Path Transitions Tell More:Optimizing Fuzzing Schedules via Runtime Program States. (arXiv:2201.04441v1 [cs.CR])

Coverage-guided Greybox Fuzzing (CGF) is one of the most successful and
widely-used techniques for bug hunting. Two major approaches are adopted to
optimize CGF: (i) to reduce search space of inputs by inferring relationships
between input bytes and path constraints; (ii) to formulate fuzzing processes
(e.g., path transitions) and build up probability distributions to optimize
power schedules, i.e., the number of inputs generated per seed. However, the
former is subjective to the inference results which may include extra bytes for …

fuzzing path program runtime states transitions