Software testing typically requires these three steps:
1. test case generation
2. target program execution
3. execution feedback analysis.
Researchers have been focusing on improving the test case generation and execution feedback analysis while the topic of target program execution is under-studied, because executing the target program seems to be an easy task.
However, through industry practice, we find that target program execution can be challenging for libraries or IoT software.
Therefore, we propose two techniques for emulation based fuzzing on IoT software and automated fuzz driver generation.
We have implemented prototypes for these techniques and used them to find dozens of vulnerabilities in open-source libraries and routers.