HuntFUZZ: Enhancing error handling testing through clustering based fuzzing.
Saved in:
| Title: | HuntFUZZ: Enhancing error handling testing through clustering based fuzzing. |
|---|---|
| Authors: | Wei, Jin1,2 (AUTHOR), Chen, Ping2,3 (AUTHOR) pchen@fudan.edu.cn, Dai, Jun4 (AUTHOR), Sun, Xiaoyan4 (AUTHOR), Zhang, Zhihao4 (AUTHOR), Xu, Chang1 (AUTHOR), Wang, Yi2 (AUTHOR) |
| Source: | Journal of Computer Security. Sep2025, Vol. 33 Issue 5, p334-359. 26p. |
| Subjects: | Computer software testing, Dynamic testing, Clustering algorithms, Defect tracking (Computer software development), Constraint programming |
| Abstract: | Testing a program's capability to effectively handle errors is a significant challenge, given that program errors are relatively uncommon. To address this, software fault injection (SFI)-based fuzzing combines SFI with traditional fuzzing to inject faults and trigger errors, enabling the testing of (error handling) code. However, current SFI-based fuzzing approaches have overlooked the correlation between paths housing error points. In fact, the execution paths of error points often share common paths. As a result, fuzzers usually generate test cases repeatedly to explore these common paths. This practice can compromise the efficiency of the fuzzer(s). To address this issue, this paper introduces HuntFUZZ, a novel SFI-based fuzzing framework designed to minimize redundant exploration of error points with correlated paths. HuntFUZZ achieves this by clustering these correlated error points and using concolic execution to resolve the path constraints necessary for approaching or reaching these clusters. This approach provides the fuzzer with optimized test cases, allowing it to efficiently explore error points within the cluster while minimizing redundancy. We evaluate HuntFUZZ on a diverse set of 42 applications, and HuntFUZZ successfully reveals 162 known bugs, with 62 of them being related to error handling. Additionally, due to its efficient error point detection method, HuntFUZZ discovers seven unique zero-day bugs, which are all missed by existing fuzzers. Furthermore, we compare HuntFUZZ with four existing fuzzing approaches, including AFL, AFL++, AFLGo, and EH-FUZZ. Our evaluation confirms that HuntFUZZ can cover a broader range of error points, and it exhibits better performance in terms of bug-finding speed. [ABSTRACT FROM AUTHOR] |
| Copyright of Journal of Computer Security is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
| FullText | Links: – Type: pdflink Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 187531854 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: HuntFUZZ: Enhancing error handling testing through clustering based fuzzing. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Wei%2C+Jin%22">Wei, Jin</searchLink><relatesTo>1,2</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Chen%2C+Ping%22">Chen, Ping</searchLink><relatesTo>2,3</relatesTo> (AUTHOR)<i> pchen@fudan.edu.cn</i><br /><searchLink fieldCode="AR" term="%22Dai%2C+Jun%22">Dai, Jun</searchLink><relatesTo>4</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Sun%2C+Xiaoyan%22">Sun, Xiaoyan</searchLink><relatesTo>4</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Zhang%2C+Zhihao%22">Zhang, Zhihao</searchLink><relatesTo>4</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Xu%2C+Chang%22">Xu, Chang</searchLink><relatesTo>1</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Wang%2C+Yi%22">Wang, Yi</searchLink><relatesTo>2</relatesTo> (AUTHOR) – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Journal+of+Computer+Security%22">Journal of Computer Security</searchLink>. Sep2025, Vol. 33 Issue 5, p334-359. 26p. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Computer+software+testing%22">Computer software testing</searchLink><br /><searchLink fieldCode="DE" term="%22Dynamic+testing%22">Dynamic testing</searchLink><br /><searchLink fieldCode="DE" term="%22Clustering+algorithms%22">Clustering algorithms</searchLink><br /><searchLink fieldCode="DE" term="%22Defect+tracking+%28Computer+software+development%29%22">Defect tracking (Computer software development)</searchLink><br /><searchLink fieldCode="DE" term="%22Constraint+programming%22">Constraint programming</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: Testing a program's capability to effectively handle errors is a significant challenge, given that program errors are relatively uncommon. To address this, software fault injection (SFI)-based fuzzing combines SFI with traditional fuzzing to inject faults and trigger errors, enabling the testing of (error handling) code. However, current SFI-based fuzzing approaches have overlooked the correlation between paths housing error points. In fact, the execution paths of error points often share common paths. As a result, fuzzers usually generate test cases repeatedly to explore these common paths. This practice can compromise the efficiency of the fuzzer(s). To address this issue, this paper introduces HuntFUZZ, a novel SFI-based fuzzing framework designed to minimize redundant exploration of error points with correlated paths. HuntFUZZ achieves this by clustering these correlated error points and using concolic execution to resolve the path constraints necessary for approaching or reaching these clusters. This approach provides the fuzzer with optimized test cases, allowing it to efficiently explore error points within the cluster while minimizing redundancy. We evaluate HuntFUZZ on a diverse set of 42 applications, and HuntFUZZ successfully reveals 162 known bugs, with 62 of them being related to error handling. Additionally, due to its efficient error point detection method, HuntFUZZ discovers seven unique zero-day bugs, which are all missed by existing fuzzers. Furthermore, we compare HuntFUZZ with four existing fuzzing approaches, including AFL, AFL++, AFLGo, and EH-FUZZ. Our evaluation confirms that HuntFUZZ can cover a broader range of error points, and it exhibits better performance in terms of bug-finding speed. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of Journal of Computer Security is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=187531854 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1177/0926227X251343867 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 26 StartPage: 334 Subjects: – SubjectFull: Computer software testing Type: general – SubjectFull: Dynamic testing Type: general – SubjectFull: Clustering algorithms Type: general – SubjectFull: Defect tracking (Computer software development) Type: general – SubjectFull: Constraint programming Type: general Titles: – TitleFull: HuntFUZZ: Enhancing error handling testing through clustering based fuzzing. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Wei, Jin – PersonEntity: Name: NameFull: Chen, Ping – PersonEntity: Name: NameFull: Dai, Jun – PersonEntity: Name: NameFull: Sun, Xiaoyan – PersonEntity: Name: NameFull: Zhang, Zhihao – PersonEntity: Name: NameFull: Xu, Chang – PersonEntity: Name: NameFull: Wang, Yi IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 09 Text: Sep2025 Type: published Y: 2025 Identifiers: – Type: issn-print Value: 0926227X Numbering: – Type: volume Value: 33 – Type: issue Value: 5 Titles: – TitleFull: Journal of Computer Security Type: main |
| ResultId | 1 |