English
Related papers

Related papers: CovRL: Fuzzing JavaScript Engines with Coverage-Gu…

200 papers

Greybox fuzzing has achieved success in revealing bugs and vulnerabilities in programs. However, randomized mutation strategies have limited the fuzzer's performance on structured data. Specialized fuzzers can handle complex structured…

Cryptography and Security · Computer Science 2026-03-18 Hongxiang Zhang , Yuyang Rong , Yifeng He , Hao Chen

Jailbreak vulnerabilities in Large Language Models (LLMs), which exploit meticulously crafted prompts to elicit content that violates service guidelines, have captured the attention of research communities. While model owners can defend…

Cryptography and Security · Computer Science 2024-04-16 Dongyu Yao , Jianshu Zhang , Ian G. Harris , Marcel Carlsson

MLIR (Multi-Level Intermediate Representation) has rapidly become a foundational technology for modern compiler frameworks, enabling extensibility across diverse domains. However, ensuring the correctness and robustness of MLIR itself…

Software Engineering · Computer Science 2025-10-10 Zeyu Sun , Jingjing Liang , Weiyi Wang , Chenyao Suo , Junjie Chen , Fanjiang Xu

Modern computing systems heavily rely on hardware as the root of trust. However, their increasing complexity has given rise to security-critical vulnerabilities that cross-layer at-tacks can exploit. Traditional hardware vulnerability…

Software Engineering · Computer Science 2024-04-11 Mohamadreza Rostami , Marco Chilese , Shaza Zeitouni , Rahul Kande , Jeyavijayan Rajendran , Ahmad-Reza Sadeghi

Fuzzing, a widely-used technique for bug detection, has seen advancements through Large Language Models (LLMs). Despite their potential, LLMs face specific challenges in fuzzing. In this paper, we identified five major challenges of…

Software Engineering · Computer Science 2024-04-26 Yu Jiang , Jie Liang , Fuchen Ma , Yuanliang Chen , Chijin Zhou , Yuheng Shen , Zhiyong Wu , Jingzhou Fu , Mingzhe Wang , ShanShan Li , Quan Zhang

The rapid development of large language models (LLMs) has revolutionized software testing, particularly fuzz testing, by automating the generation of diverse and effective test inputs. This advancement holds great promise for improving…

Software Engineering · Computer Science 2025-10-14 Linghan Huang , Peizhou Zhao , Huaming Chen

In recent years, the programming capabilities of large language models (LLMs) have garnered significant attention. Fuzz testing, a highly effective technique, plays a key role in enhancing software reliability and detecting vulnerabilities.…

Software Engineering · Computer Science 2024-12-23 Hanxiang Xu , Wei Ma , Ting Zhou , Yanjie Zhao , Kai Chen , Qiang Hu , Yang Liu , Haoyu Wang

We present a novel tool BertRLFuzzer, a BERT and Reinforcement Learning (RL) based fuzzer aimed at finding security vulnerabilities for Web applications. BertRLFuzzer works as follows: given a set of seed inputs, the fuzzer performs…

Software Engineering · Computer Science 2024-10-02 Piyush Jha , Joseph Scott , Jaya Sriram Ganeshna , Mudit Singh , Vijay Ganesh

Fuzzing has been incredibly successful in uncovering bugs and vulnerabilities across diverse software systems. JSON parsers play a vital role in modern software development, and ensuring their reliability is of great importance. This…

Software Engineering · Computer Science 2024-10-31 Zhiyuan Zhong , Zhezhen Cao , Zhanwei Zhang

Patch fuzzing is a technique aimed at identifying vulnerabilities that arise from newly patched code. While researchers have made efforts to apply patch fuzzing to testing JavaScript engines with considerable success, these efforts have…

Cryptography and Security · Computer Science 2025-05-02 Junjie Wang , Yuhan Ma , Xiaofei Xie , Xiaoning Du , Xiangwei Zhang

Deep learning (DL) libraries, widely used in AI applications, often contain vulnerabilities like buffer overflows and use-after-free errors. Traditional fuzzing struggles with the complexity and API diversity of DL libraries such as…

Software Engineering · Computer Science 2025-01-09 Kunpeng Zhang , Shuai Wang , Jitao Han , Xiaogang Zhu , Xian Li , Shaohua Wang , Sheng Wen

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the…

Cryptography and Security · Computer Science 2023-03-14 Marcello Maugeri , Cristian Daniele , Giampaolo Bella , Erik Poll

Mutation-based fuzzing is effective for uncovering compiler bugs, but designing high-quality mutators for modern languages with complex constructs (e.g., templates, macros) remains challenging. Existing methods rely heavily on manual design…

Software Engineering · Computer Science 2026-02-09 Bo Wang , Pengyang Wang , Chong Chen , Ming Deng , Jieke Shi , Qi Sun , Chengran Yang , Youfang Lin , Zhou Yang , Junjie Chen , Jun Sun , David Lo

Fuzzing is one of the prevailing methods for vulnerability detection. However, even state-of-the-art fuzzing methods become ineffective after some period of time, i.e., the coverage hardly improves as existing methods are ineffective to…

Cryptography and Security · Computer Science 2021-12-15 Shunkai Zhu , Jingyi Wang , Jun Sun , Jie Yang , Xingwei Lin , Liyi Zhang , Peng Cheng

Fuzzing has achieved tremendous success in discovering bugs and vulnerabilities in various software systems. Systems under test (SUTs) that take in programming or formal language as inputs, e.g., compilers, runtime engines, constraint…

Software Engineering · Computer Science 2024-12-11 Chunqiu Steven Xia , Matteo Paltenghi , Jia Le Tian , Michael Pradel , Lingming Zhang

Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov…

Artificial Intelligence · Computer Science 2018-01-16 Konstantin Böttinger , Patrice Godefroid , Rishabh Singh

JavaScript engines are widely used in web browsers, PDF readers, and server-side applications. The rise in concern over their security has led to the development of several targeted fuzzing techniques. However, existing approaches use…

Artificial Intelligence · Computer Science 2025-11-17 Myles Foley , Sergio Maffeis , Muhammad Fakhrur Rozi , Takeshi Takahashi

A fuzzer provides randomly generated inputs to a targeted software to expose erroneous behavior. To efficiently detect defects, generated inputs should conform to the structure of the input format and thus, grammars can be used to generate…

Software Engineering · Computer Science 2020-08-05 Martin Eberlein , Yannic Noller , Thomas Vogel , Lars Grunske

Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on…

Cryptography and Security · Computer Science 2026-04-21 Yihao Zou , Tianming Zheng , Futai Zou , Yue Wu

Deep learning-based code processing models have shown good performance for tasks such as predicting method names, summarizing programs, and comment generation. However, despite the tremendous progress, deep learning models are often prone…

Software Engineering · Computer Science 2021-06-18 Moshi Wei , Yuchao Huang , Jinqiu Yang , Junjie Wang , Song Wang