Full Speed Fuzzing - Reducing Fuzzing Overhead Through Coverage-Guided Tracing

Explore coverage-guided tracing, a novel approach to reduce fuzzing overhead in software testing and vulnerability discovery. Learn how this technique significantly improves performance by selectively tracing only coverage-increasing test cases, potentially revolutionizing the efficiency of coverage-guided fuzzing. Dive into the implementation details of UnTracer, a tool based on the static binary instrumentor Dyninst, and examine its impressive performance gains compared to traditional tracing methods. Understand the impact of coverage-guided tracing on real-world binaries and its integration with state-of-the-art hybrid fuzzers like QSYM. Gain insights into the future of efficient fuzzing techniques and their implications for software security and bug detection.

Introduction
What is fuzzing
Coverageguided fuzzing
How coverage is found
How fuzzers spend their time
Overall impact
Why tracing code coverage is expensive
Coverageguided tracing
Microscale coverageguided tracing
Macroscale coverageguided tracing
Coverageguided tracing implementation
Evaluation
Benchmarks
Evaluation Question 1
Evaluation Question 2
Conclusion
Questions