Accelerating Fuzzing through Prefix-Guided Execution

Coverage-guided fuzzing is one of the most effective approaches for discovering software defects and vulnerabilities. It executes all mutated tests from seed inputs to expose coverage-increasing tests. However, executing incurs significant performance penalties---most are discarded because they do not increase code coverage. Thus, determining if a test increases coverage without actually it beneficial, but paradoxical challenge. In this paper, we introduce notion prefix-guided execution (PGE) tackle PGE leverages two key observations: (1) Only tiny fraction coverage, thus requiring full execution; (2) whether may be accurately inferred its partial execution. monitors applies early termination when prefix indicates that unlikely To demonstrate potential PGE, implement prototype on top AFL++, which call AFL++-PGE. We evaluate AFL++-PGE MAGMA, ground-truth benchmark set consists 21 programs nine popular real-world projects. Our results show that, after 48 hours fuzzing, finds more bugs, discovers bugs faster, achieves higher Prefix-guided general can benefit AFL-based family fuzzers.