{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T17:59:21Z","timestamp":1773079161088,"version":"3.50.1"},"reference-count":30,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2023,3,29]],"date-time":"2023-03-29T00:00:00Z","timestamp":1680048000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"NSF","award":["CCF-1816951, CCF-1955610, and CCF-2047682"],"award-info":[{"award-number":["CCF-1816951, CCF-1955610, and CCF-2047682"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2023,4,30]]},"abstract":"<jats:p>While many real-world programs are shipped with configurations to enable\/disable functionalities, fuzzers have mostly been applied to test single configurations of these programs. In this work, we first conduct an empirical study to understand how program configurations affect fuzzing performance. We find that limiting a campaign to a single configuration can result in failing to cover a significant amount of code. We also observe that different program configurations contribute differing amounts of code coverage, challenging the idea that each one can be efficiently fuzzed individually. Motivated by these two observations, we propose ConfigFuzz , which can fuzz configurations along with normal inputs. ConfigFuzz transforms the target program to encode its program options within part of the fuzzable input, so existing fuzzers\u2019 mutation operators can be reused to fuzz program configurations. We instantiate ConfigFuzz on six configurable, common fuzzing targets, and integrate their executions in FuzzBench. In our evaluation, ConfigFuzz outperforms two baseline fuzzers in four targets, while the results are mixed in the other targets due to program size and configuration space. We also analyze the options fuzzed by ConfigFuzz and how they affect the performance.<\/jats:p>","DOI":"10.1145\/3580597","type":"journal-article","created":{"date-parts":[[2023,2,9]],"date-time":"2023-02-09T13:48:04Z","timestamp":1675950484000},"page":"1-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["Fuzzing Configurations of Program Options"],"prefix":"10.1145","volume":"32","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3811-675X","authenticated-orcid":false,"given":"Zenong","family":"Zhang","sequence":"first","affiliation":[{"name":"University of Texas at Dallas, Richardson, Texas, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5070-0107","authenticated-orcid":false,"given":"George","family":"Klees","sequence":"additional","affiliation":[{"name":"University of Maryland, Maryland, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7037-7888","authenticated-orcid":false,"given":"Eric","family":"Wang","sequence":"additional","affiliation":[{"name":"Poolesville High School, Poolesville, Maryland, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2759-9223","authenticated-orcid":false,"given":"Michael","family":"Hicks","sequence":"additional","affiliation":[{"name":"University of Maryland and Amazon, Maryland, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2826-1857","authenticated-orcid":false,"given":"Shiyi","family":"Wei","sequence":"additional","affiliation":[{"name":"University of Texas at Dallas, Richardson, Texas, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,3,29]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"Google Groups. 2022. AFL User Conversation. Retrieved from https:\/\/groups.google.com\/g\/afl-users\/c\/ZBWq0LdHBzw\/m\/zBlo7q9LBAAJ."},{"key":"e_1_3_2_3_2","unstructured":"Micha\u0142 Zalewski. 2022. American Fuzzy Lop (AFL). Retrieved from https:\/\/lcamtuf.coredump.cx\/afl\/."},{"key":"e_1_3_2_4_2","unstructured":"National Institute of Standards and Technology. 2022. Automated Combinatorial Testing for Software (ACTS). Retrieved from https:\/\/www.nist.gov\/programs-projects\/automated-combinatorial-testing-software-acts."},{"key":"e_1_3_2_5_2","unstructured":"LLVM Developer Group. 2022. Clang: A C language family frontend for LLVM. Retrieved from https:\/\/clang.llvm.org\/."},{"key":"e_1_3_2_6_2","unstructured":"GNU Project. 2022. cxxfilt. Retrieved from https:\/\/sourceware.org\/binutils\/docs\/binutils\/c_002b_002bfilt.html."},{"key":"e_1_3_2_7_2","unstructured":"FFmpeg Team. 2022. FFmpeg. Retrieved from https:\/\/ffmpeg.org."},{"key":"e_1_3_2_8_2","unstructured":"Google. 2022. FuzzBench: Fuzzer Benchmarking As a Service. Retrieved from https:\/\/github.com\/google\/fuzzbench\/."},{"key":"e_1_3_2_9_2","unstructured":"Google. 2022. Fuzzing with afl-fuzz. Retrieved from https:\/\/afl-1.readthedocs.io\/en\/latest\/fuzzing.html."},{"key":"e_1_3_2_10_2","unstructured":"Eric S. Raymond. 2022. gif2png. Retrieved from http:\/\/www.catb.org\/esr\/gif2png\/."},{"key":"e_1_3_2_11_2","unstructured":"LLVM Developer Group. 2022. llvm-cov. Retrieved from https:\/\/llvm.org\/docs\/CommandGuide\/llvm-cov.html."},{"key":"e_1_3_2_12_2","unstructured":"GNU Project. 2022. nm. Retrieved from https:\/\/sourceware.org\/binutils\/docs\/binutils\/nm.html."},{"key":"e_1_3_2_13_2","unstructured":"GNU Project. 2022. objdump. Retrieved from https:\/\/sourceware.org\/binutils\/docs\/binutils\/objdump.html."},{"key":"e_1_3_2_14_2","unstructured":"The GNOME Project. 2022. xmllint. Retrieved from http:\/\/xmlsoft.org\/xmllint.html."},{"key":"e_1_3_2_15_2","unstructured":"Microsoft. 2022. Z3 Issue #4461. Retrieved from https:\/\/github.com\/Z3Prover\/z3\/issues\/4461#issuecomment-633988515."},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985795"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/32.605761"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2003.1201186"},{"key":"e_1_3_2_20_2","volume-title":"Proceedings of the 14th USENIX Workshop on Offensive Technologies (WOOT\u201920)","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. AFL++: Combining incremental steps of fuzzing research. In Proceedings of the 14th USENIX Workshop on Offensive Technologies (WOOT\u201920). USENIX Association. Retrieved from https:\/\/www.usenix.org\/conference\/woot20\/presentation\/fioraldi."},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243804"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICST53961.2022.00032"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464823"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/1883612.1883618"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/3485529"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2941681"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/2580950"},{"key":"e_1_3_2_28_2","unstructured":"Zi Wang Ben Liblit and Thomas Reps. 2020. TOFU: Target-Oriented FUzzer. arxiv:cs.SE\/2004.14375."},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/3428261"},{"key":"e_1_3_2_30_2","volume-title":"The Fuzzing Book","author":"Zeller Andreas","year":"2021","unstructured":"Andreas Zeller, Rahul Gopinath, Marcel B\u00f6hme, Gordon Fraser, and Christian Holler. 2021. Testing configurations. In The Fuzzing Book. CISPA Helmholtz Center for Information Security. Retrieved from https:\/\/www.fuzzingbook.org\/html\/ConfigurationFuzzer.html."},{"key":"e_1_3_2_31_2","first-page":"3699","volume-title":"Proceedings of the 31st USENIX Security Symposium (USENIX Security\u201922)","author":"Zhang Zenong","year":"2022","unstructured":"Zenong Zhang, Zach Patterson, Michael Hicks, and Shiyi Wei. 2022. FIXREVERTER: A realistic bug injection methodology for benchmarking fuzz testing. In Proceedings of the 31st USENIX Security Symposium (USENIX Security\u201922). USENIX Association, Boston, MA, 3699\u20133715. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/zhang-zenong."}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3580597","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3580597","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:36Z","timestamp":1750178796000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3580597"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,29]]},"references-count":30,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2023,4,30]]}},"alternative-id":["10.1145\/3580597"],"URL":"https:\/\/doi.org\/10.1145\/3580597","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,3,29]]},"assertion":[{"value":"2022-06-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-12-14","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-03-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}