K-Scheduler is a novel seed scheduler for LibFuzzer which can greatly improve LibFuzzer performance over the default seed scheduler entropic.
IEEE S&P 2022 paper link: https://arxiv.org/abs/2203.12064
Github repo: https://github.com/Dongdongshe/K-Scheduler
Intuition behind: Good seeds can reach more number of unvisited nodes and bad seeds can reach fewer number of unvisited nodes.
General idea: We approximate the potential code coverage gain (i.e., the number of reachable and unvisited nodes) for each seed using graph centrality scores. Then, we prioritize the seed with higher potential code coverage gain.
One minute video explanation: https://www.youtube.com/watch?v=VVZZpQiIsm4
Our original implementation is on llvm-11.0.1. We port K-Scheduler to llvm-14.0.0 and evaluate it on 8 programs. The results show consistent improvement as llvm-11.0.1.
Please check our evaluation result plot over 24 hours for 10 runs and corresponding reproduction package (including binaries and seed corpus) at https://github.com/Dongdongshe/K-Scheduler_llvm14_Benchmark