Quiz (Fuzz Testing)

Question 1

Types of fuzzers?

Answer 1

Blackbox, whitebox, greybox

Question 2

What is blackbox fuzzing?

Answer 2

No analysis of a program

Question 3

What is greybox fuzzing?

Answer 3

Lightweight analysis of program, e.g coverage achieved by inputs

Question 4

Whitebox fuzzing

Answer 4

More heavyweight analysis of a program, e.g conditions that trigger specific paths

Question 5

What does bug oracles do?

Answer 5

Signal a fuzzer when a bug is triggered. The bug refers to an unintended state that the fuzz target has reached.

Question 6

Important class of bugs in bug oracles?

Answer 6

• memory safety violations
• address sanitizer
• logical bug (implementation does not adhere to the specification)

Question 7

Where is the feedback taken from?

Answer 7

From the fuzz target using lightweight instrumentation.

Question 8

What is the feedback used for?

Answer 8

To guide the input generation and mutation.

Question 9

One popular feedback is ___ and specifically checking whether ___.

Answer 9

code coverage; an input triggers previously unseen control flow edges

Question 10

If you don’t want to maximize code coverage, you can ___.

Answer 10

explore worst-case complexity behavior

Question 11

A possible solution to exploring ___ is to ___.

Answer 11

worst-case complexity behavior; prioritize mutating input that trigger an edge the maximum number of times