@inproceedings{76b6251ec6374bfdb511342138302148,
title = "SAFL: Increasing and accelerating testing coverage with symbolic execution and guided fuzzing",
abstract = "Mutation-based fuzzing is a widely used software testing technique for bug and vulnerability detection, and the testing performance is greatly affected by the quality of initial seeds and the effectiveness of mutation strategy. In this paper, we present SAFL1, an efficient fuzzing testing tool augmented with qualified seed generation and efficient coverage-directed mutation. First, symbolic execution is used in a lightweight approach to generate qualified initial seeds. Valuable explore directions are learned from the seeds, thus the later fuzzing process can reach deep paths in program state space earlier and easier. Moreover, we implement a fair and fast coverage-directed mutation algorithm. It helps the fuzzing process to exercise rare and deep paths with higher probability. We implement SAFL based on KLEE and AFL and conduct thoroughly repeated evaluations on real-world program benchmarks against state-of-The-Art versions of AFL. After 24 hours, compared to AFL and AFLFast, it discovers 214\% and 133\% more unique crashes, covers 109\% and 63\% more paths and achieves 279\% and 180\% more covered branches. Video link: https://youtu.be/LkiFLNMBhVE.",
keywords = "Software testing, Symbolic execution, greybox fuzzing",
author = "Mingzhe Wang and Jie Liang and Yuanliang Chen and Yu Jiang and Xun Jiao and Han Liu and Xibin Zhao and Jiaguang Sun",
note = "Publisher Copyright: {\textcopyright} 2018 Authors.; 40th ACM/IEEE International Conference on Software Engineering, ICSE 2018 ; Conference date: 27-05-2018 Through 03-06-2018",
year = "2018",
month = may,
day = "27",
doi = "10.1145/3183440.3183494",
language = "英语",
series = "Proceedings - International Conference on Software Engineering",
publisher = "IEEE Computer Society",
pages = "61--64",
booktitle = "Proceedings - International Conference on Software Engineering",
address = "美国",
}