In modern SSDLC, program analysis and automated testing are essential for minimizing vulnerabilities before software release, with fuzzing being a fast and widely used dynamic testing method. However, traditional coverage-guided fuzzing may be less effective in specific tasks like verifying static analysis reports or reproducing crashes, while directed fuzzing, focusing on targeted program locations using proximity metrics, proves to be more effective. Some of the earliest directed fuzzers are, for example, AFLGo and BEACON, which use different proximity metric approaches. Although most automated testing tools focus on C/C++ code, the growing popularity of Rust and Go causes the need for precise and efficient testing solutions for these languages. This work expands the applicability of directed fuzzing beyond traditional analysis of C/C++ software. We present a novel approach to directed greybox fuzzing tailored specifically for Rust and Go applications. We introduce advanced preprocessing techniques, rustc compiler customizations, and elaborate graph construction and instrumentation methods to enable effective targeting of specific program locations. Our implemented fuzzing tools, based on LibAFL-DiFuzz backend, demonstrate competitive advantages compared to popular existing fuzzers like afl.rs, cargo-fuzz, and go-fuzz. According to TTE (Time to Exposure) experiments, Rust-LibAFL-DiFuzz outperforms other tools by the best TTE result. Some stability issues can be explained by different mutation approaches. Go-LibAFL-DiFuzz outperforms its opponent by the best and, in the majority of cases, by average result, having two cases with orders of magnitude difference. These results prove better efficiency and accuracy of our approach.

翻译：在现代安全软件开发生命周期（SSDLC）中，程序分析与自动化测试对于在软件发布前最小化漏洞至关重要，其中模糊测试作为一种快速且广泛使用的动态测试方法。然而，传统的覆盖率引导模糊测试在特定任务（如验证静态分析报告或复现崩溃）中可能效果欠佳，而定向模糊测试通过使用邻近度度量专注于目标程序位置，被证明更为有效。一些最早的定向模糊测试工具，例如AFLGo和BEACON，便采用了不同的邻近度度量方法。尽管大多数自动化测试工具专注于C/C++代码，但Rust和Go语言的日益普及导致了对这两种语言精确高效测试解决方案的需求。本工作将定向模糊测试的适用性扩展到传统的C/C++软件分析之外。我们提出了一种专门针对Rust和Go应用程序的定向灰盒模糊测试新方法。我们引入了先进的预处理技术、rustc编译器定制化以及精细的图构建与插桩方法，以实现对特定程序位置的有效定位。我们基于LibAFL-DiFuzz后端实现的模糊测试工具，与现有流行模糊测试工具（如afl.rs、cargo-fuzz和go-fuzz）相比，展现出竞争优势。根据TTE（暴露时间）实验，Rust-LibAFL-DiFuzz以最佳的TTE结果优于其他工具。一些稳定性问题可通过不同的变异策略解释。Go-LibAFL-DiFuzz在最佳结果和大多数情况下的平均结果上均优于其对手，并在两个案例中表现出数量级差异。这些结果证明了我们方法具有更高的效率和准确性。