{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T18:04:28Z","timestamp":1783965868940,"version":"3.55.0"},"reference-count":41,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62272464"],"award-info":[{"award-number":["62272464"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003816","name":"Huawei Technologies Co Ltd","doi-asserted-by":"publisher","award":["CCF-HuaweiSE202310"],"award-info":[{"award-number":["CCF-HuaweiSE202310"]}],"id":[{"id":"10.13039\/501100003816","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.cose.2026.105020","type":"journal-article","created":{"date-parts":[[2026,6,14]],"date-time":"2026-06-14T22:00:51Z","timestamp":1781474451000},"page":"105020","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["PriSat: Prioritized satisfaction of critical path and data conditions for directed greybox fuzzing"],"prefix":"10.1016","volume":"170","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-3345-5861","authenticated-orcid":false,"given":"Yujie","family":"Wang","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-8014-6348","authenticated-orcid":false,"given":"Yang","family":"Zi","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5160-1223","authenticated-orcid":false,"given":"Wenchang","family":"Shi","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-5482-1068","authenticated-orcid":false,"given":"Linjie","family":"Pan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0844-4805","authenticated-orcid":false,"given":"Pan","family":"Bian","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1009-6627","authenticated-orcid":false,"given":"Wei","family":"You","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2026.105020_b1","unstructured":"AFL, , 2024. https:\/\/github.com\/google\/AFL."},{"key":"10.1016\/j.cose.2026.105020_b2","first-page":"1","article-title":"REDQUEEN: Fuzzing with input-to-state correspondence","volume":"vol. 19","author":"Aschermann","year":"2019"},{"key":"10.1016\/j.cose.2026.105020_b3","series-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","first-page":"2329","article-title":"Directed greybox fuzzing","author":"B\u00f6hme","year":"2017"},{"key":"10.1016\/j.cose.2026.105020_b4","series-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","first-page":"1032","article-title":"Coverage-based greybox fuzzing as Markov chain","author":"B\u00f6hme","year":"2016"},{"key":"10.1016\/j.cose.2026.105020_b5","series-title":"2018 IEEE Security and Privacy Workshops","first-page":"116","article-title":"Deep reinforcement fuzzing","author":"B\u00f6ttinger","year":"2018"},{"key":"10.1016\/j.cose.2026.105020_b6","series-title":"2018 IEEE Symposium on Security and Privacy","first-page":"711","article-title":"Angora: Efficient fuzzing by principled search","author":"Chen","year":"2018"},{"key":"10.1016\/j.cose.2026.105020_b7","series-title":"2020 IEEE Symposium on Security and Privacy","first-page":"1580","article-title":"SAVIOR: towards bug-driven hybrid testing","author":"Chen","year":"2020"},{"key":"10.1016\/j.cose.2026.105020_b8","series-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","first-page":"2095","article-title":"Hawkeye: Towards a desired directed grey-box fuzzer","author":"Chen","year":"2018"},{"key":"10.1016\/j.cose.2026.105020_b9","unstructured":"CVE-2017-5969, , 2017. https:\/\/github.com\/GNOME\/libxml2\/commit\/94691dc884d1a8ada39f073408b4bb92fe7fe882."},{"key":"10.1016\/j.cose.2026.105020_b10","series-title":"44th IEEE\/ACM 44th International Conference on Software Engineering","first-page":"2440","article-title":"Windranger: A directed greybox fuzzer driven by deviation basic blocks","author":"Du","year":"2022"},{"key":"10.1016\/j.cose.2026.105020_b11","series-title":"ISSTA \u201921: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event","first-page":"230","article-title":"Seed selection for successful fuzzing","author":"Herrera","year":"2021"},{"key":"10.1016\/j.cose.2026.105020_b12","doi-asserted-by":"crossref","unstructured":"Hu, Jie, Duan, Yue, Yin, Heng, 2024. Marco: A stochastic asynchronous concolic explorer. In: Proceedings of the 46th IEEE\/ACM International Conference on Software Engineering. pp. 1\u201312.","DOI":"10.1145\/3597503.3623301"},{"key":"10.1016\/j.cose.2026.105020_b13","series-title":"43rd IEEE Symposium on Security and Privacy","first-page":"36","article-title":"BEACON: Directed grey-box fuzzing with provable path pruning","author":"Huang","year":"2022"},{"key":"10.1016\/j.cose.2026.105020_b14","series-title":"IEEE Symposium on Security and Privacy","first-page":"1956","article-title":"Everything is good for something: Counterexample-guided directed fuzzing via likely invariant inference","author":"Huang","year":"2024"},{"key":"10.1016\/j.cose.2026.105020_b15","series-title":"32nd USENIX Security Symposium","first-page":"4931","article-title":"DAFL: directed grey-box fuzzing guided by data dependency","author":"Kim","year":"2023"},{"issue":"FSE","key":"10.1016\/j.cose.2026.105020_b16","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1145\/3643741","article-title":"Evaluating directed fuzzers: Are we heading in the right direction?","volume":"1","author":"Kim","year":"2024","journal-title":"Proc. ACM Softw. Eng."},{"key":"10.1016\/j.cose.2026.105020_b17","series-title":"30th USENIX Security Symposium","first-page":"3559","article-title":"Constraint-guided directed greybox fuzzing","author":"Lee","year":"2021"},{"key":"10.1016\/j.cose.2026.105020_b18","doi-asserted-by":"crossref","unstructured":"Lemieux, Caroline, Sen, Koushik, 2018. Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage. In: Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering. pp. 475\u2013485.","DOI":"10.1145\/3238147.3238176"},{"key":"10.1016\/j.cose.2026.105020_b19","series-title":"33rd USENIX Security Symposium","article-title":"SDFuzz: Target states driven directed fuzzing","author":"Li","year":"2024"},{"key":"10.1016\/j.cose.2026.105020_b20","series-title":"2022 IEEE Symposium on Security and Privacy","first-page":"1","article-title":"Pata: Fuzzing with path aware taint analysis","author":"Liang","year":"2022"},{"key":"10.1016\/j.cose.2026.105020_b21","unstructured":"Libxml2, , 2017. http:\/\/github.com\/GNOME\/libxml2."},{"key":"10.1016\/j.cose.2026.105020_b22","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103851","article-title":"HyperGo: Probability-based directed hybrid fuzzing","volume":"142","author":"Lin","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.105020_b23","series-title":"2023 IEEE Symposium on Security and Privacy","first-page":"2693","article-title":"Selectfuzz: Efficient directed fuzzing with selective path exploration","author":"Luo","year":"2023"},{"key":"10.1016\/j.cose.2026.105020_b24","unstructured":"MITRE. CVE-2017-9047, , 2017. https:\/\/www.cve.org\/CVERecord?id=CVE-2017-9047."},{"key":"10.1016\/j.cose.2026.105020_b25","unstructured":"MITRE CVE Database, , 2025. https:\/\/cve.mitre.org."},{"key":"10.1016\/j.cose.2026.105020_b26","doi-asserted-by":"crossref","unstructured":"Oh, Hakjoo, Heo, Kihong, Lee, Wonchan, Lee, Woosuk, Yi, Kwangkeun, 2012. Design and implementation of sparse global analyses for C-like languages. In: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation. pp. 229\u2013238.","DOI":"10.1145\/2254064.2254092"},{"key":"10.1016\/j.cose.2026.105020_b27","unstructured":"\u00d6sterlund, Sebastian, Razavi, Kaveh, Bos, Herbert, Giuffrida, Cristiano, 2020. {ParmeSan}: Sanitizer-guided greybox fuzzing. In: 29th USENIX Security Symposium. USENIX Security 20, pp. 2289\u20132306."},{"key":"10.1016\/j.cose.2026.105020_b28","series-title":"Not all bytes are equal: Neural byte sieve for fuzzing","author":"Rajpal","year":"2017"},{"key":"10.1016\/j.cose.2026.105020_b29","series-title":"2017 Network and Distributed System Security (NDSS) Symposium:[Proceedings]","first-page":"1","article-title":"Vuzzer: Application-aware evolutionary fuzzing","author":"Rawat","year":"2017"},{"key":"10.1016\/j.cose.2026.105020_b30","unstructured":"Rong, Huanyao, You, Wei, Wang, Xiaofeng, Mao, Tianhao, 2024. Toward Unbiased {Multiple\u2212Target} Fuzzing with Path Diversity. In: 33rd USENIX Security Symposium. USENIX Security 24, pp. 2475\u20132492."},{"issue":"6","key":"10.1016\/j.cose.2026.105020_b31","doi-asserted-by":"crossref","first-page":"112","DOI":"10.1145\/1273442.1250748","article-title":"Thin slicing","volume":"42","author":"Sridharan","year":"2007","journal-title":"SIGPLAN Not."},{"key":"10.1016\/j.cose.2026.105020_b32","series-title":"Annual Computer Security Applications Conference","first-page":"388","article-title":"One fuzz doesn\u2019t fit all: Optimizing directed fuzzing via target-tailored program state restriction","author":"Srivastava","year":"2022"},{"key":"10.1016\/j.cose.2026.105020_b33","series-title":"NDSS","first-page":"1","article-title":"Driller: Augmenting fuzzing through selective symbolic execution","volume":"16","author":"Stephens","year":"2016"},{"key":"10.1016\/j.cose.2026.105020_b34","doi-asserted-by":"crossref","unstructured":"Sui, Yulei, Xue, Jingling, 2016. SVF: interprocedural static value-flow analysis in LLVM. In: Proceedings of the 25th International Conference on Compiler Construction. pp. 265\u2013266.","DOI":"10.1145\/2892208.2892235"},{"key":"10.1016\/j.cose.2026.105020_b35","series-title":"2010 IEEE Symposium on Security and Privacy","first-page":"497","article-title":"TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection","author":"Wang","year":"2010"},{"key":"10.1016\/j.cose.2026.105020_b36","series-title":"SoK: The progress, challenges, and perspectives of directed greybox fuzzing","author":"Wang","year":"2020"},{"key":"10.1016\/j.cose.2026.105020_b37","series-title":"35th IEEE International Symposium on Software Reliability Engineering","first-page":"307","article-title":"An empirical study on the distance metric in guiding directed grey-box fuzzing","author":"Wen","year":"2024"},{"key":"10.1016\/j.cose.2026.105020_b38","series-title":"33rd USENIX Security Symposium","first-page":"2459","article-title":"Critical code guided directed greybox fuzzing for commits","author":"Xiang","year":"2024"},{"key":"10.1016\/j.cose.2026.105020_b39","unstructured":"Yun, Insu, Lee, Sangho, Xu, Meng, Jang, Yeongjin, Kim, Taesoo, 2018. {QSYM}: A practical concolic execution engine tailored for hybrid fuzzing. In: 27th USENIX Security Symposium. USENIX Security 18, pp. 745\u2013761."},{"key":"10.1016\/j.cose.2026.105020_b40","doi-asserted-by":"crossref","unstructured":"Zhao, Lei, Duan, Yue, Xuan, Jifeng, 2019. Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing. In: Network and Distributed System Security Symposium. NDSS.","DOI":"10.14722\/ndss.2019.23504"},{"key":"10.1016\/j.cose.2026.105020_b41","series-title":"29th USENIX Security Symposium","first-page":"2255","article-title":"FuzzGuard: Filtering out unreachable inputs in directed grey-box fuzzing through deep learning","author":"Zong","year":"2020"}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826001963?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826001963?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T17:15:15Z","timestamp":1783962915000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826001963"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":41,"alternative-id":["S0167404826001963"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.105020","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"PriSat: Prioritized satisfaction of critical path and data conditions for directed greybox fuzzing","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.105020","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"105020"}}