Towards Correct and Efficient Persistent Fuzzing: Dynamic Coverage Removal and State Management

Abstract

Coverage-guided fuzzing is a powerful technique for automatically discovering software bugs and security vulnerabilities. This work improves the efficiency and correctness of coverage-guided fuzzers by introducing dynamic removal of redundant coverage instrumentation and implementing a state-managed version of persistent mode. Traditional coverage instrumentation remains active even after code regions have been thoroughly explored, resulting in unnecessary runtime overhead. Meanwhile, persistent fuzzing—used to accelerate input execution by looping the target program in memory—can suffer from state contamination between test cases. To address these challenges, this system dynamically disables coverage tracking for already-covered paths and uses compiler-inserted instrumentation to restore global variables, heap allocations, and file state at the start of each iteration. The result is a fast, self-contained fuzzing framework that improves execution throughput and test isolation, without requiring OS-level support or recompilation.