Range Specification Bug Detection in Flight Control System Through Fuzzing

Developers and manufacturers provide configurable control parameters for flight control programs to support various environments and missions, along with suggested ranges for these parameters to ensure flight safety. However, this flexible mechanism can also introduce a vulnerability known as range specification bugs. The vulnerability originates from the evidence that certain combinations of parameter values may affect the drone’s physical stability even though its parameters are within the suggested range. The paper introduces a novel system called ICSEARCHER, designed to identify incorrect configurations or unreasonable combinations of parameters and suggest more reasonable ranges for these parameters. ICSEARCHER applies a metaheuristic search algorithm to find configurations with a high probability of driving the drone into unstable states. In particular, ICSEARCHER adopts a machine learning-based predictor to assist the searcher in evaluating the fitness of configuration. Finally, leveraging searched incorrect configurations, ICSEARCHER can summarize the feasible ranges through multi-objective optimization. ICSEARCHER applies a predictor to guide the search, which eliminates the need for realistic/simulation executions when evaluating configurations and further promotes search efficiency. We have carried out experimental evaluations of ICSEARCHER in different control programs. The evaluation results show that the system successfully reports potentially incorrect configurations, of which over 94% leads to unstable states.