English
Related papers

Related papers: UBfuzz: Finding Bugs in Sanitizer Implementations

200 papers

The SZZ algorithm for identifying bug-inducing changes has been widely used to evaluate defect prediction techniques and to empirically investigate when, how, and by whom bugs are introduced. Over the years, researchers have proposed…

Software Engineering · Computer Science 2021-02-10 Giovanni Rosa , Luca Pascarella , Simone Scalabrino , Rosalia Tufano , Gabriele Bavota , Michele Lanza , Rocco Oliveto

Fuzzing is a powerful software testing technique renowned for its effectiveness in identifying software vulnerabilities. Traditional fuzzing evaluations typically focus on overall fuzzer performance across a set of target programs, yet few…

Software Engineering · Computer Science 2025-06-19 Miao Miao

Fuzzing has proven to be very effective for discovering certain classes of software flaws, but less effective in helping developers process these discoveries. Conventional crash-based fuzzers lack enough information about failures to…

Cryptography and Security · Computer Science 2024-11-04 Allison Naaktgeboren , Sean Noble Anderson , Andrew Tolmach , Greg Sullivan

Existing LLM-based compiler fuzzers often produce syntactically or semantically invalid test programs, limiting their effectiveness in exercising compiler optimizations and backend components. We introduce ReFuzzer, a framework for refining…

Software Engineering · Computer Science 2025-09-02 Iti Shree , Karine Even-Mendoza , Tomasz Radzik

While CUDA has become a major parallel computing platform and programming model for general-purpose GPU computing, CUDA-induced bug patterns have not yet been well explored. In this paper, we conduct the first empirical study to reveal…

Software Engineering · Computer Science 2019-05-30 Mingyuan Wu , Husheng Zhou , Lingming Zhang , Cong Liu , Yuqun Zhang

Static analysis is one of the most widely adopted techniques to find software bugs before code is put in production. Designing and implementing effective and efficient static analyses is difficult and requires high expertise, which results…

Software Engineering · Computer Science 2019-06-04 Andrew Habib , Michael Pradel

Critical open source software systems undergo significant validation in the form of lengthy fuzz campaigns. The fuzz campaigns typically conduct a biased random search over the domain of program inputs, to find inputs which crash the…

Cryptography and Security · Computer Science 2024-11-22 Yuntong Zhang , Jiawei Wang , Dominic Berzin , Martin Mirchev , Dongge Liu , Abhishek Arya , Oliver Chang , Abhik Roychoudhury

Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs,…

Software Engineering · Computer Science 2020-09-14 Dongdong She , Rahul Krishna , Lu Yan , Suman Jana , Baishakhi Ray

Bounded model checking (BMC) and fuzzing techniques are among the most effective methods for detecting errors and security vulnerabilities in software. However, there are still shortcomings in detecting these errors due to the inability of…

Software Engineering · Computer Science 2024-04-19 Kaled M. Alshmrany , Mohannad Aldughaim , Ahmed Bhayat , Lucas C. Cordeiro

Zero-knowledge virtual machines (zkVMs) are increasingly deployed in decentralized applications and blockchain rollups since they enable verifiable off-chain computation. These VMs execute general-purpose programs, frequently written in…

Software Engineering · Computer Science 2025-09-16 Christoph Hochrainer , Valentin Wüstholz , Maria Christakis

Online social networks have become an integral aspect of our daily lives and play a crucial role in shaping our relationships with others. However, bugs and glitches, even minor ones, can cause anything from frustrating problems to serious…

Software Engineering · Computer Science 2024-07-08 Francisco Zanartu , Christoph Treude , Markus Wagner

As researchers, we already understand how to make testing more effective and efficient at finding bugs. However, as fuzzing (i.e., automated testing) becomes more widely adopted in practice, practitioners are asking: Which assurances does a…

Software Engineering · Computer Science 2018-12-18 Marcel Böhme

Fuzz Testing is a largely automated testing technique that provides random and unexpected input to a program in attempt to trigger failure conditions. Much of the research conducted thus far into Fuzz Testing has focused on developing…

Software Engineering · Computer Science 2019-07-30 Matthew Kelly , Christoph Treude , Alex Murray

Ensuring the reliability of the Rust compiler is of paramount importance, given increasing adoption of Rust for critical systems development, due to its emphasis on memory and thread safety. However, generating valid test programs for the…

Software Engineering · Computer Science 2026-05-04 Hongyan Gao , Yibiao Yang , Maolin Sun , Jiangchang Wu , Yuming Zhou , Baowen Xu

Finding software vulnerabilities in concurrent programs is a challenging task due to the size of the state-space exploration, as the number of interleavings grows exponentially with the number of program threads and statements. We propose…

Software Engineering · Computer Science 2022-10-21 Fatimah K. Aljaafari , Rafael Menezes , Edoardo Manino , Fedor Shmarov , Mustafa A. Mustafa , Lucas C. Cordeiro

Automation of test oracles is one of the most challenging facets of software testing, but remains comparatively less addressed compared to automated test input generation. Test oracles rely on a ground-truth that can distinguish between the…

Software Engineering · Computer Science 2023-04-07 Ali Reza Ibrahimzada , Yigit Varli , Dilara Tekinoglu , Reyhaneh Jabbarvand

Fuzz testing is one of the most effective techniques for finding software vulnerabilities. While modern fuzzers can generate inputs and monitor executions automatically, the overall workflow, from analyzing a codebase, to configuring…

Software Engineering · Computer Science 2025-09-19 Max Bazalii , Marius Fleischer

There is an increasing amount of research and commercial tools for automated test case generation using Large Language Models (LLMs). This paper critically examines whether recent LLM-based test generation tools, such as Codium CoverAgent…

Software Engineering · Computer Science 2024-12-19 Noble Saji Mathews , Meiyappan Nagappan

Zero-knowledge (ZK) protocols have recently found numerous practical applications, such as in authentication, online-voting, and blockchain systems. These protocols are powered by highly complex pipelines that process deterministic…

Software Engineering · Computer Science 2024-11-05 Christoph Hochrainer , Anastasia Isychev , Valentin Wüstholz , Maria Christakis

Testing is widely recognized as an important stage of the software development lifecycle. Effective software testing can provide benefits such as bug finding, preventing regressions, and documentation. In terms of documentation, unit tests…

Software Engineering · Computer Science 2022-04-22 Elizabeth Dinella , Gabriel Ryan , Todd Mytkowicz , Shuvendu K. Lahiri