FUZZING FOR STRUCTURED INPUTS

Fuzzing is one of the most effective software testing techniques currently. However, the state-of-the-art fuzzers have limited ability to generate structured inputs which can satisfy the format requirements, leading to the poor performance. In order to solve such problems, this paper proposes a structure-aware fuzzer ChunkFuzzer that automatically analyzes the input structure. ChunkFuzzer constructed the inputs' tree structure according to the way the program uses the inputs, and used it as additional information of the seed inputs. We performed heuristic structure-aware mutations, so that the generated inputs could satisfy the specific format requirements and explore the deep logic of the program. The test results on 6 open source softwares show that ChunkFuzzer has improved code line coverage by 55%, 61%, and 50% compared with AFL, AFL++, and FairFuzz in the same time limit.