English
Related papers

Related papers: HOPPER: Interpretative Fuzzing for Libraries

200 papers

Generating valid test inputs for a program is much easier if one knows the input language. We present first successes for a technique that, given a program P without any input samples or models, learns an input grammar that represents the…

Software Engineering · Computer Science 2018-10-22 Rahul Gopinath , Björn Mathis , Mathias Höschele , Alexander Kampmann , Andreas Zeller

Recently, many Deep Learning fuzzers have been proposed for testing of DL libraries. However, they either perform unguided input generation (e.g., not considering the relationship between API arguments when generating inputs) or only…

Cryptography and Security · Computer Science 2023-12-27 Nima Shiri Harzevili , Mohammad Mahdi Mohajer , Moshi Wei , Hung Viet Pham , Song Wang

There are around 5.3 billion Internet users, amounting to 65.7% of the global population, and web technology is the backbone of the services delivered via the Internet. To ensure web applications are free from security-related bugs, web…

Software Engineering · Computer Science 2025-07-23 I Putu Arya Dharmaadi , Elias Athanasopoulos , Fatih Turkmen

Fuzzing is a promising technique for detecting security vulnerabilities. Newly developed fuzzers are typically evaluated in terms of the number of bugs found on vulnerable programs/binaries. However,existing corpora usually do not capture…

Software Engineering · Computer Science 2019-05-07 Xiaogang Zhu , Xiaotao Feng , Tengyun Jiao , Sheng Wen , Yang Xiang , Seyit Camtepe , Jingling Xue

Recent research has shown that hardware fuzzers can effectively detect security vulnerabilities in modern processors. However, existing hardware fuzzers do not fuzz well the hard-to-reach design spaces. Consequently, these fuzzers cannot…

Cryptography and Security · Computer Science 2023-06-27 Chen Chen , Rahul Kande , Nathan Nguyen , Flemming Andersen , Aakash Tyagi , Ahmad-Reza Sadeghi , Jeyavijayan Rajendran

Deep Learning (DL) library bugs affect downstream DL applications, emphasizing the need for reliable systems. Generating valid input programs for fuzzing DL libraries is challenging due to the need for satisfying both language…

Software Engineering · Computer Science 2023-04-05 Yinlin Deng , Chunqiu Steven Xia , Chenyuan Yang , Shizhuo Dylan Zhang , Shujing Yang , Lingming Zhang

As applications grow in capability, they also grow in complexity. This complexity in turn gets pushed into modules and libraries. In addition, hardware configurations become increasingly elaborate, too. These two trends make understanding,…

Software Engineering · Computer Science 2018-03-21 Ronny Brendel , Bert Wesarg , Ronny Tschüter , Matthias Weber , Thomas Ilsche , Sebastian Oeste

Testing a program's capability to effectively handling errors is a significant challenge, given that program errors are relatively uncommon. To solve this, Software Fault Injection (SFI)-based fuzzing integrates SFI and traditional fuzzing,…

Cryptography and Security · Computer Science 2024-07-08 Jin Wei , Ping Chen , Jun Dai , Xiaoyan Sun , Zhihao Zhang , Chang Xu , Yi Wanga

Fuzzing is a technique widely used in vulnerability detection. The process usually involves writing effective fuzz driver programs, which, when done manually, can be extremely labor intensive. Previous attempts at automation leave much to…

Software Engineering · Computer Science 2021-03-02 Mingrui Zhang , Jianzhong Liu , Fuchen Ma , Huafeng Zhang , Yu Jiang

Due to their widespread use in industry, several techniques have been proposed in the literature to fuzz REST APIs. Existing fuzzers for REST APIs have been focusing on detecting crashes (e.g., 500 HTTP server error status code). However,…

Software Engineering · Computer Science 2026-04-02 Omur Sahin , Man Zhang , Andrea Arcuri

Fuzzing has emerged as a powerful technique for finding security bugs in complicated real-world applications. American fuzzy lop (AFL), a leading fuzzing tool, has demonstrated its powerful bug finding ability through a vast number of…

Cryptography and Security · Computer Science 2023-07-06 Tai D. Nguyen , Long H. Pham , Jun Sun

Network-facing applications are commonly exposed to all kinds of attacks, especially when connected to the internet. As a result, web servers like Nginx or client applications such as curl make every effort to secure and harden their code…

Cryptography and Security · Computer Science 2024-09-04 Nils Bars , Moritz Schloegel , Nico Schiller , Lukas Bernhard , Thorsten Holz

Vulnerable software represents a tremendous threat to modern information systems. Vulnerabilities in widespread applications may be used to spread malware, steal money and conduct target attacks. To address this problem, developers and…

Cryptography and Security · Computer Science 2018-07-06 Maksim Shudrak , Vyacheslav Zolotarev

A growing body of research has been dedicated to DL model testing. However, there is still limited work on testing DL libraries, which serve as the foundations for building, training, and running DL models. Prior work on fuzzing DL…

Software Engineering · Computer Science 2022-07-13 Yinlin Deng , Chenyuan Yang , Anjiang Wei , Lingming Zhang

WebAssembly binaries are often compiled from memory-unsafe languages, such as C and C++. Because of WebAssembly's linear memory and missing protection features, e.g., stack canaries, source-level memory vulnerabilities are exploitable in…

Cryptography and Security · Computer Science 2021-11-01 Daniel Lehmann , Martin Toldam Torp , Michael Pradel

Modern extensible compiler frameworks-such as MLIR-enable rapid creation of domain-specific language dialects. This flexibility, however, makes correctness harder to ensure as the same extensibility that accelerates development also…

Software Engineering · Computer Science 2025-12-08 Sairam Vaidya , Marcel Böhme , Loris D'Antoni

Fuzzing REST APIs is an important research problem, with practical applications and impact in industry. As such, a lot of research work has been carried out on this topic in the last few years. However, there are three major issues that…

Software Engineering · Computer Science 2025-09-03 Omur Sahin , Man Zhang , Andrea Arcuri

This paper presents a coverage-guided grammar-based fuzzing technique for automatically generating a corpus of concise test inputs for programs such as compilers. We walk-through a case study of a compiler designed for education and the…

Software Engineering · Computer Science 2021-03-09 Vasudev Vikram , Rohan Padhye , Koushik Sen

Fuzzing is a highly effective automated testing method for uncovering software vulnerabilities. Despite advances in fuzzing techniques, such as coverage-guided greybox fuzzing, many fuzzers struggle with coverage plateaus caused by fuzz…

Software Engineering · Computer Science 2025-10-07 Wentao Gao , Renata Borovica-Gajic , Sang Kil Cha , Tian Qiu , Van-Thuan Pham

Fuzzing is an effective bug-finding technique but it struggles with complex systems like JavaScript engines that demand precise grammatical input. Recently, researchers have adopted language models for context-aware mutation in fuzzing to…

Cryptography and Security · Computer Science 2024-02-20 Jueon Eom , Seyeon Jeong , Taekyoung Kwon