Towards Effective Performance Fuzzing

Chen, Yiqun and Bradbury, Matthew and Suri, Neeraj (2022) Towards Effective Performance Fuzzing. In: 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) :. Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022 . IEEE, USA, pp. 128-129. ISBN 9781665476799

[thumbnail of fa_cr]
Text (fa_cr)
fa_cr.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (1MB)

Abstract

Fuzzing is an automated testing technique that utilizes injection of random inputs in a target program to help uncover vulnerabilities. Performance fuzzing extends the classic fuzzing approach and generates inputs that trigger poor performance. During our evaluation of performance fuzzing tools, we have identified certain conventionally used assumptions that do not always hold true. Our research (re)evaluates PERFFUZZ [1] in order to identify the limitations of current techniques, and guide the direction of future work for improvements to performance fuzzing. Our experimental results highlight two specific limitations. Firstly, we identify the assumption that the length of execution paths correlate to program performance is not always the case, and thus cannot reflect the quality of test cases generated by performance fuzzing. Secondly, the default testing parameters by the fuzzing process (timeouts and size limits) overly confine the input search space. Based on these observations, we suggest further investigation on performance fuzzing guidance, as well as controlled fuzzing and testing parameters.

Item Type:
Contribution in Book/Report/Proceedings
Additional Information:
©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Uncontrolled Keywords:
Research Output Funding/yes_externally_funded
Subjects:
?? yes - externally funded ??
ID Code:
184277
Deposited By:
Deposited On:
01 Feb 2023 12:10
Refereed?:
Yes
Published?:
Published
Last Modified:
02 Feb 2024 00:50