Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
166 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Fuzz Driver Synthesis for Rust Generic APIs (2312.10676v2)

Published 17 Dec 2023 in cs.SE

Abstract: Fuzzing is a popular bug detection technique achieved by testing software executables with random inputs. This technique can also be extended to libraries by constructing executables that call library APIs, known as fuzz drivers. Automated fuzz driver synthesis has been an important research topic in recent years since it can facilitate the library fuzzing process. Nevertheless, existing approaches generally ignore generic APIs or simply treat them as normal APIs. As a result, they cannot generate effective fuzz drivers for generic APIs. This paper studies the automated fuzz driver synthesis problem for Rust libraries with generic APIs. The problem is essential because Rust emphasizes security, and generic APIs are widely employed in Rust crates. Each generic API can have numerous monomorphic versions as long as the type constraints are satisfied. The critical challenge to this problem lies in prioritizing these monomorphic versions and providing valid inputs for them. To address the problem, we extend existing API-dependency graphs to support generic APIs. By solving such dependencies and type constraints, we can generate a collection of candidate monomorphic APIs. Further, we apply a similarity-based filter to prune redundant versions, particularly if multiple monomorphic APIs adopt the identical trait implementation. Experimental results with 29 popular open-source libraries show that our approach can achieve promising generic API coverage with a low rate of invalid fuzz drivers. Besides, we find 23 bugs previously unknown in these libraries, with 18 bugs related to generic APIs.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (24)
  1. Rust Fuzzing Authority. 2023a. afl.rs. Retrieved Dec 16, 2023 from https://github.com/rust-fuzz/afl.rs
  2. Rust Fuzzing Authority. 2023b. Trophy Case. Retrieved Dec 16, 2023 from https://github.com/rust-fuzz/trophy-case
  3. FUDGE: fuzz driver generation at scale. In Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/SIGSOFT FSE 2019, Tallinn, Estonia, August 26-30, 2019. ACM, 975–985.
  4. RUDRA: finding memory safety bugs in Rust at the ecosystem scale. In Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles. 84–99.
  5. Hopper: Interpretative Fuzzing for Libraries. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 1600–1614.
  6. M. R. Garey and David S. Johnson. 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman.
  7. Google. 2020. Honggfuzz. Retrieved Dec 22, 2020 from https://github.com/google/honggfuzz
  8. Harrison Green and Thanassis Avgerinos. 2022. GraphFuzz: library API fuzzing with lifetime-aware dataflow graphs. In Proceedings of the 44th International Conference on Software Engineering. 1070–1081.
  9. FuzzGen: Automatic Fuzzer Generation. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020. USENIX Association, 2271–2287.
  10. RULF: Rust library fuzzing via API dependency graph traversal. In 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 581–592.
  11. Shea Leffler. 2017. Rust’s Type System is Turing-Complete. Retrieved Dec 12, 2023 from https://sdleffler.github.io/RustTypeSystemTuringComplete/
  12. Learning input tokens for effective fuzzing. In ISSTA ’20: 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, USA, July 18-22, 2020. ACM, 27–37.
  13. Zalewski Michal. 2015. American Fuzzy Lop. Retrieved Dec 22, 2020 from https://lcamtuf.coredump.cx/afl/
  14. Rust official team. 2023a. Associated Items. Retrieved Dec 16, 2023 from https://doc.rust-lang.org/reference/items/associated-items.html
  15. Rust official team. 2023b. Generic parameters. Retrieved Dec 16, 2023 from https://doc.rust-lang.org/reference/items/generics.html
  16. Rust official team. 2023c. Re-exports. Retrieved Dec 16, 2023 from https://doc.rust-lang.org/nightly/rustdoc/write-documentation/re-exports.html
  17. Rust official team. 2023d. Trait and lifetime bounds. Retrieved Dec 16, 2023 from https://doc.rust-lang.org/reference/trait-bounds.html
  18. Rust official team. 2023e. Traits. Retrieved Dec 16, 2023 from https://doc.rust-lang.org/reference/items/traits.html
  19. Rust official team. 2023f. What is rustdoc? Retrieved Dec 16, 2023 from https://doc.rust-lang.org/rustdoc/what-is-rustdoc.html
  20. Kostya Serebryany. 2017. OSS-Fuzz - Google’s continuous fuzzing service for open source software. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/serebryany
  21. SyRust: automatic testing of Rust libraries with semantic-aware program synthesis. In PLDI ’21: 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation, Virtual Event, Canada, June 20-25, 2021. ACM, 899–913.
  22. LLVM team. 2020. libFuzzer – a library for coverage-guided fuzz testing. Retrieved Dec 22, 2020 from https://llvm.org/docs/LibFuzzer.html
  23. Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation. ([n. d.]).
  24. {{\{{APICraft}}\}}: Fuzz Driver Generation for Closed-source {{\{{SDK}}\}} Libraries. In 30th USENIX Security Symposium (USENIX Security 21). 2811–2828.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now