欧先飞 等: 语义可感知的灰盒编译器模糊测试                                                          2961



                 枚举所有   α 不等价的程序, 深入探究了不同变量定义使用关系对编译器编译行为的影响. FCFUZZER                         [54] 通过分阶
                 段枚举同一程序框架下所有可能的函数调用组合, 来探索函数调用对编译行为的影响. JAttack                          [55] 创新性地结合了
                 程序框架和程序片段的概念, 通过预定义的程序结构和可插拔的代码片段, 生成语法正确且语义合理的                                 Java 测试
                 用例. ClassFuzz  [56] 通过人工设计的  129  个变异操作符对     Java  类文件进行变异, 显著提高了         JVM  测试效率.
                 GrayC [22] 尝试通过人工设计可保持语义合法性的变异操作符来保障变异后程序的合法性. 然而, 由于可靠性和可
                 用性问题, GrayC  在灰盒模糊测试中的应用效果仍有待提高. 尽管这些工作在提高模糊测试的语义合法性保持能
                 力方面取得了显著进展, 但在面对           C/C++编译器这类对高度语义结构有严格要求的被测程序时, 它们的能力仍显
                 不足. 如何在确保生成输入的语义合法性的同时, 有效提高模糊测试的覆盖率和缺陷发现能力, 仍然是一个亟需解
                 决的关键问题.

                 References:
                  [1]  Wang JJ, Chen BH, Wei L, Liu Y. Superion: Grammar-aware greybox fuzzing. In: Proc. of the 41st IEEE/ACM Int’l Conf. on Software
                     Engineering. Montreal: IEEE, 2019. 724–735. [doi: 10.1109/ICSE.2019.00081]
                  [2]  Zalewski M. American fuzzy lop. 2024. http://lcamtuf.coredump.cx/afl/
                  [3]  Li YK, Chen BH, Chandramohan M, Lin SW, Liu Y, Tiu A. Steelix: Program-state based binary fuzzing. In: Proc. of the 11th Joint
                     Meeting on Foundations of Software Engineering. Paderborn: ACM, 2017. 627–637. [doi: 10.1145/3106237.3106295]
                  [4]  Lemieux C, Sen K. FairFuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage. In: Proc. of the 33rd ACM/IEEE
                     Int’l Conf. on Automated Software Engineering. Montpellier: ACM, 2018. 475–485. [doi: 10.1145/3238147.3238176]
                  [5]  Gan ST, Zhang C, Qin XJ, Tu XW, Li K, Pei ZY, Chen ZN. CollAFL: Path sensitive fuzzing. In: Proc. of the 2018 IEEE Symp. on
                     Security and Privacy. San Francisco: IEEE, 2018. 679–696. [doi: 10.1109/SP.2018.00040]
                  [6]  Petsios T, Zhao J, Keromytis AD, Jana S. SlowFuzz: Automated domain-independent detection of algorithmic complexity vulnerabilities.
                     In: Proc. of the 2017 ACM SIGSAC Conf. on Computer and Communications Security. Dallas: ACM, 2017. 2155–2168. [doi: 10.1145/
                     3133956.3134073]
                  [7]  Lemieux C, Padhye R, Sen K, Song D. PerfFuzz: Automatically generating pathological inputs. In: Proc. of the 27th ACM SIGSOFT Int’l
                     Symp. on Software Testing and Analysis. Amsterdam: ACM, 2018. 254–265. [doi: 10.1145/3213846.3213874]
                  [8]  Ganesh V, Leek T, Rinard M. Taint-based directed whitebox fuzzing. In: Proc. of the 31st IEEE Int’l Conf. on Software Engineering.
                     Vancouver: IEEE, 2009. 474–484. [doi: 10.1109/ICSE.2009.5070546]
                  [9]  Rawat  S,  Jain  V,  Kumar  A,  Cojocar  L,  Giuffrida  C,  Bos  H.  VUzzer:  Application-aware  evolutionary  fuzzing.  In:  Proc.  of  the  24th
                     Network and Distributed System Security Symp. San Diego: NDSS, 2017. 1–14. [doi: 10.14722/ndss.2017.23404]
                 [10]  Chen P, Chen H. Angora: Efficient fuzzing by principled search. In: Proc. of the 2018 IEEE Symp. on Security and Privacy (SP). San
                     Francisco: IEEE, 2018. 711–725. [doi: 10.1109/SP.2018.00046]
                 [11]  Microsoft. Security development lifecycle (SDL) practices. 2024. https://www.microsoft.com/en-us/sdl/process/verification.aspx
                 [12]  Bounimova E, Godefroid P, Molnar D. Billions and billions of constraints: Whitebox fuzz testing in production. In: Proc. of the 35th Int’l
                     Conf. on Software Engineering. San Francisco: IEEE, 2013. 122–131. [doi: 10.1109/ICSE.2013.6606558]
                 [13]  The chromium projects. 2024. https://www.chromium.org/Home/chromium-security/bugs
                 [14]  Aizatsky M, Serebryany K, Chang O, Arya A, Whittaker M. OSS-Fuzz: Continuous fuzzing for open source software. 2024. https://github.
                     com/google/oss-fuzz
                 [15]  Chrome Security Team. ClusterFuzz. 2024. https://google.github.io/clusterfuzz/
                 [16]  Manès VJM, Han H, Han C, Cha SK, Egele M, Schwartz EJ, Woo M. The art, science, and engineering of fuzzing: A survey. IEEE Trans.
                     on Software Engineering, 2021, 47(11): 2312–2331. [doi: 10.1109/TSE.2019.2946563]
                 [17]  Li J, Zhao BD, Zhang C. Fuzzing: A survey. Cybersecurity, 2018, 1(1): 6. [doi: 10.1186/s42400-018-0002-y]
                 [18]  Zhu XG, Wen S, Camtepe S, Xiang Y. Fuzzing: A survey for roadmap. ACM Computing Surveys, 2022, 54(11s): 230. [doi: 10.1145/
                     3512345]
                 [19]  Zhao XQ, Qu HP, Xu JL, Li XH, Lv WJ, Wang GG. A systematic review of fuzzing. Soft Computing, 2024, 28(6): 5493–5522. [doi: 10.
                     1007/s00500-023-09306-2]
                 [20]  Fioraldi A, Maier D, Eißfeldt H, Heuse M. AFL++: Combining incremental steps of fuzzing research. In: Proc. of the 14th USENIX
                     Conf. on Offensive Technologies. USENIX Association, 2020. 10.
                 [21]  Liang J, Wu ZY, Fu JZ, Zhu J, Jiang Y, Sun JG. Survey on database management system fuzzing techniques. Ruan Jian Xue Bao/Journal