual global coverage bitmaps to reduce data race. Based on the global state, load-balanced task dispatch efficiently allocates different tasks to different instances, thereby minimizing redundant behaviors and maximizing the utilization of computing resources. We evaluated Dodrio on real-world programs both in Google{\textquoteright}s fuzzer-test-suite and FuzzBench against AFL{\textquoteright}s classical parallel mode, PAFL, and Ye{\textquoteright}s PAFL on parallelizing two taint analysis based fuzzer FairFuzz and PATA. The results show that Dodrio achieved an average speedup of 123\%–398\% in covering basic blocks compared to others. Based on the speedup, Dodrio found 5\%–16\% more basic blocks. We also assessed the scalability of Dodrio. With the same resources, the coverage improvement increases from 4\% to 35\% when the number of instances in parallel (i.e., CPU cores) increases from 4 to 64, compared to the classical parallel mode.",

keywords = "Fuzzing, Parallel, Software Testing",

author = "Jie Liang and Mingzhe Wang and Chijin Zhou and Zhiyong Wu and Jianzhong Liu and Yu Jiang",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion ; Conference date: 15-07-2024 Through 19-07-2024",

year = "2024",

month = jul,

day = "10",

doi = "10.1145/3663529.3663844",

language = "英语",

series = "FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering",

publisher = "Association for Computing Machinery, Inc",

pages = "244--254",

editor = "Marcelo d�Amorim",

booktitle = "FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering",

}

Liang, J, Wang, M, Zhou, C, Wu, Z, Liu, J & Jiang, Y 2024, Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling. in M d�Amorim (ed.), FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering. FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering, Association for Computing Machinery, Inc, pp. 244-254, 32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion, Porto de Galinhas, Brazil, 15/07/24. https://doi.org/10.1145/3663529.3663844

Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling. / Liang, Jie; Wang, Mingzhe; Zhou, Chijin et al.
FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering. ed. / Marcelo d�Amorim. Association for Computing Machinery, Inc, 2024. p. 244-254 (FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Dodrio

T2 - 32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion

AU - Liang, Jie

AU - Wang, Mingzhe

AU - Zhou, Chijin

AU - Wu, Zhiyong

AU - Liu, Jianzhong

AU - Jiang, Yu

PY - 2024/7/10

Y1 - 2024/7/10

N2 - Taint analysis significantly enhances the capacity of fuzzing to navigate intricate constraints and delve into the state spaces of the target program. However, practical scenarios involving taint analysis based fuzzers with the common parallel mode still have limitations in terms of overall throughput. These limitations primarily stem from redundant taint analyses and mutations among different fuzzer instances. In this paper, we propose Dodrio, a framework that parallelizes taint analysis based fuzzing. The main idea is to schedule fuzzing tasks in a balanced way by exploiting real-time global state. It consists of two modules: real-time synchronization and load-balanced task dispatch. Real-time synchronization updates global states among all instances by utilizing dual global coverage bitmaps to reduce data race. Based on the global state, load-balanced task dispatch efficiently allocates different tasks to different instances, thereby minimizing redundant behaviors and maximizing the utilization of computing resources. We evaluated Dodrio on real-world programs both in Google’s fuzzer-test-suite and FuzzBench against AFL’s classical parallel mode, PAFL, and Ye’s PAFL on parallelizing two taint analysis based fuzzer FairFuzz and PATA. The results show that Dodrio achieved an average speedup of 123%–398% in covering basic blocks compared to others. Based on the speedup, Dodrio found 5%–16% more basic blocks. We also assessed the scalability of Dodrio. With the same resources, the coverage improvement increases from 4% to 35% when the number of instances in parallel (i.e., CPU cores) increases from 4 to 64, compared to the classical parallel mode.

AB - Taint analysis significantly enhances the capacity of fuzzing to navigate intricate constraints and delve into the state spaces of the target program. However, practical scenarios involving taint analysis based fuzzers with the common parallel mode still have limitations in terms of overall throughput. These limitations primarily stem from redundant taint analyses and mutations among different fuzzer instances. In this paper, we propose Dodrio, a framework that parallelizes taint analysis based fuzzing. The main idea is to schedule fuzzing tasks in a balanced way by exploiting real-time global state. It consists of two modules: real-time synchronization and load-balanced task dispatch. Real-time synchronization updates global states among all instances by utilizing dual global coverage bitmaps to reduce data race. Based on the global state, load-balanced task dispatch efficiently allocates different tasks to different instances, thereby minimizing redundant behaviors and maximizing the utilization of computing resources. We evaluated Dodrio on real-world programs both in Google’s fuzzer-test-suite and FuzzBench against AFL’s classical parallel mode, PAFL, and Ye’s PAFL on parallelizing two taint analysis based fuzzer FairFuzz and PATA. The results show that Dodrio achieved an average speedup of 123%–398% in covering basic blocks compared to others. Based on the speedup, Dodrio found 5%–16% more basic blocks. We also assessed the scalability of Dodrio. With the same resources, the coverage improvement increases from 4% to 35% when the number of instances in parallel (i.e., CPU cores) increases from 4 to 64, compared to the classical parallel mode.

KW - Fuzzing

KW - Parallel

KW - Software Testing

UR - https://www.scopus.com/pages/publications/85199058963

U2 - 10.1145/3663529.3663844

DO - 10.1145/3663529.3663844

M3 - 会议稿件

AN - SCOPUS:85199058963

T3 - FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering

SP - 244

EP - 254

BT - FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering

A2 - d�Amorim, Marcelo

PB - Association for Computing Machinery, Inc

Y2 - 15 July 2024 through 19 July 2024

ER -

Liang J, Wang M, Zhou C, Wu Z, Liu J, Jiang Y. Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling. In d�Amorim M, editor, FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering. Association for Computing Machinery, Inc. 2024. p. 244-254. (FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering). doi: 10.1145/3663529.3663844

Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this