POWER: Program Option-Aware Fuzzer for High Bug Detection Ability

Most programs with command-line interface (CLI) have dozens of command-line options (e.g., -1, -F, -R for 1s) to alternate the operation of the programs. Thus, depending on the option configurations (i.e., a list of options like -1 -F and -F -R) applied during fuzzing, the lest coverage and crash detection results can vary significantly. In this paper, we propose a novel fuzzing technique POWER that detects more crashes than the cutting-edge fuzzers by actively constructing and carefully selecting various program option configurations. The salient idea of POWER is to enforce diverse executions of a target program by selecting a set of the option configurations each of which is far "different/distant" from the others in the set. Another core idea of POWER is to apply different fuzzing strategies to different input domains (i.e., option configurations and input Ides) to increase testing effectiveness within limited time budget. The experiment results on the 30 real-world programs show that POWER detects significantly more crash bugs than the state-of-the-art fuzzing techniques.