Fuzzing Error Handling Code in Device Drivers Based on Software Fault Injection

Abstract : Device drivers remain a main source of runtime failures in operating systems. To detect bugs in device drivers, fuzzing has been commonly used in practice. However, a main limitation of existing fuzzing approaches is that they cannot effectively test error handling code. Indeed, these fuzzing approaches require effective inputs to cover target code, but much error handling code in drivers is triggered by occasional errors (such as insufficient memory and hardware malfunctions) that are not related to inputs. In this paper, based on software fault injection, we propose a new fuzzing approach named FIZZER, to test error handling code in device drivers. At compile time, FIZZER uses static analysis to recommend possible error sites that can trigger error handling code. During driver execution, by analyzing runtime information, it automatically fuzzes error-site sequences for fault injection to improve code coverage. We evaluate FIZZER on 18 device drivers in Linux 4.19, and in total find 22 real bugs. The code coverage is increased by over 15% compared to normal execution without fuzzing.
Complete list of metadatas

Cited literature [55 references]  Display  Hide  Download

https://hal.inria.fr/hal-02389293
Contributor : Julia Lawall <>
Submitted on : Monday, December 2, 2019 - 2:54:48 PM
Last modification on : Wednesday, December 4, 2019 - 1:35:30 AM

File

FIZZER_published.pdf
Explicit agreement for this submission

Identifiers

Citation

Zu-Ming Jiang, Jia-Ju Bai, Julia Lawall, Shi-Min Hu. Fuzzing Error Handling Code in Device Drivers Based on Software Fault Injection. ISSRE 2019 - The 30th International Symposium on Software Reliability Engineering, Oct 2019, Berlin, Germany. ⟨10.1109/ISSRE.2019.00022⟩. ⟨hal-02389293⟩

Share

Metrics

Record views

30

Files downloads

112