• Corpus ID: 245334764

FuSeBMC v.4: Smart Seed Generation for Hybrid Fuzzing

  title={FuSeBMC v.4: Smart Seed Generation for Hybrid Fuzzing},
  author={Kaled M. Alshmrany and Mohannad Aldughaim and Ahmed Bhayat and Lucas C. Cordeiro},
FuSeBMC is a test generator for finding security vulnerabilities in C programs. In earlier work [4], we described a previous version that incrementally injected labels to guide Bounded Model Checking (BMC) and Evolutionary Fuzzing engines to produce test cases for code coverage and bug finding. This paper introduces a new version of FuSeBMC that utilizes both engines to produce smart seeds. First, the engines are run with a short time limit on a lightly instrumented version of the program to… 

Figures from this paper

FuSeBMC v4: Improving code coverage with smart seeds via fuzzing and static analysis

FuSeBMC v4 is proposed, a test generator that relies on smart seeds to improve the hybrid fuzzer to achieve high C programs coverage and received three awards for participation in the fourth international competition in software testing (Test-Comp 2022), outperforming all state-of-the-art tools in every category.

Advances in Automatic Software Testing: Test-Comp 2022

The results of the competition shall be reproducible and provide an overview of the current state of the art in the area of automatic test-generation.



FuSeBMC: An Energy-Efficient Test Generator for Finding Security Vulnerabilities in C Programs

A novel approach to automated test generation that exploits fuzzing and Bounded Model Checking (BMC) engines to detect security vulnerabilities in C programs is described and evaluated.

Directed Greybox Fuzzing

This paper introduces Directed Greybox Fuzzing (DGF) which generates inputs with the objective of reaching a given set of target program locations efficiently, and develops and evaluates a simulated annealing-based power schedule that gradually assigns more energy to seeds that are closer to the target locations while reducing energy for Seeds that are further away.

SMT-Based Bounded Model Checking for Embedded ANSI-C Software

This work proposes the application of different background theories and SMT solvers to the verification of embedded software written in ANSI-C in order to improve scalability and precision in a completely automatic way and shows that the ESBMC model checker can analyze larger problems than existing tools and substantially reduce the verification time.

Status Report on Software Testing: Test-Comp 2021

The competition has a strong focus on reproducibility of its results and its main goal is to provide an overview of the current state of the art in the area of automatic test-generation.

ESBMC: Scalable and precise test generation based on the floatingpoint theory:(competition contribution)

  • FASE
  • 2020

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

A novel white-box fuzzer for C programs named FuSeBMC is described and evaluated, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs.

A Test Case Generation Process and Technique

Bounded model checking

A considerable part of this chapter discusses complete extensions, including k-induction and interpolation, which allow to prove properties in Bounded Model Checking.

Clang documentation

  • 2015

ESBMC v 6 . 0 : Verifying c programs using k - induction and invariant inference