RIMFuzz: real-time impact-aware mutation for library API fuzzing

As libraries merely expose APIs to developers rather than directly handling user input, applying fuzzing to libraries requires fuzz drivers to help process fuzzer-provided input and invoke APIs. To reduce manual effort and avoid reliance on additional samples, some techniques generate fuzz drivers d...

Full description

Saved in:
Bibliographic Details
Published inJournal of King Saud University. Computer and information sciences Vol. 37; no. 4; pp. 1 - 17
Main Authors Wang, Xiaoke, Zhao, Lei
Format Journal Article
LanguageEnglish
Published Cham Springer International Publishing 01.06.2025
Springer
Subjects
Computer Imaging
Computer Science
Database Management
Fuzz driver generation
Library fuzzing
Machine Learning
Original Paper
Pattern Recognition and Graphics
Software Engineering/Programming and Operating Systems
Software security
Systems and Data Security
Theory of Computation
Vision
Vulnerability detection
Library fuzzing
Fuzz driver generation
Vulnerability detection
Software security
Online AccessGet full text

Cover

More Information
Summary:As libraries merely expose APIs to developers rather than directly handling user input, applying fuzzing to libraries requires fuzz drivers to help process fuzzer-provided input and invoke APIs. To reduce manual effort and avoid reliance on additional samples, some techniques generate fuzz drivers during fuzzing by modeling the test cases to describe API calls and permitting the mutation on the execution sequence as well as argument values of API calls. However, such techniques schedule the sequence and value mutation via inflexible thresholds and randomly select the objects for mutators, which fails to consider the importance of sequence and value mutation in varying stages of fuzzing and the inherent differences between APIs. In this work, we present RIMFuzz , which employs a real-time impact-aware mutation strategy for library API fuzzing. Specifically, RIMFuzz  infers the real-time impact of APIs on coverage during fuzzing, while capturing the benefits of mutations on the impact. Based on the dynamic feedback that sequence and value mutation bring to the impact, RIMFuzz  adjusts the probability of selecting them accordingly. Moreover, both the activated impact of each API and the number of times the API has been selected are considered to determine which object is to be operated by distinct mutators. The experimental results show that RIMFuzz  outperforms baselines in code coverage and can be applied to test real-world libraries at a minor development cost. With the help of RIMFuzz , we reported 11 new bugs to the corresponding maintainers, of which 9 have been fixed.
ISSN:1319-1578
2213-1248
DOI:10.1007/s44443-025-00050-1