English
Related papers

Related papers: Fixing Security Vulnerabilities with AI in OSS-Fuz…

200 papers

Smart contracts are fundamental pillars of the blockchain, playing a crucial role in facilitating various business transactions. However, these smart contracts are vulnerable to exploitable bugs that can lead to substantial monetary losses.…

Software Engineering · Computer Science 2025-09-30 Xingshuang Lin , Qinge Xie , Binbin Zhao , Yuan Tian , Saman Zonouz , Na Ruan , Jiliang Li , Raheem Beyah , Shouling Ji

Recently, many Deep Learning fuzzers have been proposed for testing of DL libraries. However, they either perform unguided input generation (e.g., not considering the relationship between API arguments when generating inputs) or only…

Cryptography and Security · Computer Science 2023-12-27 Nima Shiri Harzevili , Mohammad Mahdi Mohajer , Moshi Wei , Hung Viet Pham , Song Wang

Fuzzing has been incredibly successful in uncovering bugs and vulnerabilities across diverse software systems. JSON parsers play a vital role in modern software development, and ensuring their reliability is of great importance. This…

Software Engineering · Computer Science 2024-10-31 Zhiyuan Zhong , Zhezhen Cao , Zhanwei Zhang

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

Fuzzing is an important dynamic program analysis technique designed for finding vulnerabilities in complex software. Fuzzing involves presenting a target program with crafted malicious input to cause crashes, buffer overflows, memory…

Algorithmic complexity vulnerabilities occur when the worst-case time/space complexity of an application is significantly higher than the respective average case for particular user-controlled inputs. When such conditions are met, an…

Cryptography and Security · Computer Science 2017-08-29 Theofilos Petsios , Jason Zhao , Angelos D. Keromytis , Suman Jana

Fuzzing has been studied and applied ever since the 1990s. Automated and continuous fuzzing has recently been applied also to open source software projects, including the Linux and BSD kernels. This paper concentrates on the practical…

Software Engineering · Computer Science 2020-02-26 Jukka Ruohonen , Kalle Rindell

Due to their widespread use in industry, several techniques have been proposed in the literature to fuzz REST APIs. Existing fuzzers for REST APIs have been focusing on detecting crashes (e.g., 500 HTTP server error status code). However,…

Software Engineering · Computer Science 2026-04-02 Omur Sahin , Man Zhang , Andrea Arcuri

Fault Localization (FL) aims to automatically localize buggy lines of code, a key first step in many manual and automatic debugging tasks. Previous FL techniques assume the provision of input tests, and often require extensive program…

Software Engineering · Computer Science 2023-10-04 Aidan Z. H. Yang , Ruben Martins , Claire Le Goues , Vincent J. Hellendoorn

The next generation of AI systems requires strong safety guarantees. This report looks at the software implementation of neural networks and related memory safety properties, including NULL pointer deference, out-of-bound access,…

Software Engineering · Computer Science 2024-05-16 Yiannis Charalambous , Edoardo Manino , Lucas C. Cordeiro

In recent years, more vulnerabilities have been discovered every day, while manual vulnerability repair requires specialized knowledge and is time-consuming. As a result, many detected or even published vulnerabilities remain unpatched,…

Software Engineering · Computer Science 2025-04-11 Zhengyao Liu , Yunlong Ma , Jingxuan Xu , Junchen Ai , Xiang Gao , Hailong Sun , Abhik Roychoudhury

Compiler correctness is crucial, as miscompilation can falsify program behaviors, leading to serious consequences. Fuzzing has been studied to uncover compiler defects. However, compiler fuzzing remains challenging: Existing arts focus on…

Software Engineering · Computer Science 2024-09-06 Chenyuan Yang , Yinlin Deng , Runyu Lu , Jiayi Yao , Jiawei Liu , Reyhaneh Jabbarvand , Lingming Zhang

Deep Learning (DL) libraries such as PyTorch provide the core components to build major AI-enabled applications. Finding bugs in these libraries is important and challenging. Prior approaches have tackled this by performing either API-level…

Software Engineering · Computer Science 2025-09-19 Feiran Qin , M. M. Abid Naziri , Hengyu Ai , Saikat Dutta , Marcelo d'Amorim

Guided fuzzing has, in recent years, been able to uncover many new vulnerabilities in real-world software due to its fast input mutation strategies guided by path-coverage. However, most fuzzers are unable to achieve high coverage in deeper…

Software Engineering · Computer Science 2019-10-14 Saahil Ognawala , Fabian Kilger , Alexander Pretschner

This paper presents a novel fuzzing framework, called MicroFuzz, specifically designed for Microservices. Mocking-Assisted Seed Execution, Distributed Tracing, Seed Refresh and Pipeline Parallelism approaches are adopted to address the…

Software Engineering · Computer Science 2024-02-06 Peng Di , Bingchang Liu , Yiyi Gao

Open Source Software (OSS) has become a very important and crucial infrastructure worldwide because of the value it provides. OSS typically depends on contributions from developers across diverse backgrounds and levels of experience. Making…

Software Engineering · Computer Science 2025-10-08 Elijah Kayode Adejumo , Brittany Johnson

Fuzzing has achieved tremendous success in discovering bugs and vulnerabilities in various software systems. Systems under test (SUTs) that take in programming or formal language as inputs, e.g., compilers, runtime engines, constraint…

Software Engineering · Computer Science 2024-12-11 Chunqiu Steven Xia , Matteo Paltenghi , Jia Le Tian , Michael Pradel , Lingming Zhang

Fuzzing has proven to be a highly effective approach to uncover software bugs over the past decade. After AFL popularized the groundbreaking concept of lightweight coverage feedback, the field of fuzzing has seen a vast amount of scientific…

Automated Program Repair (APR) agents leverage Large Language Models (LLMs) to autonomously diagnose and fix software bugs through reasoning, planning, and tool use. Despite impressive leaderboard gains on benchmarks such as SWE-bench,…

Software Engineering · Computer Science 2026-05-28 Ira Ceka , Hailie Mitchell , Saurabh Pujar , Luca Buratti , Shyam Ramji , Junfeng Yang , Gail Kaiser , Baishakhi Ray

GPUs play an increasingly important role in modern software. However, the heterogeneous host-device execution model and expanding software stacks make GPU programs prone to memory-safety and concurrency bugs that evade static analysis.…

Cryptography and Security · Computer Science 2026-03-16 Mohamed Tarek Ibn ziad , Christos Kozyrakis