Fuzzing is a powerful tool for vulnerability discovery in software, with much progress being
made in the field in recent years. There is limited literature available on the fuzzing …

In this paper, we present AFL++, a community-driven open-source tool that incorporates
state-of-the-art fuzzing research, to make the research comparable, reproducible …

The release of AFL marked an important milestone in the area of software security testing,
revitalizing fuzzing as a major research topic and spurring a large number of research …

Mutation-based greybox fuzzing---unquestionably the most widely-used fuzzing technique---
relies on a set of non-crashing seed inputs (a corpus) to bootstrap the bug-finding process …

Coverage-based fuzzing has been actively studied and widely adopted for finding
vulnerabilities in real-world software applications. With coverage information, such as …

Seed scheduling, the order in which seeds are selected, can greatly affect the performance
of a fuzzer. Existing approaches schedule seeds based on their historical mutation data, but …

AFL is one of the most used and extended fuzzers, adopted by industry and academic
researchers alike. Although the community agrees on AFL's effectiveness at discovering …

Coverage metrics play an essential role in greybox fuzzing. Recent work has shown that fine-
grained coverage metrics could allow a fuzzer to detect bugs that cannot be covered by …

Data races occur when two threads fail to use proper synchronization when accessing
shared data. In kernel file systems, which are highly concurrent by design, data races are …

Fuzzers effectively explore programs to discover bugs. Greybox fuzzers mutate seed inputs
and observe their execution. Whenever a seed reaches new behavior (eg, new code or …