The course teaches a highly efficient program coverage measurement mechanism called RIFF for reducing fuzzing overhead in coverage-guided fuzzers. It covers topics such as coverage importance, coverage pipeline in fuzzers, RIFF overview, single-instruction instrumentation, hot-path vectorized analysis, and evaluation of speedup in fuzzing performance. The course aims to improve coverage measurement efficiency of fuzzers, increase the number of executions completed, and reduce the time taken to reach coverage goals. The intended audience for this course includes researchers, developers, and practitioners interested in enhancing fuzzing techniques and program analysis.
RIFF - Reduced Instruction Footprint for Coverage-Guided Fuzzing
Overview
Syllabus
Intro
Coverage is important for Guided Fuzzing
Coverage Pipeline in Fuzzers
Example: Coverage Collection in AFL
Example: Coverage Analysis in AFL
Overhead in Coverage Collection
Overhead in Coverage Analysis
RIFF: Overview and Insights
Single-Instruction Instrumentation: Problem of Block Coverage
Single-Instruction Instrumentation: Simplified Algorithm
Hot-Path Vectorized Analysis
Evaluation: Overall Speedup in Fuzzing
Improved Performance Brought by Speedup
Speedup in Coverage Collection and Analysis
Summary
Taught by
USENIX
