Facilitating Parallel Fuzzing with Mutually-Exclusive Task Distribution

Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry. In general, fuzzing provides various inputs to the target program with the goal of discovering un-handled exceptions and crashes. In business sectors where the time budget is limited, software vendors often launch many fuzzing instances in parallel as a common means of increasing code coverage. However, most of the popular fuzzing tools—in their parallel mode—naively run multiple instances concurrently, without elaborate distribution of workload. This can lead different instances to explore overlapped code regions, eventually reducing the benefits of concurrency. In this paper, we propose a general model to describe parallel fuzzing. This model distributes mutually-exclusive but similarly-weighted tasks to different instances, facilitating concurrency and also fairness across instances. Following this model, we develop a solution, calledAFL-EDGE, to improve the parallel mode ofAFL, consideringa round of mutations to a unique seedas a task and adopting edge coverage to define the uniqueness of a seed. We have implementedAFL-EDGEon top ofAFLand evaluated the implementation withAFLon 9 widely used benchmark programs. It shows thatAFL-EDGEcan benefit the edge coverage ofAFL. In a 24-h test, the increase of edge coverage brought byAFL-EDGEtoAFLranges from 9.5% to 10.2%, depending on the number of instances. As a side benefit, we discovered 14 previously unknown bugs.