English
Related papers

Related papers: HOPPER: Interpretative Fuzzing for Libraries

200 papers

Crafting high-quality fuzz drivers not only is time-consuming but also requires a deep understanding of the library. However, the state-of-the-art automatic fuzz driver generation techniques fall short of expectations. While fuzz drivers…

Cryptography and Security · Computer Science 2024-05-30 Yunlong Lyu , Yuxuan Xie , Peng Chen , Hao Chen

Fuzz testing of software libraries relies on fuzz drivers to invoke library APIs. Traditionally, these drivers are written manually by developers - a process that is time-consuming and often inadequate for exercising complex program…

Software Engineering · Computer Science 2026-04-21 Xingyu Liu , Zengqin Huang , Xiang Gao , Hailong Sun

Robustness is a key concern for Rust library development because Rust promises no risks of undefined behaviors if developers use safe APIs only. Fuzzing is a practical approach for examining the robustness of programs. However, existing…

Software Engineering · Computer Science 2021-10-25 Jianfeng Jiang , Hui Xu , Yangfan Zhou

Fuzzing a library requires experts to understand the library usage well and craft high-quality fuzz drivers, which is tricky and tedious. Therefore, many techniques have been proposed to automatically generate fuzz drivers. However, they…

Software Engineering · Computer Science 2025-07-25 Yan Li , Wenzhang Yang , Yuekun Wang , Jian Gao , Shaohua Wang , Yinxing Xue , Lijun Zhang

Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security…

Cryptography and Security · Computer Science 2023-07-04 Chaitanya Rahalkar

Many modern software systems are enabled by deep learning libraries such as TensorFlow and PyTorch. As deep learning is now prevalent, the security of deep learning libraries is a key concern. Fuzzing deep learning libraries presents two…

Deep learning (DL) libraries, widely used in AI applications, often contain vulnerabilities like buffer overflows and use-after-free errors. Traditional fuzzing struggles with the complexity and API diversity of DL libraries such as…

Software Engineering · Computer Science 2025-01-09 Kunpeng Zhang , Shuai Wang , Jitao Han , Xiaogang Zhu , Xian Li , Shaohua Wang , Sheng Wen

Fuzzing is a popular bug detection technique achieved by testing software executables with random inputs. This technique can also be extended to libraries by constructing executables that call library APIs, known as fuzz drivers. Automated…

Software Engineering · Computer Science 2023-12-20 Yehong Zhang , Jun Wu , Hui Xu

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise…

Software Engineering · Computer Science 2026-01-21 Chi Thien Tran

Library fuzzing is essential for hardening the software supply chain, but adopting it at scale remains expensive. Practitioners still spend substantial effort on environment setup, struggle to generate harnesses that respect intricate API…

Software Engineering · Computer Science 2026-05-15 Yunlong Lyu , Peng Chen , Fengyi Wu , Junzhe Yu , Kit Long Hon , Hao Chen

Fuzzing is one of the key techniques for evaluating the robustness of programs against attacks. Fuzzing has to be effective in producing inputs that cover functionality and find vulnerabilities. But it also has to be efficient in producing…

Software Engineering · Computer Science 2019-11-19 Rahul Gopinath , Andreas Zeller

Coverage-guided fuzzing has proven effective for software testing, but targeting library code requires specialized fuzz harnesses that translate fuzzer-generated inputs into valid API invocations. Manual harness creation is time-consuming…

Software Engineering · Computer Science 2026-03-10 Nils Loose , Nico Winkel , Kristoffer Hempel , Felix Mächtle , Julian Hans , Thomas Eisenbarth

RESTful APIs are a type of web services that are widely used in industry. In the last few years, a lot of effort in the research community has been spent in designing novel techniques to automatically fuzz those APIs to find faults in them.…

Software Engineering · Computer Science 2022-07-11 Man Zhang , Andrea Arcuri

Fuzzing has proven to be very effective for discovering certain classes of software flaws, but less effective in helping developers process these discoveries. Conventional crash-based fuzzers lack enough information about failures to…

Cryptography and Security · Computer Science 2024-11-04 Allison Naaktgeboren , Sean Noble Anderson , Andrew Tolmach , Greg Sullivan

In recent years, REST API fuzzing has emerged to explore errors on a cloud service. Its performance highly depends on the sequence construction and request generation. However, existing REST API fuzzers have trouble generating long…

Cryptography and Security · Computer Science 2023-03-07 Chenyang Lyu , Jiacheng Xu , Shouling Ji , Xuhong Zhang , Qinying Wang , Binbin Zhao , Gaoning Pan , Wei Cao , Raheem Beyah

Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar…

Artificial Intelligence · Computer Science 2017-01-26 Patrice Godefroid , Hila Peleg , Rishabh Singh

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test.…

Software Engineering · Computer Science 2026-02-24 Harrison Green , Fraser Brown , Claire Le Goues

PHP, a dominant scripting language in web development, powers a vast range of websites, from personal blogs to major platforms. While existing research primarily focuses on PHP application-level security issues like code injection, memory…

Cryptography and Security · Computer Science 2025-02-05 Yuancheng Jiang , Chuqi Zhang , Bonan Ruan , Jiahao Liu , Manuel Rigger , Roland Yap , Zhenkai Liang

We propose a tool, called FuzzingDriver, to generate dictionary tokens for coverage-based greybox fuzzers (CGF) from the codebase of any target program. FuzzingDriver does not add any overhead to the fuzzing job as it is run beforehand. We…

Cryptography and Security · Computer Science 2022-01-14 Arash Ale Ebrahim , Mohammadreza Hazhirpasand , Oscar Nierstrasz , Mohammad Ghafari

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the…

Cryptography and Security · Computer Science 2023-03-14 Marcello Maugeri , Cristian Daniele , Giampaolo Bella , Erik Poll
‹ Prev 1 2 3 10 Next ›