Fuzzing has proven to be a highly effective approach to uncover software bugs over the past
decade. After AFL popularized the groundbreaking concept of lightweight coverage …

Directed grey-box fuzzers specialize in testing specific target code. They have been applied
to many security applications such as reproducing known crashes and detecting …

Newly submitted commits are prone to introducing vulnerabilities into programs. As a
promising countermeasure, directed greybox fuzzers can be employed to test commit …

Fuzz testing, also known as fuzzing, is a software testing technique aimed at identifying
software vulnerabilities. In recent decades, fuzzing has gained increasing popularity in the …

Bug reports and patch commits are dramatically increasing for OS kernels, incentivizing a
critical need for kernel-level bug reproduction and patch testing. Directed greybox fuzzing …

Despite growing research interest, existing directed grey-box fuzzers do not scale well with
program complexity. In this paper, we identify two major scalability challenges for current …

A common paradigm for improving fuzzing performance is to focus on selected regions of a
program rather than its entirety. While previous work has largely explored how these …

Modern directed fuzzing often faces scalability issues when analyzing multiple targets in a
program simultaneously. We observe that the root cause is that directed fuzzers are …

Concurrency use-after-free (UAF) vulnerabilities account for a large portion of UAF
vulnerabilities in Linux drivers. Many solutions have been proposed to find either …

For coverage-guided fuzzers, many of their adopted seeds are usually underused by
exploring limited program states since essentially all their executions have to abide by …