Fuzzing performance of the PeAR static binary rewriting tool
03 June 2024, 12:00, CSIT Level 2 - Systems Area
Speaker:
Peter Oslington
(ANU)
Abstract#
We conduct extended benchmarks of AFL++ and a new, state-of-the-art binary instrumentation program PeAR, targeting the bug finding performance of both instrumentation approaches. The benchmarks were conducted using the Magma ground truth benchmarking suite, with support developed for benchmarking PeAR in several modes using various modern AFL++ optimisations. We also develop a new version of PeAR that provides support for additional pre-processing, and benchmark that it maintains similar performance to the original version. We find that in most benchmarks that were successfully instrumented under PeAR, there is not a statistically significant difference between AFL++, PeAR and PeAR2. In some benchmarks, we observe a slight performance improvement of PeAR over AFL++, while in other benchmarks PeAR was unable to locate specific bugs in the benchmarks that AFL++ was able to locate. We conclude that, in most cases PeAR is producing binaries with functionally identical instrumentation, while in some cases there may be some discrepancy which reduce the bug finding efficacy of PeAR.