SyzRetrospector: A Large-Scale Retrospective Study of Syzbot
CoRR(2024)
摘要
Over the past 6 years, Syzbot has fuzzed the Linux kernel day and night to
report over 5570 bugs, of which 4604 have been patched [11]. While this is
impressive, we have found the average time to find a bug is over 405 days.
Moreover, we have found that current metrics commonly used, such as
time-to-find and number of bugs found, are inaccurate in evaluating Syzbot
since bugs often spend the majority of their lives hidden from the fuzzer. In
this paper, we set out to better understand and quantify Syzbot's performance
and improvement in finding bugs. Our tool, SyzRetrospector, takes a different
approach to evaluating Syzbot by finding the earliest that Syzbot was capable
of finding a bug, and why that bug was revealed. We use SyzRetrospector on a
large scale to analyze 559 bugs and find that bugs are hidden for an average of
331.17 days before Syzbot is even able to find them. We further present
findings on the behaviors of revealing factors, how some bugs are harder to
reveal than others, the trends in delays over the past 6 years, and how bug
location relates to delays. We also provide key takeaways for improving
Syzbot's delays.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要