In modern SSDLC, program analysis and automated testing are essential for minimizing vulnerabilities before software release, with fuzzing being a fast and widely used dynamic testing method. However, traditional coverage-guided fuzzing may be less effective in specific tasks like verifying static analysis reports or reproducing crashes, while directed fuzzing, focusing on targeted program locations using proximity metrics, proves to be more effective. Some of the earliest directed fuzzers are, for example, AFLGo and BEACON, which use different proximity metric approaches. Although most automated testing tools focus on C/C++ code, the growing popularity of Rust and Go causes the need for precise and efficient testing solutions for these languages. This work expands the applicability of directed fuzzing beyond traditional analysis of C/C++ software. We present a novel approach to directed greybox fuzzing tailored specifically for Rust and Go applications. We introduce advanced preprocessing techniques, rustc compiler customizations, and elaborate graph construction and instrumentation methods to enable effective targeting of specific program locations. Our implemented fuzzing tools, based on LibAFL-DiFuzz backend, demonstrate competitive advantages compared to popular existing fuzzers like afl$.$rs, cargo-fuzz, and go-fuzz. According to TTE (Time to Exposure) experiments, Rust-LibAFL-DiFuzz outperforms other tools by the best TTE result. Some stability issues can be explained by different mutation approaches. Go-LibAFL-DiFuzz outperforms its opponent by the best and, in the majority of cases, by average result, having two cases with orders of magnitude difference. These results prove better efficiency and accuracy of our approach.

翻译：在现代SSDLC（软件安全开发生命周期）中，程序分析与自动化测试对于在软件发布前最小化漏洞至关重要，其中模糊测试作为一种快速且广泛使用的动态测试方法。然而，传统的覆盖引导式模糊测试在特定任务（如验证静态分析报告或复现崩溃）中可能效果不佳，而定向模糊测试通过使用邻近度度量专注于目标程序位置，被证明更为有效。例如，最早的定向模糊测试工具包括AFLGo和BEACON，它们采用了不同的邻近度度量方法。尽管大多数自动化测试工具专注于C/C++代码，但Rust和Go语言的日益流行导致了对这两种语言精确高效测试解决方案的需求。本研究将定向模糊测试的适用性扩展到了传统的C/C++软件分析之外。我们提出了一种专门针对Rust和Go应用程序的定向灰盒模糊测试新方法。我们引入了先进的预处理技术、rustc编译器定制化方案以及精细的图构建与插桩方法，以实现对特定程序位置的有效定位。基于LibAFL-DiFuzz后端实现的模糊测试工具，相较于现有主流模糊测试工具（如afl.rs、cargo-fuzz和go-fuzz）展现出竞争优势。根据TTE（暴露时间）实验，Rust-LibAFL-DiFuzz以最优TTE结果优于其他工具。部分稳定性问题可通过不同的变异策略解释。Go-LibAFL-DiFuzz在最优结果和多数情况下的平均结果均优于对比工具，其中两个案例存在数量级差异。这些结果证明了我们方法具有更好的效率与准确性。