Casr-Cluster: Crash Clustering for Linux Applications

Abstract: Crash report analysis is a necessary step before developers begin fixing errors. Fuzzing or hybrid (with dynamic symbolic execution) fuzzing is often used in the secure development lifecycle. Modern fuzzers could produce many crashes and developers do not have enough time to fix them till release date. There are two approaches that could reduce developers' effort on crash analysis: crash clustering and crash severity estimation. Crash severity estimation could help developers to prioritize crashes and close security issues first. Crash clustering puts similar crash reports in one cluster what could speed up the analyzing time for all crash reports. In this paper, we focus on crash clustering. We propose an approach for clustering and deduplicating of crashes that occurred in Linux applications. We implement this approach as a tool that could cluster Casr~\cite{fedotov2020casr} crash reports. We evaluated our tool on a set of crash reports that was collected from fuzzing results.