English
Related papers

Related papers: Corpus Distillation for Effective Fuzzing: A Compa…

200 papers

Program analysis and automated testing have recently become an essential part of SSDLC. Directed greybox fuzzing is one of the most popular automated testing methods that focuses on error detection in predefined code regions. However, it…

Cryptography and Security · Computer Science 2026-02-02 Darya Parygina , Timofey Mezhuev , Daniil Kuts

Modern computing systems heavily rely on hardware as the root of trust. However, their increasing complexity has given rise to security-critical vulnerabilities that cross-layer at-tacks can exploit. Traditional hardware vulnerability…

Software Engineering · Computer Science 2024-04-11 Mohamadreza Rostami , Marco Chilese , Shaza Zeitouni , Rahul Kande , Jeyavijayan Rajendran , Ahmad-Reza Sadeghi

In this work, we set out to conduct the first ground-truth empirical evaluation of state-of-the-art DL fuzzers. Specifically, we first manually created an extensive DL bug benchmark dataset, which includes 627 real-world DL bugs from…

Software Engineering · Computer Science 2023-10-12 Nima Shiri Harzevili , Hung Viet Pham , Song Wang

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

The power of fuzz testing lies in its random, often brute-force, generation and execution of inputs to trigger unexpected behaviors and vulnerabilities in software applications. However, given the reality of infinite possible input…

Software Engineering · Computer Science 2024-04-10 Chris Vaisnor

The Operating System (OS) kernel is foundational in modern computing, especially with the proliferation of diverse computing devices. However, its development also comes with vulnerabilities that can lead to severe security breaches. Kernel…

Cryptography and Security · Computer Science 2025-12-05 Jiacheng Xu , He Sun , Shihao Jiang , Qinying Wang , Mingming Zhang , Xiang Li , Kaiwen Shen , Peng Cheng , Jiming Chen , Charles Zhang , Shouling Ji

Deep Learning (DL) library bugs affect downstream DL applications, emphasizing the need for reliable systems. Generating valid input programs for fuzzing DL libraries is challenging due to the need for satisfying both language…

Software Engineering · Computer Science 2023-04-05 Yinlin Deng , Chunqiu Steven Xia , Chenyuan Yang , Shizhuo Dylan Zhang , Shujing Yang , Lingming Zhang

Modern compilers, such as LLVM, are complex pieces of software. Due to their complexity, manual testing is unlikely to suffice, yet formal verification is difficult to scale. End-to-end fuzzing can be used, but it has difficulties in…

Software Engineering · Computer Science 2025-07-15 Yuyang Rong , Zhanghan Yu , Zhenkai Weng , Stephen Neuendorffer , Hao Chen

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test.…

Software Engineering · Computer Science 2026-02-24 Harrison Green , Fraser Brown , Claire Le Goues

As the complexity of modern processors has increased over the years, developing effective verification strategies to identify bugs prior to manufacturing has become critical. Undiscovered micro-architectural bugs in processors can manifest…

WebAssembly binaries are often compiled from memory-unsafe languages, such as C and C++. Because of WebAssembly's linear memory and missing protection features, e.g., stack canaries, source-level memory vulnerabilities are exploitable in…

Cryptography and Security · Computer Science 2021-11-01 Daniel Lehmann , Martin Toldam Torp , Michael Pradel

Deep Learning (DL) libraries such as PyTorch provide the core components to build major AI-enabled applications. Finding bugs in these libraries is important and challenging. Prior approaches have tackled this by performing either API-level…

Software Engineering · Computer Science 2025-09-19 Feiran Qin , M. M. Abid Naziri , Hengyu Ai , Saikat Dutta , Marcelo d'Amorim

Fuzzing is one of the most effective approaches to finding software flaws. However, applying it to microcontroller firmware incurs many challenges. For example, rehosting-based solutions cannot accurately model peripheral behaviors and thus…

Cryptography and Security · Computer Science 2022-04-20 Wenqiang Li , Jiameng Shi , Fengjun Li , Jingqiang Lin , Wei Wang , Le Guan

Fuzzing is a highly effective automated testing method for uncovering software vulnerabilities. Despite advances in fuzzing techniques, such as coverage-guided greybox fuzzing, many fuzzers struggle with coverage plateaus caused by fuzz…

Software Engineering · Computer Science 2025-10-07 Wentao Gao , Renata Borovica-Gajic , Sang Kil Cha , Tian Qiu , Van-Thuan Pham

Grey-box fuzzers such as American Fuzzy Lop (AFL) are popular tools for finding bugs and potential vulnerabilities in programs. While these fuzzers have been able to find vulnerabilities in many widely used programs, they are not efficient;…

Artificial Intelligence · Computer Science 2018-11-26 Siddharth Karamcheti , Gideon Mann , David Rosenberg

Firmware fuzzing has gained attention for identifying firmware bugs. However, current approaches often directly integrate fuzzing tools for general software. General software receives input as it encounters I/O functions, but firmware input…

Cryptography and Security · Computer Science 2026-05-19 Shandian Shen , Wei Zhou , Keming Zhao , Peng Liu , Chung Hwan Kim , Le Guan

Starting with a random initial seed, fuzzers search for inputs that trigger bugs or vulnerabilities. However, fuzzers often fail to generate inputs for program paths guarded by restrictive branch conditions. In this paper, we show that by…

Software Engineering · Computer Science 2022-12-20 Seemanta Saha , Laboni Sarker , Md Shafiuzzaman , Chaofan Shou , Albert Li , Ganesh Sankaran , Tevfik Bultan

Fuzzing has been studied and applied ever since the 1990s. Automated and continuous fuzzing has recently been applied also to open source software projects, including the Linux and BSD kernels. This paper concentrates on the practical…

Software Engineering · Computer Science 2020-02-26 Jukka Ruohonen , Kalle Rindell

Fuzzing is a popular bug detection technique achieved by testing software executables with random inputs. This technique can also be extended to libraries by constructing executables that call library APIs, known as fuzz drivers. Automated…

Software Engineering · Computer Science 2023-12-20 Yehong Zhang , Jun Wu , Hui Xu

Mutation-based fuzzing has become one of the most common vulnerability discovery solutions over the last decade. Fuzzing can be optimized when targeting specific programs, and given that, some studies have employed online optimization…

Cryptography and Security · Computer Science 2023-03-13 Yuki Koike , Hiroyuki Katsura , Hiromu Yakura , Yuma Kurogome