Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise critical sections of the client code. Various studies have focused on optimizing and developing advanced fuzzers, such as AFL++, libFuzzer, Honggfuzz, syzkaller, ISP-Fuzzer, which have substantially enhanced vulnerability detection in widely used software and libraries. Nevertheless, achieving greater coverage necessitates improvements in both the quality and quantity of fuzz targets. In large-scale software projects and libraries -- characterized by numerous user defined functions and data types -- manual creation of fuzz targets is both labor-intensive and time-consuming. This challenge underscores the need for automated techniques not only to generate fuzz targets but also to streamline the execution and analysis of their results. In this paper, we introduce an approach to improving fuzz target generation through static analysis of library source code. The proposed method encompasses several key aspects: it analyzes source code structures to accurately construct function calls and generate fuzz targets; it maps fuzzer input data to the corresponding function parameters; it synthesizes compilation information for the fuzz targets; and it automatically collects and analyzes execution results. Our findings are demonstrated through the application of this approach to the generation of fuzz targets for C/C++ libraries.

翻译：模糊测试仍然是识别软件安全漏洞最有效的方法。在模糊测试中，模糊器向模糊目标提供多样化的输入，这些模糊目标旨在全面执行客户端代码的关键部分。已有大量研究聚焦于优化和开发先进的模糊器，例如 AFL++、libFuzzer、Honggfuzz、syzkaller、ISP-Fuzzer，这些工具显著增强了对广泛使用的软件和库的漏洞检测能力。然而，要实现更高的覆盖率，必须同时提升模糊目标的质量和数量。在大型软件项目和库中——其特点是存在大量用户自定义函数和数据类型——手动创建模糊目标既费力又耗时。这一挑战凸显了对自动化技术的需求，不仅需要自动生成模糊目标，还需简化其结果的执行与分析过程。本文提出一种通过对库源代码进行静态分析来改进模糊目标生成的方法。该方法涵盖以下几个关键方面：分析源代码结构以准确构建函数调用并生成模糊目标；将模糊器输入数据映射到相应的函数参数；合成模糊目标的编译信息；以及自动收集和分析执行结果。我们通过将该方法应用于 C/C++ 库的模糊目标生成，展示了其有效性。