Repository logo

Infoscience

  • English
  • French
Log In
Logo EPFL, École polytechnique fédérale de Lausanne

Infoscience

  • English
  • French
Log In
  1. Home
  2. Academic and Research Output
  3. Conferences, Workshops, Symposiums, and Seminars
  4. FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
 
Loading...
Thumbnail Image
conference paper

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing

Jeon, Yuseok
•
Han, Wookhyun
•
Burow, Nathan
Show more
January 1, 2020
Proceedings Of The 2020 Usenix Annual Technical Conference
USENIX Annual Technical Conference

Fuzzing is one of the most popular and effective techniques for finding software bugs. To detect triggered bugs, fuzzers leverage a variety of sanitizers in practice. Unfortunately, sanitizers target long running experiments-e.g., developer test suites-not fuzzing, where execution time is highly variable ranging from extremely short to long. Design decisions made for developer test suites introduce high overhead on short lived fuzzing executions, decreasing the fuzzer's throughput and thereby reducing effectiveness.

The root cause of this sanitization overhead is the heavyweight metadata structure that is optimized for frequent metadata operations over long executions. To address this, we design new metadata structures for sanitizers, and propose FuZZan to automatically select the optimal metadata structure without any user configuration. Our new metadata structures have the same bug detection capabilities as the ones they replace. We implement and apply these ideas to Address Sanitizer (ASan), which is the most popular sanitizer.

Our evaluation shows that on the Google fuzzer test suite, FuZZan improves fuzzing throughput over ASan by 48% starting with Google's provided seeds (52% when starting with empty seeds on the same applications). Due to this improved throughput, FuZZan discovers 13% more unique paths given the same 24 hours and finds bugs 42% faster. Furthermore, FuZZan catches all bugs ASan does; i.e., we have not traded precision for performance. Our findings show that sanitizer performance overhead is avoidable when metadata structures are designed for fuzzing, and that the performance difference will have a meaningful difference in squashing software bugs.

  • Details
  • Metrics
Type
conference paper
Web of Science ID

WOS:000696712200017

Author(s)
Jeon, Yuseok
•
Han, Wookhyun
•
Burow, Nathan
•
Payer, Mathias  
Date Issued

2020-01-01

Publisher

USENIX ASSOC

Publisher place

Berkeley

Published in
Proceedings Of The 2020 Usenix Annual Technical Conference
ISBN of the book

978-1-939133-14-4

Start page

249

End page

263

Peer reviewed

REVIEWED

Written at

EPFL

EPFL units
HEXHIVE  
Event nameEvent placeEvent date
USENIX Annual Technical Conference

ELECTR NETWORK

Jul 15-17, 2020

Available on Infoscience
October 9, 2021
Use this identifier to reference this record
https://infoscience.epfl.ch/handle/20.500.14299/182036
Logo EPFL, École polytechnique fédérale de Lausanne
  • Contact
  • infoscience@epfl.ch

  • Follow us on Facebook
  • Follow us on Instagram
  • Follow us on LinkedIn
  • Follow us on X
  • Follow us on Youtube
AccessibilityLegal noticePrivacy policyCookie settingsEnd User AgreementGet helpFeedback

Infoscience is a service managed and provided by the Library and IT Services of EPFL. © EPFL, tous droits réservés