Explore an innovative approach to improving coverage-guided fuzzing efficiency in this 14-minute conference talk from USENIX ATC '21. Dive into RIFF (Reduced Instruction Footprint for Coverage-Guided Fuzzing), a mechanism designed to significantly reduce fuzzing overhead. Learn how RIFF optimizes both runtime collection and post-execution processing by moving computations to instrumentation-time through static program analysis. Discover how this technique minimizes instrumentation code and utilizes vector instructions to enhance throughput. Examine the implementation of RIFF in popular fuzzers like AFL and MOpt, and analyze its performance on real-world programs. Gain insights into the substantial improvements achieved, including a 23× efficiency boost in runtime collection, 6× speedup in post-execution processing, and 147% more executions completed. Understand the potential impact of RIFF on accelerating fuzzing processes and reaching coverage goals faster.
RIFF - Reduced Instruction Footprint for Coverage-Guided Fuzzing
Overview
Syllabus
Intro
Coverage is important for Guided Fuzzing
Coverage Pipeline in Fuzzers
Example: Coverage Collection in AFL
Example: Coverage Analysis in AFL
Overhead in Coverage Collection
Overhead in Coverage Analysis
RIFF: Overview and Insights
Single-Instruction Instrumentation: Problem of Block Coverage
Single-Instruction Instrumentation: Simplified Algorithm
Hot-Path Vectorized Analysis
Evaluation: Overall Speedup in Fuzzing
Improved Performance Brought by Speedup
Speedup in Coverage Collection and Analysis
Summary
Taught by
USENIX
