Zhang, BinFeng, ChaoHerrera, AdrianChipounov, VitalyCandea, GeorgeTang, Chaojing2018-12-292018-12-292018-12-292018-12-0110.1049/iet-sen.2017.0200https://infoscience.epfl.ch/handle/20.500.14299/153265WOS:000452742700008Coverage-based fuzz testing and dynamic symbolic execution are both popular program testing techniques. However, on their own, both techniques suffer from scalability problems when considering the complexity of modern software. Hybrid testing methods attempt to mitigate these problems by leveraging dynamic symbolic execution to assist fuzz testing. Unfortunately, the efficiency of such methods is still limited by specific program structures and the schedule of seed files. In this study, the authors introduce a novel lazy symbolic pointer concretisation method and a symbolic loop bucket optimisation to mitigate path explosion caused by dynamic symbolic execution in hybrid testing. They also propose a distance-based seed selection method to rearrange the seed queue of the fuzzer engine in order to achieve higher coverage. They implemented a prototype and evaluate its ability to find vulnerabilities in software and cover new execution paths. They show on different benchmarks that it can find more crashes than other off-the-shelf vulnerability detection tools. They also show that the proposed method can discover 43% more unique paths than vanilla fuzz testing.Computer Science, Software EngineeringComputer Scienceprogram testingsecurity of dataprogram debuggingfuzzy set theorysymbolic loop bucket optimisationseed selection methodexecution pathsvanilla fuzz testingpopular program testing techniquesdynamic symbolic executionhybrid testing methodslazy symbolic pointer concretisation methoddeeper bugscoverage-based fuzz testingmodern software complexityprogram structuresseed filesoff-the-shelf vulnerability detection toolsprioritizationtext::journal::journal article::research article