Fuzzing is a simple yet effective approach to discover software bugs utilizing randomly
generated inputs. However, it is limited by coverage and cannot find bugs hidden in deep …

Programs that take highly-structured files as inputs normally process inputs in stages: syntax
parsing, semantic checking, and application execution. Deep bugs are often hidden in the …

Fuzzing is a popular technique for finding software bugs. However, the performance of the
state-of-the-art fuzzers leaves a lot to be desired. Fuzzers based on symbolic execution …

Fuzzing has become the de facto standard technique for finding software vulnerabilities.
However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger …

Unlike coverage-based fuzzing that gives equal attention to every part of a code, directed
fuzzing aims to direct a fuzzer to a specific target in the code, eg, the code with potential …

Directed grey-box fuzzers specialize in testing specific target code. They have been applied
to many security applications such as reproducing known crashes and detecting …

Coverage-guided fuzzing is a widely used and effective solution to find software
vulnerabilities. Tracking code coverage and utilizing it to guide fuzzing are crucial to …

Existing mutation based fuzzers tend to randomly mutate the input of a program without
understanding its underlying syntax and semantics. In this paper, we propose a novel on-the …

One of the key questions when fuzzing is where to look for vulnerabilities. Coverage-guided
fuzzers indiscriminately optimize for covering as much code as possible given that bug …

Fuzzing is a practical, widely-deployed technique to find bugs in complex, real-world
programs like JavaScript engines. We observed, however, that existing fuzzing approaches …