Coverage-guided fuzzing via dynamic instrumentation

Assignee

• Robert Bosch GmbH · DE

Inventors

• Christopher Huth · Weil der Stadt, DE
• Marius Fischer · Stuttgart, DE
• Max Camillo Eisele · Ludwigsburg, DE

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06N7/023
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method for obtaining coverage-guided fuzzing of software on a hardware target. The hardware target includes a breakpoint register, and is designed to stop an execution of the software prior to execution of an instruction of the software if the instruction is reached during the execution of the software; a memory address of the instruction is set in the breakpoint register. The method includes setting a first breakpoint prior to a first instruction of the software; executing or continuing a fuzzing iteration of the software; first checking whether the first breakpoint is reached while executing or continuing the fuzzing iteration; storing a piece of log information that includes that the first instruction in the fuzzing iteration has been reached, and optionally deleting the first breakpoint if the first check is positive. The coverage-guided fuzzing of the software includes the piece of log information.