Rights statement: ©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Accepted author manuscript, 986 KB, PDF document
Available under license: CC BY: Creative Commons Attribution 4.0 International License
Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Towards Effective Performance Fuzzing
AU - Chen, Yiqun
AU - Bradbury, Matthew
AU - Suri, Neeraj
N1 - ©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
PY - 2022/12/26
Y1 - 2022/12/26
N2 - Fuzzing is an automated testing technique that utilizes injection of random inputs in a target program to help uncover vulnerabilities. Performance fuzzing extends the classic fuzzing approach and generates inputs that trigger poor performance. During our evaluation of performance fuzzing tools, we have identified certain conventionally used assumptions that do not always hold true. Our research (re)evaluates PERFFUZZ [1] in order to identify the limitations of current techniques, and guide the direction of future work for improvements to performance fuzzing. Our experimental results highlight two specific limitations. Firstly, we identify the assumption that the length of execution paths correlate to program performance is not always the case, and thus cannot reflect the quality of test cases generated by performance fuzzing. Secondly, the default testing parameters by the fuzzing process (timeouts and size limits) overly confine the input search space. Based on these observations, we suggest further investigation on performance fuzzing guidance, as well as controlled fuzzing and testing parameters.
AB - Fuzzing is an automated testing technique that utilizes injection of random inputs in a target program to help uncover vulnerabilities. Performance fuzzing extends the classic fuzzing approach and generates inputs that trigger poor performance. During our evaluation of performance fuzzing tools, we have identified certain conventionally used assumptions that do not always hold true. Our research (re)evaluates PERFFUZZ [1] in order to identify the limitations of current techniques, and guide the direction of future work for improvements to performance fuzzing. Our experimental results highlight two specific limitations. Firstly, we identify the assumption that the length of execution paths correlate to program performance is not always the case, and thus cannot reflect the quality of test cases generated by performance fuzzing. Secondly, the default testing parameters by the fuzzing process (timeouts and size limits) overly confine the input search space. Based on these observations, we suggest further investigation on performance fuzzing guidance, as well as controlled fuzzing and testing parameters.
U2 - 10.1109/ISSREW55968.2022.00055
DO - 10.1109/ISSREW55968.2022.00055
M3 - Conference contribution/Paper
SN - 9781665476799
T3 - Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022
SP - 128
EP - 129
BT - 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)
PB - IEEE
T2 - 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)
Y2 - 31 October 2022 through 3 November 2022
ER -