Overview
FuzzSlice provides quick insights into potentially vulnerable locations. FuzzSlice creates code slices centered around user-specified locations and subsequently fuzzes these small code slices. Automatic testing techniques can easily reach the location since the code slice is small.
Use Cases
Two types of potentially vulnerable locations that FuzzSlice can effectively test include:
- Reducing false positives in Static analysis warnings. Static analysis tools suffer from high rate of false positives, which can overwhelm developers and reduce the efficiency of the debugging process. FuzzSlice reduces the number of false positives by 62.26%, ensuring that only genuine issues are flagged in under 5 minutes per warning according to our research.
- Securing code reviews. FuzzSlice can enhance the code review process by fuzzing slices of code that needs to be merged. It can significantly improve the code review process by exposing bugs in new commits that can lead to new zero day vulnerabilities.