research-article

Open access

Seed selection for successful fuzzing

Authors:

Adrian Herrera,

Michael Norrish,

Antony L. HoskingAuthors Info & Claims

ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

Pages 230 - 243

https://doi.org/10.1145/3460319.3464795

Published: 11 July 2021 Publication History

Abstract

Mutation-based greybox fuzzing---unquestionably the most widely-used fuzzing technique---relies on a set of non-crashing seed inputs (a corpus) to bootstrap the bug-finding process. When evaluating a fuzzer, common approaches for constructing this corpus include: (i) using an empty file; (ii) using a single seed representative of the target's input format; or (iii) collecting a large number of seeds (e.g., by crawling the Internet). Little thought is given to how this seed choice affects the fuzzing process, and there is no consensus on which approach is best (or even if a best approach exists).

To address this gap in knowledge, we systematically investigate and evaluate how seed selection affects a fuzzer's ability to find bugs in real-world software. This includes a systematic review of seed selection practices used in both evaluation and deployment contexts, and a large-scale empirical evaluation (over 33 CPU-years) of six seed selection approaches. These six seed selection approaches include three corpus minimization techniques (which select the smallest subset of seeds that trigger the same range of instrumentation data points as a full corpus).

Our results demonstrate that fuzzing outcomes vary significantly depending on the initial seeds used to bootstrap the fuzzer, with minimized corpora outperforming singleton, empty, and large (in the order of thousands of files) seed sets. Consequently, we encourage seed selection to be foremost in mind when evaluating/deploying fuzzers, and recommend that (a) seed choice be carefully considered and explicitly documented, and (b) never to evaluate fuzzers with only a single seed.

References

[1]

2020. Kenney. https://www.kenney.nl/

[2]

2020. The Motion Monkey. https://www.themotionmonkey.co.uk/

[3]

2020. Open Game Art. https://opengameart.org/

[4]

2020. Regular Expression Library. http://regexlib.com

[5]

Humberto Abdelnur, Radu State, Obes Jorge Lucangeli, and Olivier Festor. 2010. Spectral Fuzzing: Evaluation & Feedback. INRIA. https://hal.inria.fr/inria-00452015

[6]

Mike Aizatsky, Kostya Serebryany, Oliver Chang, Abhishek Arya, and Meredith Whittaker. 2016. Announcing OSS-Fuzz: Continuous fuzzing for open source software. https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html

[7]

Andrea Arcuri and Lionel Briand. 2011. A Practical Guide for Using Statistical Tests to Assess Randomized Algorithms in Software Engineering. In ACM/IEEE International Conference on Software Engineering (ICSE). 1–10. https://doi.org/10.1145/1985793.1985795

Digital Library

[8]

Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, and Daniel Teuchert. 2019. NAUTILUS: Fishing for Deep Bugs with Grammars. In Network and Distributed System Security Symposium (NDSS). https://www.ndss-symposium.org/ndss-paper/nautilus-fishing-for-deep-bugs-with-grammars

[9]

Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with Input-to-State Correspondence. In Network and Distributed System Security Symposium (NDSS). https://www.ndss-symposium.org/ndss-paper/redqueen-fuzzing-with-input-to-state-correspondence/

[10]

Florent Avellaneda. 2020. A short description of the solver EvalMaxSAT. In MaxSAT Evaluations. http://florent.avellaneda.free.fr/dl/EvalMaxSAT.pdf

[11]

Tim Blazytko, Cornelius Aschermann, Moritz Schlögel, Ali Abbasi, Sergej Schumilo, Simon Wörner, and Thorsten Holz. 2019. GRIMOIRE: Synthesizing Structure While Fuzzing. In USENIX Security Symposium (SEC). 1985–2002. https://www.usenix.org/system/files/sec19-blazytko.pdf

[12]

Marcel Böhme and Brandon Falk. 2020. Fuzzing: On the Exponential Cost of Vulnerability Discovery. In Joint European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE). 713–724. https://doi.org/10.1145/3368089.3409729

Digital Library

[13]

Marcel Böhme, Valentin J.M. Manès, and Sang Kil Cha. 2020. Boosting Fuzzer Efficiency: An Information Theoretic Perspective. In Joint European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE). 678–689. https://doi.org/10.1145/3368089.3409748

Digital Library

[14]

Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury. 2017. Directed Greybox Fuzzing. In ACM SIGSAC Conference on Computer and Communications Security (CCS). 2329–2344. https://doi.org/10.1145/3133956.3134020

Digital Library

[15]

Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury. 2016. Coverage-Based Greybox Fuzzing as Markov Chain. In ACM SIGSAC Conference on Computer and Communications Security (CCS). 1032–1043. https://doi.org/10.1145/2976749.2978428

Digital Library

[16]

Oliver Chang, Abhishek Arya, Kostya Serebryany, and Josh Armour. 2017. OSS-Fuzz: Five months later, and rewarding projects. https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html

[17]

Hongxu Chen, Shengjian Guo, Yinxing Xue, Yulei Sui, Cen Zhang, Yuekang Li, Haijun Wang, and Yang Liu. 2020. MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs. In USENIX Security Symposium (SEC). 2325–2342. https://www.usenix.org/conference/usenixsecurity20/presentation/chen-hongxu

[18]

Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu. 2018. Hawkeye: Towards a Desired Directed Grey-Box Fuzzer. In ACM SIGSAC Conference on Computer and Communications Security (CCS). 2095–2108. https://doi.org/10.1145/3243734.3243849

Digital Library

[19]

Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. 2020. SAVIOR: Towards Bug-Driven Hybrid Testing. In IEEE Symposium on Security and Privacy (S&P). 1580–1596. https://doi.org/10.1109/SP40000.2020.00002

[20]

Yaohui Chen, Dongliang Mu, Jun Xu, Zhichuang Sun, Wenbo Shen, Xinyu Xing, Long Lu, and Bing Mao. 2019. PTrix: Efficient Hardware-Assisted Fuzzing for COTS Binary. In ACM Asia Conference on Computer and Communications Security (ASIACCS). 633–645. https://doi.org/10.1145/3321705.3329828

Digital Library

[21]

Deja Vu Security. [n.d.]. PeachMinset. http://community.peachfuzzer.com/minset.html

[22]

Brandon Falk. 2021. Fuzzing: Corpus Minimization. https://youtu.be/947b0lgyvJs

[23]

Andrea Fioraldi, Dominik Maier, Heiko Eiß feldt, and Marc Heuse. 2020. AFL++: Combining Incremental Steps of Fuzzing Research. In USENIX Workshop on Offensive Technologies (WOOT). https://www.usenix.org/conference/woot20/presentation/fioraldi

[24]

Shuitao Gan, Chao Zhang, Peng Chen, Bodong Zhao, Xiaojun Qin, Dong Wu, and Zuoning Chen. 2020. GREYONE: Data Flow Sensitive Fuzzing. In USENIX Security Symposium (SEC). 2577–2594. https://www.usenix.org/conference/usenixsecurity20/presentation/gan

[25]

Shuitao Gan, Chao Zhang, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, and Zuoning Chen. 2018. CollAFL: Path Sensitive Fuzzing. In IEEE Symposium on Security and Privacy (S&P). 679–696. https://doi.org/10.1109/SP.2018.00040

[26]

Google. 2016. Google Fuzzer Test Suite. https://github.com/google/fuzzer-test-suite

[27]

Google. 2020. FuzzBench. https://google.github.io/fuzzbench/

[28]

Rahul Gopinath, Carlos Jensen, and Alex Groce. 2014. Code Coverage for Suite Evaluation by Developers. In ACM/IEEE International Conference on Software Engineering (ICSE). 72–82. https://doi.org/10.1145/2568225.2568278

Digital Library

[29]

Gustavo Grieco, Martín Ceresa, Agustín Mista, and Pablo Buiras. 2017. QuickFuzz testing for fun and profit. Journal of Systems and Software, 134 (2017), Dec., 340–354. https://doi.org/10.1016/j.jss.2017.09.018

Digital Library

[30]

HyungSeok Han, DongHyeon Oh, and Sang Kil Cha. 2019. CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines. In Symposium on Network and Distributed System Security (NDSS). https://www.ndss-symposium.org/ndss-paper/codealchemist-semantics-aware-code-generation-to-find-vulnerabilities-in-javascript-engines/

[31]

Ahmad Hazimeh, Adrian Herrera, and Mathias Payer. 2021. Magma: A Ground-Truth Fuzzing Benchmark. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 4, 3 (2021), March, https://doi.org/10.1145/3428334

Digital Library

[32]

Hwa-You Hsu and Alessandro Orso. 2009. MINTS: A General Framework and Tool for Supporting Test-Suite Minimization. In ACM/IEEE International Conference on Software Engineering (ICSE). https://doi.org/10.1109/ICSE.2009.5070541

Digital Library

[33]

Kyriakos Ispoglou, Daniel Austin, Vishwath Mohan, and Mathias Payer. 2020. FuzzGen: Automatic Fuzzer Generation. In USENIX Security Symposium (SEC). 2271–2287. https://www.usenix.org/conference/usenixsecurity20/presentation/ispoglou

[34]

Yuseok Jeon, WookHyun Han, Nathan Burow, and Mathias Payer. 2020. FuZZan: Efficient Sanitizer Metadata Design for Fuzzing. In USENIX Annual Technical Conference (ATC). 249–263. https://www.usenix.org/conference/atc20/presentation/jeon

[35]

Edward L Kaplan and Paul Meier. 1958. Nonparametric estimation from incomplete observations. J. Amer. Statist. Assoc., 53, 282 (1958), June, https://doi.org/10.2307/2281868

[36]

Richard M. Karp. 2011. Computational Complexity of Combinatorial and Graph-Theoretic Problems. In Theoretical Computer Science, F. Preparata (Ed.) (CIME Summer Schools, Vol. 68). Springer, 97–184. https://doi.org/10.1007/978-3-642-11120-4_3

[37]

George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. 2018. Evaluating Fuzz Testing. In ACM SIGSAC Conference on Computer and Communications Security (CCS). 2123–2138. https://doi.org/10.1145/3243734.3243804

Digital Library

[38]

Pavneet Singh Kochhar, Ferdian Thung, and David Lo. 2015. Code coverage and test suite effectiveness: Empirical study with real bugs in large systems. In IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER). 560–564. https://doi.org/10.1109/SANER.2015.7081877

[39]

Yuekang Li, Bihuan Chen, Mahinthan Chandramohan, Shang-Wei Lin, Yang Liu, and Alwen Tiu. 2017. Steelix: Program-state Based Binary Fuzzing. In Joint European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE). 627–637. https://doi.org/10.1145/3106237.3106295

Digital Library

[40]

Yuekang Li, Yinxing Xue, Hongxu Chen, Xiuheng Wu, Cen Zhang, Xiaofei Xie, Haijun Wang, and Yang Liu. 2019. Cerebro: Context-Aware Adaptive Fuzzing for Effective Vulnerability Detection. In Joint European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE). 533–544. https://doi.org/10.1145/3338906.3338975

Digital Library

[41]

Jun-Wei Lin, Reyhaneh Jabbarvand, Joshua Garcia, and Sam Malek. 2018. Nemo: Multi-Criteria Test-Suite Minimization with Integer Nonlinear Programming. In ACM/IEEE International Conference on Software Engineering (ICSE). 1039–1049. https://doi.org/10.1145/3180155.3180174

Digital Library

[42]

Chenyang Lyu, Shouling Ji, Chao Zhang, Yuwei Li, Wei-Han Lee, Yu Song, and Raheem Beyah. 2019. MOPT: Optimized Mutation Scheduling for Fuzzers. In USENIX Security Symposium (SEC). 1949–1966. https://www.usenix.org/conference/usenixsecurity19/presentation/lyu

[43]

Valentin J. M. Manès, Soomin Kim, and Sang Kil Cha. 2020. Ankou: Guiding Grey-Box Fuzzing towards Combinatorial Difference. In ACM/IEEE International Conference on Software Engineering (ICSE). 1024–1036. https://doi.org/10.1145/3377811.3380421

Digital Library

[44]

Nathan Mantel. 1966. Evaluation of survival data and two new rank order statistics arising in its consideration. Cancer Chemotherapy Reports, 50, 3 (1966), 163–170.

[45]

Björn Mathis, Rahul Gopinath, Michaël Mera, Alexander Kampmann, Matthias Höschele, and Andreas Zeller. 2019. Parser-Directed Fuzzing. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). 548–560. https://doi.org/10.1145/3314221.3314651

Digital Library

[46]

Charlie Miller. 2008. Fuzz By Number: More Data About Fuzzing Than You Ever Wanted To Know. In CanSecWest. https://cansecwest.com/csw08/csw08-miller.pdf

[47]

Mozilla. 2015. Dharma: A Generation-based, Context-Free Grammar Fuzzer. https://blog.mozilla.org/security/2015/06/29/dharma/

[48]

Mozilla. 2018. Introducing the ASan Nightly Project. https://blog.mozilla.org/security/2018/07/19/introducing-the-asan-nightly-project/

[49]

Mozilla. 2020. Fuzzing—Test Samples. https://firefox-source-docs.mozilla.org/tools/fuzzing/index.html

[50]

Ben Nagy. 2010. Prospecting for Rootite: More Code Coverage, More Bugs, Less Wasted Effort. In Ruxcon. https://2010.ruxcon.org.au/presentations/##pfr

[51]

Stefan Nagy and Matthew Hicks. 2019. Full-Speed Fuzzing: Reducing Fuzzing Overhead through Coverage-Guided Tracing. In IEEE Symposium on Security and Privacy (S&P). 787–802. https://doi.org/10.1109/ISTAS48451.2019.8937885

[52]

Timothy Nosco, Jared Ziegler, Zechariah Clark, Davy Marrero, Todd Finkler, Andrew Barbarello, and W. Michael Petullo. 2020. The Industrial Age of Hacking. In USENIX Security Symposium (SEC). 1129–1146. https://www.usenix.org/conference/usenixsecurity20/presentation/nosco

[53]

Sebastian Österlund, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2020. ParmeSan: Sanitizer-guided Greybox Fuzzing. In USENIX Security Symposium (SEC). 2289–2306. https://www.usenix.org/conference/usenixsecurity20/presentation/osterlund

[54]

Rohan Padhye, Caroline Lemieux, Koushik Sen, Mike Papadakis, and Yves Le Traon. 2019. Semantic Fuzzing with Zest. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). 329–340. https://doi.org/10.1145/3293882.3330576

Digital Library

[55]

Rohan Padhye, Caroline Lemieux, Koushik Sen, Laurent Simon, and Hayawardh Vijayakumar. 2019. FuzzFactory: Domain-Specific Fuzzing with Waypoints. Proceedings of the ACM on Programming Languages, 3, OOPSLA (2019), Oct., 174–1749. https://doi.org/10.1145/3360600

Digital Library

[56]

Shankara Pailoor, Andrew Aday, and Suman Jana. 2018. MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation. In USENIX Security Symposium (SEC). 729–743. https://www.usenix.org/conference/usenixsecurity18/presentation/pailoor

[57]

Daniel Plohmann, Martin Clauss, Steffen Enders, and Elmar Padilla. 2018. Malpedia: A Collaborative Effort to Inventorize the Malware Landscape. Journal on Cybercrime & Digital Investigations, 3, 1 (2018), https://doi.org/10.18464/cybin.v3i1.17

[58]

Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, and David Brumley. 2014. Optimizing Seed Selection for Fuzzing. In USENIX Security Symposium (SEC). 861–875. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/rebert

[59]

Christopher Salls, Aravind Machiry, Adam Doupe, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2020. Exploring Abstraction Functions in Fuzzing. In IEEE Conference on Communications and Network Security (CNS). 1–9. https://doi.org/10.1109/CNS48642.2020.9162273

[60]

Scrapinghub. 2020. Scrapy. https://scrapy.org/

[61]

Kosta Serebryany. 2016. Continuous Fuzzing with libFuzzer and AddressSanitizer. In IEEE Cybersecurity Development (SecDev). 157. https://doi.org/10.1109/SecDev.2016.043

[62]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In USENIX Annual Technical Conference (ATC). 309–318. https://www.usenix.org/conference/atc12/technical-sessions/presentation/serebryany

[63]

JHU/APL Staff. 2019. Assembled Labeled Library for Static Analysis Research (ALLSTAR) Dataset. https://allstar.jhuapl.edu/

[64]

Robert Swiecki. 2016. honggfuzz. http://honggfuzz.com/

[65]

The Clang Team. 2020. Source-based Code Coverage. https://clang.llvm.org/docs/SourceBasedCodeCoverage.html

[66]

Jonas Benedict Wagner. 2017. Elastic Program Transformations Automatically Optimizing the Reliability/Performance Trade-off in Systems Software. Ph.D. Dissertation. EPFL. http://infoscience.epfl.ch/record/228899

[67]

Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu. 2017. Skyfire: Data-Driven Seed Generation for Fuzzing. In IEEE Symposium on Security and Privacy (S&P). 579–594. https://doi.org/10.1109/SP.2017.23

[68]

Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu. 2019. Superion: Grammar-Aware Greybox Fuzzing. In ACM/IEEE International Conference on Software Engineering (ICSE). 724–735. https://doi.org/10.1109/ICSE.2019.00081

Digital Library

[69]

Jinghan Wang, Yue Duan, Wei Song, Heng Yin, and Chengyu Song. 2019. Be Sensitive and Collaborative: Analyzing Impact of Coverage Metrics in Greybox Fuzzing. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 1–15. https://www.usenix.org/conference/raid2019/presentation/wang

[70]

Yanhao Wang, Xiangkun Jia, Yuwei Liu, Kyle Zeng, Tiffany Bao, Dinghao Wu, and Purui Su. 2020. Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization. In Network and Distributed System Security Symposium (NDSS). https://www.ndss-symposium.org/ndss-paper/not-all-coverage-measurements-are-equal-fuzzing-by-coverage-accounting-for-input-prioritization/

[71]

Wen Xu, Sanidhya Kashyap, Changwoo Min, and Taesoo Kim. 2017. Designing New Operating Primitives to Improve Fuzzing Performance. In ACM SIGSAC Conference on Computer and Communications Security (CCS). 2313–2328. https://doi.org/10.1145/3133956.3134046

Digital Library

[72]

Tai Yue, Pengfei Wang, Yong Tang, Enze Wang, Bo Yu, Kai Lu, and Xu Zhou. 2020. EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit. In USENIX Security Symposium (SEC). 2307–2324. https://www.usenix.org/conference/usenixsecurity20/presentation/yue

[73]

Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In USENIX Security Symposium (SEC). 745–761. https://www.usenix.org/conference/usenixsecurity18/presentation/yun

[74]

Michał Zalewski. 2015. American Fuzzy Lop (AFL). http://lcamtuf.coredump.cx/afl/

[75]

Peiyuan Zong, Tao Lv, Dawei Wang, Zizhuang Deng, Ruigang Liang, and Kai Chen. 2020. FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning. In USENIX Security Symposium (SEC). 2255–2269. https://www.usenix.org/conference/usenixsecurity20/presentation/zong

Cited By

Hui MWang LLi HYang RSong YZhuang HCui DLi Q(2025)Unveiling the microservices testing methods, challenges, solutions, and solutions gaps: A systematic mapping studyJournal of Systems and Software10.1016/j.jss.2024.112232220(112232)Online publication date: Feb-2025
https://doi.org/10.1016/j.jss.2024.112232
Li YZeng YSong XGuo S(2025)Improving seed quality with historical fuzzing resultsInformation and Software Technology10.1016/j.infsof.2024.107651179(107651)Online publication date: Mar-2025
https://doi.org/10.1016/j.infsof.2024.107651
Yu JLin XYu ZXing XBalzarotti DXu W(2024)LLM-FuzzerProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699161(4657-4674)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699161
Show More Cited By

Index Terms

Seed selection for successful fuzzing
1. Security and privacy
  1. Software and application security
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Evaluating seed selection for fuzzing JavaScript engines
Abstract
JavaScript (JS), as a platform-independent programming language, remains to be the most popular language over the years. However, popular JavaScript engines that have been widely utilized by web browsers to interpret JS code, have become the most ...
Alphuzz: Monte Carlo Search on Seed-Mutation Tree for Coverage-Guided Fuzzing
ACSAC '22: Proceedings of the 38th Annual Computer Security Applications Conference

Coverage-based greybox fuzzing (CGF) has been approved to be effective in finding security vulnerabilities. Seed scheduling, the process of selecting an input as the seed from the seed pool for the next fuzzing iteration, plays a central role in CGF. ...
Graphuzz: Data-driven Seed Scheduling for Coverage-guided Greybox Fuzzing
Seed scheduling is a critical step of greybox fuzzing, which assigns different weights to seed test cases during seed selection, and significantly impacts the efficiency of fuzzing. Existing seed scheduling strategies rely on manually designed models to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

July 2021

685 pages

ISBN:9781450384599

DOI:10.1145/3460319

General Chair:
Cristian Cadar
Imperial College London, UK
,
Program Chair:
Xiangyu Zhang
Purdue University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 July 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Artifacts Available / v1.1

Author Tags

Qualifiers

Research-article

Conference

ISSTA '21

Sponsor:

SIGSOFT

ISSTA '21: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

July 11 - 17, 2021

Virtual, Denmark

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

52
Total Citations
View Citations
3,569
Total Downloads

Downloads (Last 12 months)1,124
Downloads (Last 6 weeks)142

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hui MWang LLi HYang RSong YZhuang HCui DLi Q(2025)Unveiling the microservices testing methods, challenges, solutions, and solutions gaps: A systematic mapping studyJournal of Systems and Software10.1016/j.jss.2024.112232220(112232)Online publication date: Feb-2025
https://doi.org/10.1016/j.jss.2024.112232
Li YZeng YSong XGuo S(2025)Improving seed quality with historical fuzzing resultsInformation and Software Technology10.1016/j.infsof.2024.107651179(107651)Online publication date: Mar-2025
https://doi.org/10.1016/j.infsof.2024.107651
Yu JLin XYu ZXing XBalzarotti DXu W(2024)LLM-FuzzerProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699161(4657-4674)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699161
Song JAlves-Foss J(2024)A Fuzzing Tool Based on Automated Grammar DetectionSoftware10.3390/software30400283:4(569-586)Online publication date: 14-Dec-2024
https://doi.org/10.3390/software3040028
Wang YLi Y(2024)DCGFuzz: An Embedded Firmware Security Analysis Method with Dynamically Co-Directional Guidance FuzzingElectronics10.3390/electronics1308143313:8(1433)Online publication date: 10-Apr-2024
https://doi.org/10.3390/electronics13081433
Qian RZhang QFang CYang DLi SLi BChen Z(2024)DiPri: Distance-Based Seed Prioritization for Greybox Fuzzing—RCR ReportACM Transactions on Software Engineering and Methodology10.1145/370129834:1(1-13)Online publication date: 19-Oct-2024
https://dl.acm.org/doi/10.1145/3701298
Kummita SZhang ZBodden EWei SFilkov VRay BZhou M(2024)Visualizing and Understanding the Internals of FuzzingProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695284(2199-2204)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695284
Kummita SMiao MBodden EWei SBöhme MNoller YSzekeres L(2024)Visualization Task Taxonomy to Understand the Fuzzing Internals (Registered Report)Proceedings of the 3rd ACM International Fuzzing Workshop10.1145/3678722.3685530(13-22)Online publication date: 13-Sep-2024
https://dl.acm.org/doi/10.1145/3678722.3685530
Zhang DFioraldi ABalzarotti DLuo BLiao XXu JKirda ELie D(2024)On Understanding and Forecasting Fuzzers Performance with Static AnalysisProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670348(3973-3987)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670348
Qian RZhang QFang CYang DLi SLi BChen Z(2024)DiPri: Distance-Based Seed Prioritization for Greybox FuzzingACM Transactions on Software Engineering and Methodology10.1145/365444034:1(1-39)Online publication date: 19-Dec-2024
https://dl.acm.org/doi/10.1145/3654440
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents