English

SAND: Decoupling Sanitization from Fuzzing for Low Overhead

Cryptography and Security 2025-02-13 v3 Software Engineering

Abstract

Sanitizers provide robust test oracles for various software vulnerabilities. Fuzzing on sanitizer-enabled programs has been the best practice to find software bugs. Since sanitizers need to heavily instrument a target program to insert run-time checks, sanitizer-enabled programs have much higher overhead compared to normally built programs. In this paper, we present SAND, a new fuzzing framework that decouples sanitization from the fuzzing loop. SAND performs fuzzing on a normally built program and only invokes sanitizer-enabled programs when input is shown to be interesting. Since most of the generated inputs are not interesting, i.e., not bug-triggering, SAND allows most of the fuzzing time to be spent on the normally built program. To identify interesting inputs, we introduce execution pattern for a practical execution analysis on the normally built program. We realize SAND on top of AFL++ and evaluate it on 12 real-world programs. Our extensive evaluation highlights its effectiveness: in 24 hours, compared to all the baseline fuzzers, SAND significantly discovers more bugs while not missing any.

Keywords

Cite

@article{arxiv.2402.16497,
  title  = {SAND: Decoupling Sanitization from Fuzzing for Low Overhead},
  author = {Ziqiao Kong and Shaohua Li and Heqing Huang and Zhendong Su},
  journal= {arXiv preprint arXiv:2402.16497},
  year   = {2025}
}

Comments

Camera-ready version

R2 v1 2026-06-28T15:00:10.552Z