SHFuzz: Selective Hybrid Fuzzing with Branch Scheduling Based on Binary Instrumentation

INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing

Empowered by instrumentation, coverage-guided fuzzing monitors the program execution path taken by an input, and prioritizes inputs based on their contribution to code coverage. Although instrumenting every basic block ensures full visibility, it slows down the fuzzer and thus the speed of vulnerability discovery. This paper shows that thanks to common program structures (e.g., directed acyclic...

Branch Instrumentation in SUIF

Conditional branches limit the speed of modern microprocessors. Researchers need tools to examine program branch behavior. HALT, the Harvard Atom-Like Tool, allows SUIF users to instrument conditional branch instructions in their programs. Instrumentation code enables research into the branch problem: how programs use conditional branches and how they can be handled efficiently during program e...

C++ Memory Check tool based on Dynamic Binary Instrumentation Platform

Driller: Augmenting Fuzzing Through Selective Symbolic Execution

Memory corruption vulnerabilities are an everpresent risk in software, which attackers can exploit to obtain unauthorized access to confidential information. As products with access to sensitive data are becoming more prevalent, the number of potentially exploitable systems is also increasing, resulting in a greater need for automated software vetting tools. DARPA recently funded a competition,...

Obtaining Dynamic Program Information with Binary Instrumentation

Dynamic information about a program has many uses, such as aiding the programmer in debugging or optimizing his code, helping make code more secure, or helping hardware and systems designers make organizational or tradeoff decisions. Program information is available through a variety of approaches, including visual inspection of the code or its output, compiler output, hardware counters, debugg...