FUZZ: Redesign of Parallel Fuzzing using Microservice Architecture

Fuzzing has been widely adopted as an effective testing technique for detecting software bugs. Researchers have explored many parallel fuzzing approaches to speed up bug detection. However, existing approaches are built on top of serial fuzzers and rely on periodic fuzzing state synchronization. Such a design has two limitations. First, the synchronous serial design of the fuzzer might waste CPU power due to blocking I/O operations. Second, state synchronization is either too late so that we fuzz with a suboptimal strategy or too frequent so that it causes enormous overhead. In this paper, we redesign parallel fuzzing with microservice architecture and propose the prototype mu FUZZ. To better utilize CPU power in the existence of I/O, mu FUZZ breaks down the synchronous fuzzing loops into concurrent microservices, each with multiple workers. To avoid state synchronization, mu FUZZ partitions the state into different services and their workers so that they can work independently but still achieve a great aggregated result. Our experiments show that mu FUZZ outperforms the second-best existing fuzzers with 24% improvements in code coverage and 33% improvements in bug detection on average in 24 hours. Besides, mu FUZZ finds 11 new bugs in well-tested real-world programs.