RIMFuzz: real-time impact-aware mutation for library API fuzzing
Abstract As libraries merely expose APIs to developers rather than directly handling user input, applying fuzzing to libraries requires fuzz drivers to help process fuzzer-provided input and invoke APIs. To reduce manual effort and avoid reliance on additional samples, some techniques generate fuzz...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer
2025-06-01
|
| Series: | Journal of King Saud University: Computer and Information Sciences |
| Subjects: | |
| Online Access: | https://doi.org/10.1007/s44443-025-00050-1 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Abstract As libraries merely expose APIs to developers rather than directly handling user input, applying fuzzing to libraries requires fuzz drivers to help process fuzzer-provided input and invoke APIs. To reduce manual effort and avoid reliance on additional samples, some techniques generate fuzz drivers during fuzzing by modeling the test cases to describe API calls and permitting the mutation on the execution sequence as well as argument values of API calls. However, such techniques schedule the sequence and value mutation via inflexible thresholds and randomly select the objects for mutators, which fails to consider the importance of sequence and value mutation in varying stages of fuzzing and the inherent differences between APIs. In this work, we present RIMFuzz, which employs a real-time impact-aware mutation strategy for library API fuzzing. Specifically, RIMFuzz infers the real-time impact of APIs on coverage during fuzzing, while capturing the benefits of mutations on the impact. Based on the dynamic feedback that sequence and value mutation bring to the impact, RIMFuzz adjusts the probability of selecting them accordingly. Moreover, both the activated impact of each API and the number of times the API has been selected are considered to determine which object is to be operated by distinct mutators. The experimental results show that RIMFuzz outperforms baselines in code coverage and can be applied to test real-world libraries at a minor development cost. With the help of RIMFuzz, we reported 11 new bugs to the corresponding maintainers, of which 9 have been fixed. |
|---|---|
| ISSN: | 1319-1578 2213-1248 |