Tobias Holl (Ruhr University Bochum), Leon Weiß (Ruhr University Bochum), Kevin Borgolte (Ruhr University Bochum)
Fuzzing is one of the most successful techniques to test software and discover vulnerabilities. Due to its effectiveness and ease of scaling, it is often done in parallel on hundreds to thousands of CPU cores and improving fuzzers’ efficiency, efficacy, and performance has become a major research area. Typically focused on enhancing fuzzing itself, such as through better input generation or optimizing instrumentation to execute the program more frequently, the goal is to find more bugs or flaws in less time. On the other hand, optimizing the performance of the target program, which the fuzzer executes billions of times, specifically for fuzzing has received little attention.
We introduce Pogofuzz, a novel approach to improving fuzzing performance that is fuzzer-agnostic and target-agnostic. We leverage the insight that the inputs used for future mutations are known, to then use compiler-based profile-guided optimization (PGO) to optimize the target program specifically for these future inputs. By regularly creating new profiles based on the next inputs, recompiling the target program with new optimizations, and in-situ replacing the target in the fuzzing process with its newly optimized version, Pogofuzz improves fuzzing performance of the state-of-the-art fuzzer AFL++.
We provide preliminary results for Pogofuzz in different realistic experimental setups, comparing it to AFL++ on four software projects from the FuzzBench suite for 1–6 physical CPU cores per fuzzer, to demonstrate Pogofuzz’s advantages. Our preliminary results show that our approach has the potential to improve fuzzing throughput, despite incurring additional optimization and recompilation costs. Pogofuzz, as a fuzzer-target-agnostic approach, is a significant departure from traditional improvements in fuzzing, which are fuzzer-specific and/or target-specific, providing the opportunity for new, general performance improvements for large-scale, extended fuzzing.
To encourage adoption and reproducibility of our research, we will make Pogofuzz publicly available as open source before or with the publication of the extended paper.