AFGen: Whole-Function Fuzzing for Applications and Libraries
Yuwei Liu, Yanhao Wang, Xiangkun Jia, Zheng Zhang, Purui Su
IEEE Symposium on Security and Privacy 2024 · Day 2 · Continental Ballroom 4
In the realm of software security, **fuzzing** has long stood as a cornerstone technique for discovering vulnerabilities by feeding programs with malformed or unexpected inputs. Despite its widespread adoption and proven efficacy, traditional fuzzing approaches often struggle to achieve comprehensive code coverage, particularly at the granular level of individual functions within complex applications and libraries. This limitation significantly hampers the discovery of deep-seated bugs that reside in less frequently executed code paths or those requiring specific, intricate input sequences to trigger. The talk "AFGen: Whole-Function Fuzzing for Applications and Libraries" introduces a novel solution to this pervasive challenge, proposing a method to systematically fuzz *all* functions within a target program.
AI review
This research on AFGen presents a groundbreaking approach to whole-function fuzzing, tackling the long-standing challenge of automated harness generation for *all* internal functions. By combining intelligent slicing, variable assignment, and crucial constraint tracing, AFGen achieves superior vulnerability discovery and precision, making it a critical advancement for software security.