Abstract
The exploration of the input space of programs can often be prohibitively expensive duringfuzzing. To improve this exploration, modern fuzzing relies on human expertise to provide
plausible initial test cases. However, the process of handcrafting test cases for fuzzing is often
strenuous for humans and requires a deeper understanding of the Program-Under-Test (PUT).
Also, the use of known inputs to programs often cannot trigger vulnerable program behaviors
or reach potentially vulnerable code locations in a fuzzing session. To address those issues,
we propose a seed generation framework for human-in-the-loop directed fuzzing. Our proposed
framework uses symbolic execution to generate seeds that exercise paths to target program locations and uses fuzzing to trigger vulnerable program behaviors. Finally, our framework enables
the visualization of the explored execution paths in binaries for generated or user-provided test
inputs. The experimental results of our approach show its effectiveness in improving AFL’s
performance in discovering software bugs.