FuzzBench: 2024-09-03-dgfuzz report

experiment summary

We show two different aggregate (cross-benchmark) rankings of fuzzers. The first is based on the average of per-benchmarks scores, where the score represents the percentage of the highest reached median code-coverage on a given benchmark (higher value is better). The second ranking shows the average rank of fuzzers, after we rank them on each benchmark according to their median reached code-covereges (lower value is better).
By avg. score
average normalized score
fuzzer
dgfuzz_e0d055 99.18
aflplusplus 93.44
eclipser 86.82
mopt 70.87
aflsmart 69.36
fairfuzz 69.31
aflfast 67.03
centipede 65.76
libafl 41.67
honggfuzz 13.69
libfuzzer 13.15
afl 12.97
By avg. rank
average rank
fuzzer
dgfuzz_e0d055 1.43
aflplusplus 2.00
eclipser 4.57
mopt 5.29
aflsmart 5.43
fairfuzz 6.43
libafl 6.71
aflfast 7.00
centipede 7.71
honggfuzz 8.43
libfuzzer 8.71
afl 9.00
  • Critical difference diagram
    The diagram visualizes the average rank of fuzzers (second ranking above) while showing the significance of the differences as well. What is considered a "critical difference" (CD) is based on the Friedman/Nemenyi post-hoc test. See more in the documentation.
    Note: If a fuzzer does not support all benchmarks, its ranking as shown in this diagram can be lower than it should be. So please check the list of supported benchmarks for the fuzzer(s) of your interest. The list could be specified in the fuzzer's README.md like this.
  • Median relative code-coverages on each benchmark

    Note: The relative coverage summary table shows the median relative performance of each fuzzer to the experiment maximum. Thus the highest relative performance may not be 100%.
    trial_relative_coverage = trial_coverage / experiment_max_coverage

      dgfuzz_e0d055 libafl honggfuzz libfuzzer aflplusplus afl eclipser centipede mopt aflsmart fairfuzz aflfast
    FuzzerMedian 95.00 88.00 91.00 88.00 89.00 87.00 75.00 75.50 71.00 71.00 71.00 71.00
    FuzzerMean 93.29 91.33 91.00 88.00 87.71 87.00 82.00 71.17 67.14 65.86 65.71 63.71
    harfbuzz_hb-shape-fuzzer 98.00 nan nan nan 98.00 nan 97.00 nan 97.00 97.00 84.00 96.00
    lcms_cms_transform_fuzzer 95.00 nan nan nan 89.00 nan 75.00 35.00 50.00 40.00 54.00 28.00
    libpcap_fuzz_both 84.00 nan nan nan 88.00 nan 71.00 81.00 0.00 0.00 0.00 1.00
    mbedtls_fuzz_dtlsclient 95.00 88.00 nan nan 70.00 nan 68.00 66.00 68.00 68.00 71.00 66.00
    openthread_ot-ip6-send-fuzzer 87.00 88.00 nan nan 75.00 nan 74.00 70.00 71.00 71.00 68.00 71.00
    stb_stbi_read_fuzzer 95.00 nan 91.00 88.00 95.00 87.00 91.00 85.00 86.00 87.00 86.00 86.00
    vorbis_decode_fuzzer 99.00 98.00 nan nan 99.00 nan 98.00 90.00 98.00 98.00 97.00 98.00
    • Fuzzers are sorted by "FuzzerMean" (average median relative coverage), highest on the left.
    • Green background = highest relative median coverage.
    • Blue gradient background = greater than 95% relative median coverage.

harfbuzz_hb-shape-fuzzer summary

Ranking by median reached code coverage
Reached code coverage distribution
Mean code coverage growth over time
Mean code coverage growth over time
* The error bands show the 95% confidence interval around the mean code coverage.
error
The following fuzzers do not have enough samples: aflplusplus, fairfuzz, dgfuzz_e0d055.
  • Sample statistics and statistical significance (code coverage)
    Code coverage sample statistics
    count mean std min 25% median 75% max
    fuzzer time
    dgfuzz_e0d055 82800 7.0 10863.428571 276.618183 10327.0 10783.50 10959.0 11060.00 11071.0
    aflplusplus 82800 14.0 10909.214286 40.828306 10824.0 10876.75 10912.5 10939.00 10967.0
    mopt 82800 20.0 10778.950000 52.249880 10651.0 10757.50 10789.5 10796.25 10863.0
    eclipser 82800 20.0 10769.400000 51.530676 10623.0 10744.25 10777.0 10789.50 10868.0
    aflsmart 82800 20.0 10763.700000 42.521945 10652.0 10753.00 10764.5 10791.00 10839.0
    aflfast 82800 20.0 10677.750000 59.487172 10566.0 10633.00 10675.5 10714.50 10791.0
    fairfuzz 82800 14.0 9509.571429 347.646530 9071.0 9259.50 9399.0 9715.75 10155.0

    Vargha-Delaney A12 measure
    The table summarizes the A12 values from the pairwise Vargha-Delaney A measure of effect size. Green cells indicate the probability the fuzzer in the row will outperform the fuzzer in the column.
    Mann-Whitney U test
    The table summarizes the p values of pairwise Mann-Whitney U tests. Green cells indicate that the reached coverage distribution of a given fuzzer pair is significantly different.
  • Unique code coverage plots
    Ranking by unique code branches covered
    Each bar shows the total number of code branches found by a given fuzzer. The colored area shows the number of unique code branches (i.e., branches that were not covered by any other fuzzers).
    Pairwise unique code coverage
    Each cell represents the number of code branches covered by the fuzzer of the column but not by the fuzzer of the row

lcms_cms_transform_fuzzer summary

Ranking by median reached code coverage
Reached code coverage distribution
Mean code coverage growth over time
Mean code coverage growth over time
* The error bands show the 95% confidence interval around the mean code coverage.
error
The following fuzzers do not have enough samples: aflplusplus.
  • Sample statistics and statistical significance (code coverage)
    Code coverage sample statistics
    count mean std min 25% median 75% max
    fuzzer time
    dgfuzz_e0d055 82800 18.0 2054.777778 188.467677 1528.0 2070.50 2113.0 2145.75 2222.0
    aflplusplus 82800 14.0 1895.642857 233.868999 1526.0 1664.75 1996.5 2039.25 2178.0
    eclipser 82800 17.0 1656.823529 137.802955 1398.0 1537.00 1671.0 1753.00 1893.0
    fairfuzz 82800 18.0 1274.277778 397.407600 800.0 901.00 1221.0 1636.25 1940.0
    mopt 82800 20.0 1154.600000 428.242602 650.0 697.50 1133.0 1559.00 1736.0
    aflsmart 82800 20.0 1074.750000 469.254714 650.0 652.00 900.0 1561.00 1791.0
    centipede 82800 20.0 938.450000 266.317277 732.0 778.50 796.0 949.50 1469.0
    aflfast 82800 20.0 655.900000 152.566086 476.0 629.50 640.5 644.25 1276.0

    Vargha-Delaney A12 measure
    The table summarizes the A12 values from the pairwise Vargha-Delaney A measure of effect size. Green cells indicate the probability the fuzzer in the row will outperform the fuzzer in the column.
    Mann-Whitney U test
    The table summarizes the p values of pairwise Mann-Whitney U tests. Green cells indicate that the reached coverage distribution of a given fuzzer pair is significantly different.
  • Unique code coverage plots
    Ranking by unique code branches covered
    Each bar shows the total number of code branches found by a given fuzzer. The colored area shows the number of unique code branches (i.e., branches that were not covered by any other fuzzers).
    Pairwise unique code coverage
    Each cell represents the number of code branches covered by the fuzzer of the column but not by the fuzzer of the row

libpcap_fuzz_both summary

Ranking by median reached code coverage
Reached code coverage distribution
Mean code coverage growth over time
Mean code coverage growth over time
* The error bands show the 95% confidence interval around the mean code coverage.
error
The following fuzzers do not have enough samples: dgfuzz_e0d055, mopt, aflfast, aflplusplus.
  • Sample statistics and statistical significance (code coverage)
    Code coverage sample statistics
    count mean std min 25% median 75% max
    fuzzer time
    aflplusplus 82800 4.0 3030.750000 116.411268 2878.0 2975.5 3050.0 3105.25 3145.0
    dgfuzz_e0d055 82800 14.0 2956.857143 137.357399 2804.0 2867.0 2916.5 3038.50 3264.0
    centipede 82800 20.0 2413.350000 1012.985960 100.0 2591.5 2824.0 2926.50 3133.0
    eclipser 82800 19.0 2461.052632 196.678947 1977.0 2403.0 2446.0 2609.00 2706.0
    aflfast 82800 6.0 38.500000 4.929503 34.0 34.0 38.5 43.00 43.0
    aflsmart 82800 20.0 34.000000 0.000000 34.0 34.0 34.0 34.00 34.0
    fairfuzz 82800 16.0 37.375000 4.500000 34.0 34.0 34.0 43.00 43.0
    mopt 82800 14.0 36.214286 3.826599 34.0 34.0 34.0 37.00 43.0

    Vargha-Delaney A12 measure
    The table summarizes the A12 values from the pairwise Vargha-Delaney A measure of effect size. Green cells indicate the probability the fuzzer in the row will outperform the fuzzer in the column.
    Mann-Whitney U test
    The table summarizes the p values of pairwise Mann-Whitney U tests. Green cells indicate that the reached coverage distribution of a given fuzzer pair is significantly different.
  • Unique code coverage plots
    Ranking by unique code branches covered
    Each bar shows the total number of code branches found by a given fuzzer. The colored area shows the number of unique code branches (i.e., branches that were not covered by any other fuzzers).
    Pairwise unique code coverage
    Each cell represents the number of code branches covered by the fuzzer of the column but not by the fuzzer of the row

mbedtls_fuzz_dtlsclient summary

Ranking by median reached code coverage
Reached code coverage distribution
Mean code coverage growth over time
Mean code coverage growth over time
* The error bands show the 95% confidence interval around the mean code coverage.
error
The following fuzzers do not have enough samples: aflplusplus, fairfuzz.
  • Sample statistics and statistical significance (code coverage)
    Code coverage sample statistics
    count mean std min 25% median 75% max
    fuzzer time
    dgfuzz_e0d055 82800 18.0 3703.888889 201.840615 3142.0 3679.25 3750.0 3812.50 3942.0
    libafl 82800 17.0 3318.235294 399.724675 2714.0 2769.00 3481.0 3610.00 3811.0
    fairfuzz 82800 15.0 2849.466667 159.218119 2754.0 2779.00 2801.0 2807.50 3296.0
    aflplusplus 82800 15.0 2834.800000 226.357871 2720.0 2760.00 2768.0 2815.00 3644.0
    aflsmart 82800 20.0 2709.000000 26.942434 2665.0 2701.75 2705.5 2713.00 2792.0
    eclipser 82800 16.0 2726.562500 280.074030 2496.0 2674.00 2692.5 2715.00 3730.0
    mopt 82800 20.0 2685.000000 34.546688 2562.0 2672.50 2692.5 2701.25 2726.0
    centipede 82800 20.0 2646.050000 22.818448 2613.0 2625.50 2641.0 2668.50 2677.0
    aflfast 82800 20.0 2561.850000 115.700737 2312.0 2580.00 2611.0 2629.75 2658.0

    Vargha-Delaney A12 measure
    The table summarizes the A12 values from the pairwise Vargha-Delaney A measure of effect size. Green cells indicate the probability the fuzzer in the row will outperform the fuzzer in the column.
    Mann-Whitney U test
    The table summarizes the p values of pairwise Mann-Whitney U tests. Green cells indicate that the reached coverage distribution of a given fuzzer pair is significantly different.
  • Unique code coverage plots
    Ranking by unique code branches covered
    Each bar shows the total number of code branches found by a given fuzzer. The colored area shows the number of unique code branches (i.e., branches that were not covered by any other fuzzers).
    Pairwise unique code coverage
    Each cell represents the number of code branches covered by the fuzzer of the column but not by the fuzzer of the row

openthread_ot-ip6-send-fuzzer summary

Ranking by median reached code coverage
Reached code coverage distribution
Mean code coverage growth over time
Mean code coverage growth over time
* The error bands show the 95% confidence interval around the mean code coverage.
error
The following fuzzers do not have enough samples: aflplusplus.
  • Sample statistics and statistical significance (code coverage)
    Code coverage sample statistics
    count mean std min 25% median 75% max
    fuzzer time
    libafl 82800 16.0 3608.250000 237.543400 3044.0 3547.50 3564.5 3637.00 4049.0
    dgfuzz_e0d055 82800 19.0 3567.842105 261.796839 3002.0 3460.50 3528.0 3753.50 3952.0
    aflplusplus 82800 10.0 3192.900000 199.809048 3059.0 3064.50 3074.0 3367.50 3495.0
    eclipser 82800 16.0 2984.937500 66.946216 2895.0 2918.25 2999.5 3036.75 3073.0
    mopt 82800 20.0 2889.450000 41.043590 2826.0 2832.75 2912.5 2916.00 2936.0
    aflsmart 82800 20.0 2896.650000 46.006035 2828.0 2886.25 2907.0 2912.25 3025.0
    aflfast 82800 20.0 2888.250000 43.931616 2810.0 2865.75 2906.0 2911.75 2974.0
    centipede 82800 20.0 2842.250000 60.918302 2742.0 2786.50 2868.0 2887.00 2956.0
    fairfuzz 82800 19.0 2779.105263 65.278799 2676.0 2745.50 2764.0 2801.50 2912.0

    Vargha-Delaney A12 measure
    The table summarizes the A12 values from the pairwise Vargha-Delaney A measure of effect size. Green cells indicate the probability the fuzzer in the row will outperform the fuzzer in the column.
    Mann-Whitney U test
    The table summarizes the p values of pairwise Mann-Whitney U tests. Green cells indicate that the reached coverage distribution of a given fuzzer pair is significantly different.
  • Unique code coverage plots
    Ranking by unique code branches covered
    Each bar shows the total number of code branches found by a given fuzzer. The colored area shows the number of unique code branches (i.e., branches that were not covered by any other fuzzers).
    Pairwise unique code coverage
    Each cell represents the number of code branches covered by the fuzzer of the column but not by the fuzzer of the row

stb_stbi_read_fuzzer summary

Ranking by median reached code coverage
Reached code coverage distribution
Mean code coverage growth over time
Mean code coverage growth over time
* The error bands show the 95% confidence interval around the mean code coverage.
  • Sample statistics and statistical significance (code coverage)
    Code coverage sample statistics
    count mean std min 25% median 75% max
    fuzzer time
    aflplusplus 82800 17.0 2174.176471 47.454235 2107.0 2116.00 2207.0 2211.00 2215.0
    dgfuzz_e0d055 82800 19.0 2218.684211 41.502413 2190.0 2194.50 2199.0 2212.50 2301.0
    honggfuzz 82800 20.0 2127.500000 30.768234 2111.0 2113.00 2115.5 2118.25 2199.0
    eclipser 82800 19.0 2102.210526 10.141110 2081.0 2099.50 2106.0 2108.00 2115.0
    libfuzzer 82800 20.0 2042.750000 46.827652 1985.0 2002.25 2031.5 2084.75 2118.0
    aflsmart 82800 20.0 2025.700000 45.962342 1941.0 2000.50 2007.5 2083.75 2093.0
    afl 82800 20.0 2010.300000 38.377762 1975.0 1986.00 2004.0 2006.25 2105.0
    fairfuzz 82800 16.0 1999.312500 43.870596 1942.0 1976.50 1993.5 1999.00 2084.0
    mopt 82800 20.0 1997.000000 28.771331 1963.0 1980.75 1992.0 2004.00 2072.0
    aflfast 82800 19.0 1987.578947 15.568186 1961.0 1978.00 1989.0 2002.50 2008.0
    centipede 82800 20.0 1961.850000 7.768187 1953.0 1956.00 1960.0 1963.25 1985.0

    Vargha-Delaney A12 measure
    The table summarizes the A12 values from the pairwise Vargha-Delaney A measure of effect size. Green cells indicate the probability the fuzzer in the row will outperform the fuzzer in the column.
    Mann-Whitney U test
    The table summarizes the p values of pairwise Mann-Whitney U tests. Green cells indicate that the reached coverage distribution of a given fuzzer pair is significantly different.
  • Unique code coverage plots
    Ranking by unique code branches covered
    Each bar shows the total number of code branches found by a given fuzzer. The colored area shows the number of unique code branches (i.e., branches that were not covered by any other fuzzers).
    Pairwise unique code coverage
    Each cell represents the number of code branches covered by the fuzzer of the column but not by the fuzzer of the row

vorbis_decode_fuzzer summary

Ranking by median reached code coverage
Reached code coverage distribution
Mean code coverage growth over time
Mean code coverage growth over time
* The error bands show the 95% confidence interval around the mean code coverage.
error
The following fuzzers do not have enough samples: aflplusplus, eclipser.
  • Sample statistics and statistical significance (code coverage)
    Code coverage sample statistics
    count mean std min 25% median 75% max
    fuzzer time
    aflplusplus 82800 15.0 1263.133333 2.799660 1259.0 1260.50 1264.0 1265.00 1268.0
    dgfuzz_e0d055 82800 18.0 1263.555556 3.584644 1254.0 1262.00 1264.0 1266.00 1269.0
    mopt 82800 20.0 1250.400000 9.626717 1218.0 1252.00 1253.0 1254.00 1256.0
    aflsmart 82800 20.0 1244.100000 19.558011 1199.0 1247.00 1251.5 1254.00 1259.0
    aflfast 82800 20.0 1245.400000 19.491969 1183.0 1246.75 1251.0 1253.75 1258.0
    libafl 82800 17.0 1251.470588 3.659195 1245.0 1249.00 1250.0 1255.00 1259.0
    eclipser 82800 15.0 1248.133333 5.514483 1236.0 1245.00 1248.0 1252.50 1255.0
    fairfuzz 82800 18.0 1228.111111 28.060625 1175.0 1208.25 1238.0 1250.75 1257.0
    centipede 82800 20.0 1146.000000 17.161769 1117.0 1134.00 1142.5 1159.00 1177.0

    Vargha-Delaney A12 measure
    The table summarizes the A12 values from the pairwise Vargha-Delaney A measure of effect size. Green cells indicate the probability the fuzzer in the row will outperform the fuzzer in the column.
    Mann-Whitney U test
    The table summarizes the p values of pairwise Mann-Whitney U tests. Green cells indicate that the reached coverage distribution of a given fuzzer pair is significantly different.
  • Unique code coverage plots
    Ranking by unique code branches covered
    Each bar shows the total number of code branches found by a given fuzzer. The colored area shows the number of unique code branches (i.e., branches that were not covered by any other fuzzers).
    Pairwise unique code coverage
    Each cell represents the number of code branches covered by the fuzzer of the column but not by the fuzzer of the row

experiment data

You can download the raw data for this report here.

Check out the documentation on how to create customized reports using this data. Also see some example Colab notebooks for doing custom analysis on the data here.

Experiment Description:

(None,)