Directed fuzzing focuses on automatically testing specific parts of the code by taking
advantage of additional information such as (partial) bug stack trace, patches or risky …

Existing coverage-based fuzzers usually use the individual control flow graph (CFG) edge
coverage to guide the fuzzing process, which has shown great potential in finding …

Researchers have proposed many optimizations to improve the efficiency of fuzzing, and
most optimized strategies work very well on their targets when running in single mode with …

Existing greybox fuzzers mainly utilize program coverage as the goal to guide the fuzzing
process. To maximize their outputs, coverage-based greybox fuzzers need to evaluate the …

Fuzz testing has been used to find bugs in programs since the 1990s, but despite decades
of dedicated research, there is still no consensus on which fuzzing techniques work best …

Mutation-based fuzzing is one of the most popular approaches to discover vulnerabilities in
a program. To alleviate the inefficiency of mutation-based fuzzing incurred by high …

Recently, directed grey-box fuzzing (DGF) becomes popular in the field of software testing.
Different from coverage-based fuzzing whose goal is to increase code coverage for …

Unlike coverage-based fuzzing that gives equal attention to every part of a code, directed
fuzzing aims to direct a fuzzer to a specific target in the code, eg, the code with potential …

Existing mutation based fuzzers tend to randomly mutate the input of a program without
understanding its underlying syntax and semantics. In this paper, we propose a novel on-the …

Fuzzing is the de-facto default technique to discover software flaws, randomly testing
programs to discover crashing test cases. Yet, a particular scenario may only care about …