Waffle: A whitebox AFL-based fuzzer for discovering exhaustive executions

Thumbnail Image



Journal Title

Journal ISSN

Volume Title


University of New Brunswick


Fuzz testing helps software security researchers investigate the existing vulnerabilities within programs in an automated fashion. AFL is a whitebox coverage-based fuzzer leveraging a genetic algorithm (GA) to search for vulnerabilities inside a program. The inputs to the program, which may affect the program’s execution paths are the chromosomes of GA and the content of the files that make up the genes. AFL investigates code coverages for the program’s executions on each input, and the findings with new coverage information are selected for more testing. This technique guides the fuzzer to discover more regions of code. Waffle, is an AFL-based fuzzer searching for executions with higher resource usages, such as execution time. Waffle searches for files that not only discover new regions of code but also require more resources to complete a run. Waffle modifies the instrumentation and fuzzing modules of AFL, with the intention of storing resource/time-consuming executions. To confirm the correctness of the modifications, the binaries are assessed, and the fuzzing procedure is monitored from a status screen. Finally, the performance of Waffle is compared to AFL-based fuzzers, and it is shown that Waffle discovers exhaustive executions effectively.