FDSE v2 is a hybrid fuzzing tool that automatically generates high-coverage test suites for C programs. In prior work, we introduced an initial version of FDSE that used fuzzing-based pre-analysis to enhance symbolic execution. This paper presents FDSE v2, featuring a novel constraint tree component that more effectively coordinates the fuzzer and concolic execution engine, thereby reducing ineffective search in fuzzing. The constraint tree models the space of path constraints already explored by concolic execution and enables fine-grained partitioning of input variables based on their semantic relevance. During seed mutation, the fuzzer focuses only on the most important variable groups identified through this analysis. Concolic execution excels at navigating complex path conditions involving arithmetic or logical guards, while the fuzzer leverages the resulting high-quality seeds as starting points for deeper exploration under extended time budgets. By reducing redundant efforts between the two engines, FDSE v2 achieves significant improvements in both code coverage and vulnerability detection effectiveness.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

FDSE v2: Variable Importance Guided Hybrid Fuzzing (Competition Contribution)

  • Guofeng Zhang,
  • Zhenbang Chen,
  • Ji Wang

摘要

FDSE v2 is a hybrid fuzzing tool that automatically generates high-coverage test suites for C programs. In prior work, we introduced an initial version of FDSE that used fuzzing-based pre-analysis to enhance symbolic execution. This paper presents FDSE v2, featuring a novel constraint tree component that more effectively coordinates the fuzzer and concolic execution engine, thereby reducing ineffective search in fuzzing. The constraint tree models the space of path constraints already explored by concolic execution and enables fine-grained partitioning of input variables based on their semantic relevance. During seed mutation, the fuzzer focuses only on the most important variable groups identified through this analysis. Concolic execution excels at navigating complex path conditions involving arithmetic or logical guards, while the fuzzer leverages the resulting high-quality seeds as starting points for deeper exploration under extended time budgets. By reducing redundant efforts between the two engines, FDSE v2 achieves significant improvements in both code coverage and vulnerability detection effectiveness.