English
Related papers

Related papers: Montage: A Neural Network Language Model-Guided Ja…

200 papers

Traditional database fuzzing techniques primarily focus on syntactic correctness and general SQL structures, leaving critical yet obscure DBMS features, such as system-level modes (e.g., GTID), programmatic constructs (e.g., PROCEDURE),…

Databases · Computer Science 2026-03-24 Yongxin Chen , Zhiyuan Jiang , Chao Zhang , Haoran Xu , Shenglin Xu , Jianping Tang , Zheming Li , Peidai Xie , Yongjun Wang

Jailbreak vulnerabilities in Large Language Models (LLMs), which exploit meticulously crafted prompts to elicit content that violates service guidelines, have captured the attention of research communities. While model owners can defend…

Cryptography and Security · Computer Science 2024-04-16 Dongyu Yao , Jianshu Zhang , Ian G. Harris , Marcel Carlsson

Fuzzing has achieved tremendous success in discovering bugs and vulnerabilities in various software systems. Systems under test (SUTs) that take in programming or formal language as inputs, e.g., compilers, runtime engines, constraint…

Software Engineering · Computer Science 2024-12-11 Chunqiu Steven Xia , Matteo Paltenghi , Jia Le Tian , Michael Pradel , Lingming Zhang

Fuzzing is an important dynamic program analysis technique designed for finding vulnerabilities in complex software. Fuzzing involves presenting a target program with crafted malicious input to cause crashes, buffer overflows, memory…

Software vulnerabilities are constantly being reported and exploited in software products, causing significant impacts on society. In recent years, the main approach to vulnerability detection, fuzzing, has been integrated into the…

Software Engineering · Computer Science 2025-10-21 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Yasutaka Kamei , Hajimu Iida

Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar…

Artificial Intelligence · Computer Science 2017-01-26 Patrice Godefroid , Hila Peleg , Rishabh Singh

In recent years, JavaScript has become the most widely used programming language, especially in web development. However, writing secure JavaScript code is not trivial, and programmers often make mistakes that lead to security…

Cryptography and Security · Computer Science 2024-03-21 Tan Khang Le , Saba Alimadadi , Steven Y. Ko

Deep Learning (DL) library bugs affect downstream DL applications, emphasizing the need for reliable systems. Generating valid input programs for fuzzing DL libraries is challenging due to the need for satisfying both language…

Software Engineering · Computer Science 2023-04-05 Yinlin Deng , Chunqiu Steven Xia , Chenyuan Yang , Shizhuo Dylan Zhang , Shujing Yang , Lingming Zhang

Program analysis tools often produce large volumes of candidate vulnerability reports that require costly manual review, creating a practical challenge: how can security analysts prioritize the reports most likely to be true…

Cryptography and Security · Computer Science 2025-10-24 Ronghao Ni , Aidan Z. H. Yang , Min-Chien Hsu , Nuno Sabino , Limin Jia , Ruben Martins , Darion Cassel , Kevin Cheang

The rapid development of large language models (LLMs) has revolutionized software testing, particularly fuzz testing, by automating the generation of diverse and effective test inputs. This advancement holds great promise for improving…

Software Engineering · Computer Science 2025-10-14 Linghan Huang , Peizhou Zhao , Huaming Chen

Large Language Models (LLMs) have evolved from simple chatbots into sophisticated agents capable of automating complex real-world tasks, where browsing and reasoning over live web content is key to assessing retrieval and cognitive skills.…

Artificial Intelligence · Computer Science 2025-12-19 Yumeng Wang , Tianyu Fan , Lingrui Xu , Chao Huang

JavaScript obfuscators are widely deployed to protect intellectual property and resist reverse engineering, yet their correctness has been largely overlooked compared to performance and resilience. Existing evaluations typically measure…

Software Engineering · Computer Science 2026-03-03 Shan Jiang , Chenguang Zhu , Sarfraz Khurshid

Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across…

Cryptography and Security · Computer Science 2026-05-12 Junyoung Park , Insu Yun

Vulnerability detection is crucial for maintaining software security, and recent research has explored the use of Language Models (LMs) for this task. While LMs have shown promising results, their performance has been inconsistent across…

Cryptography and Security · Computer Science 2024-12-24 Syafiq Al Atiiq , Christian Gehrmann , Kevin Dahlén

Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security…

Cryptography and Security · Computer Science 2023-07-04 Chaitanya Rahalkar

JavaScript engines are widely used in web browsers, PDF readers, and server-side applications. The rise in concern over their security has led to the development of several targeted fuzzing techniques. However, existing approaches use…

Artificial Intelligence · Computer Science 2025-11-17 Myles Foley , Sergio Maffeis , Muhammad Fakhrur Rozi , Takeshi Takahashi

Mutation-based fuzzing is effective for uncovering compiler bugs, but designing high-quality mutators for modern languages with complex constructs (e.g., templates, macros) remains challenging. Existing methods rely heavily on manual design…

Software Engineering · Computer Science 2026-02-09 Bo Wang , Pengyang Wang , Chong Chen , Ming Deng , Jieke Shi , Qi Sun , Chengran Yang , Youfang Lin , Zhou Yang , Junjie Chen , Jun Sun , David Lo

Generation-based fuzzing is a software testing approach which is able to discover different types of bugs and vulnerabilities in software. It is, however, known to be very time consuming to design and fine tune classical fuzzers to achieve…

Cryptography and Security · Computer Science 2019-01-25 Martin Sablotny , Bjørn Sand Jensen , Chris W. Johnson

Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this…

Cryptography and Security · Computer Science 2020-10-26 Xiaogang Zhu , Shigang Liu , Xian Li , Sheng Wen , Jun Zhang , Camtepe Seyit , Yang Xiang

Deep learning (DL) libraries, widely used in AI applications, often contain vulnerabilities like buffer overflows and use-after-free errors. Traditional fuzzing struggles with the complexity and API diversity of DL libraries such as…

Software Engineering · Computer Science 2025-01-09 Kunpeng Zhang , Shuai Wang , Jitao Han , Xiaogang Zhu , Xian Li , Shaohua Wang , Sheng Wen