Info
Motivation
- Programs must be long to increase fuzzing throughput.
- Programs must be complex to increase the probability of triggering a bug.
- The fuzzer must reliably and efficiently detect bugs once triggered.
Pitfalls of existing fuzzers
- Programs are short by design with trivial control flows.
- The executed portion of the programs is short because the control flow is poorly managed.
- Most instructions are not randomized and correspond to initialization and finalization.
- Only a small part of the ISA is covered.
- The CPU state is checked at instruction granularity, significantly impacting the fuzzing performance.
- Bugs have a high chance of being shadowed because their expression is eventually overwritten in the control flow.