AFL Extended with Test Case Prioritization Techniques

Abstract

 Abstract—Fuzzing is an efficient testing technique to expose bugs and vulnerabilities, and fuzzers extended with coverage information can generate interesting results and find potential bugs in programs. However, previous coverage-based fuzzers, such as American Fuzzy Lop (AFL), fail to realize the importance of the order of input test cases or they are unable to adopt significant and useful coverage information, so some of them suffer from dramatically poor performance. Meanwhile, the main idea of test case prioritization (TCP) in the field of software testing is to rank the test cases according to a certain rule, helping expose bugs and vulnerabilities. Thus our work concentrates on complementing AFL with the characteristics of TCP and improving the performance of the original AFL. In this paper, we present a brand-new fuzzing technique combining essential and practical coverage information and prioritization properties commonly used in TCP, which funda-mentally enhancing the process of creating new test cases and finding bugs. We implement our method by extending state-of-the-art fuzzer AFL with TCP techniques and evaluate it on 6 widely-used and open source programs from GNU. We conduct experiments on 6 target programs to illustrate our performance on bug detection. On all of these experiments, improvement of our method is witnessed and significantly better outcomes are generated.