关键词: 模糊测试, 并行模糊测试, 任务分发, 语料库共享, 崩溃去重

Abstract: Abstract:Software vulnerability has become the main threat of Internet security, so software vulnerability analysis technology has become increasingly prominent. As one of the hotspot technologies in vulnerability analysis, fuzzing triggers program exceptions by continuously generating test cases, dynamically monitoring the execution of target code, and implementing feedback adjusting variation strategies. Fuzzing has the advantages of convenient deployment, wide applicability and intuitive effect. However, the dynamic execution, variation and feedback mechanism of fuzzing is time-consuming, which affects the efficiency of vulnerability analysis. However, parallel fuzzing improves the efficiency of vulnerability detection with the help of parallel execution, task decomposition and information sharing. Firstly, the main challenges of fuzzing based on coverage feedback are analyzed. Besides, the ideas and solutions of parallel fuzzing are discussed. In addition, the system structure, task division, corpus sharing, crash de-duplication and other aspects of parallel fuzzing are summarized. Finally, the advantages and disadvantages of existing parallel fuzzing are summarized, and the future development direction is prospected.

Key words: fuzzing, parallel fuzzing, task division, corpus sharing, crash de-duplication