DynamiQ: Unlocking the Potential of Dynamic Task Allocation in Parallel Fuzzing
Wenqi Yan, Toby Murray, Benjamin I. P. Rubinstein, Van-Thuan Pham
TL;DR
This work addresses the inefficiency of traditional parallel fuzzing caused by task conflicts when seeds are treated as individual units. It introduces DynamiQ, a LibAFL-based framework that uses dynamic call-graph partitioning guided by entropy-weighted function scoring to create coherent tasks, combined with selective instrumentation and bounded context to minimize redundant exploration. The approach achieves substantial improvements in code coverage (up to $26.22\%$) and vulnerability discovery, including 9 previously unknown bugs across 12 real-world targets, validating the efficacy of dynamic, structure-aware partitioning at scale. The work provides a practical reproducibility package and demonstrates significant impact for real-world software security testing, with potential for further enhancements via directed fuzzing and adaptive repartitioning.
Abstract
We present DynamiQ, a full-fledged and optimized successor to AFLTeam that supports dynamic and adaptive parallel fuzzing. Unlike most existing approaches that treat individual seeds as tasks, DynamiQ leverages structural information from the program's call graph to define tasks and continuously refines task allocation using runtime feedback. This design significantly reduces redundant exploration and enhances fuzzing efficiency at scale. Built on top of the state-of-the-art LibAFL framework, DynamiQ incorporates several practical optimizations in both task allocation and task-aware fuzzing. Evaluated on 12 real-world targets from OSS-Fuzz and FuzzBench over 25,000 CPU hours, DynamiQ outperforms state-of-the-art parallel fuzzers in both code coverage and vulnerability discovery, uncovering 9 previously unknown bugs in widely used and extensively fuzzed open-source software.