Bounded model checking (BMC) and fuzzing techniques are among the most effective methods for detecting errors and security vulnerabilities in software. However, there are still shortcomings in detecting these errors due to the inability of existent methods to cover large areas in target code. We propose FuSeBMC v4, a test generator that synthesizes seeds with useful properties, that we refer to as smart seeds, to improve the performance of its hybrid fuzzer thereby achieving high C program coverage. FuSeBMC works by first analyzing and incrementally injecting goal labels into the given C program to guide BMC and Evolutionary Fuzzing engines. After that, the engines are employed for an initial period to produce the so-called smart seeds. Finally, the engines are run again, with these smart seeds as starting seeds, in an attempt to achieve maximum code coverage / find bugs. During both seed generation and normal running, coordination between the engines is aided by the Tracer subsystem. This subsystem carries out additional coverage analysis and updates a shared memory with information on goals covered so far. Furthermore, the Tracer evaluates test cases dynamically to convert cases into seeds for subsequent test fuzzing. Thus, the BMC engine can provide the seed that allows the fuzzing engine to bypass complex mathematical guards (e.g., input validation). As a result, we received three awards for participation in the fourth international competition in software testing (Test-Comp 2022), outperforming all state-of-the-art tools in every category, including the coverage category.

翻译：有界模型检测（BMC）与模糊测试技术是检测软件错误与安全漏洞最有效的方法之一。然而，现有方法在目标代码中难以覆盖大面积区域，导致错误检测仍存在不足。我们提出FuSeBMC v4，一种通过合成具有实用属性的种子（我们称之为智能种子）来提升混合模糊器性能的测试生成器，从而实现对C程序的高覆盖率。FuSeBMC首先分析给定C程序并增量式注入目标标签，以引导BMC与进化模糊引擎。随后，初始阶段启用这些引擎生成所谓的智能种子。最后，以这些智能种子作为初始种子再次运行引擎，力求实现最大代码覆盖率并发现缺陷。在种子生成与正常运行期间，追踪器子系统协调引擎间协作：该子系统执行额外覆盖率分析，并更新共享内存以记录已覆盖目标信息。此外，追踪器动态评估测试用例，将用例转化为后续模糊测试的种子。由此，BMC引擎能提供允许模糊引擎绕过复杂数学守卫（如输入验证）的种子。基于此，我们在第四届国际软件测试竞赛（Test-Comp 2022）中荣获三项奖项，在包括覆盖率类别在内的所有评估项中均超越所有现有工具。