{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T20:40:34Z","timestamp":1770237634110,"version":"3.49.0"},"reference-count":59,"publisher":"Association for Computing Machinery (ACM)","issue":"FSE","license":[{"start":{"date-parts":[[2024,7,12]],"date-time":"2024-07-12T00:00:00Z","timestamp":1720742400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. ACM Softw. Eng."],"published-print":{"date-parts":[[2024,7,12]]},"abstract":"<jats:p>Directed fuzzing recently has gained significant attention due to its ability to reconstruct proof-of-concept (PoC) test cases for target code such as buggy lines or functions. Surprisingly, however, there has been no in-depth study on the way to properly evaluate directed fuzzers despite much progress in the field. In this paper, we present the first systematic study on the evaluation of directed fuzzers. In particular, we analyze common pitfalls in evaluating directed fuzzers with extensive experiments on five state-of-the-art tools, which amount to 30 CPU-years of computational effort, in order to confirm that different choices made at each step of the evaluation process can significantly impact the results. For example, we find that a small change in the crash triage logic can substantially affect the measured performance of a directed fuzzer, while the majority of the papers we studied do not fully disclose their crash triage scripts. We argue that disclosing the whole evaluation process is essential for reproducing research and facilitating future work in the field of directed fuzzing. In addition, our study reveals that several common evaluation practices in the current directed fuzzing literature can mislead the overall assessments. Thus, we identify such mistakes in previous papers and propose guidelines for evaluating directed fuzzers.<\/jats:p>","DOI":"10.1145\/3643741","type":"journal-article","created":{"date-parts":[[2024,7,12]],"date-time":"2024-07-12T10:22:09Z","timestamp":1720779729000},"page":"316-337","source":"Crossref","is-referenced-by-count":8,"title":["Evaluating Directed Fuzzers: Are We Heading in the Right Direction?"],"prefix":"10.1145","volume":"1","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-2442-8646","authenticated-orcid":false,"given":"Tae Eun","family":"Kim","sequence":"first","affiliation":[{"name":"KAIST, Daejeon, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5493-9174","authenticated-orcid":false,"given":"Jaeseung","family":"Choi","sequence":"additional","affiliation":[{"name":"Sogang University, Seoul, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-5171-9447","authenticated-orcid":false,"given":"Seongjae","family":"Im","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2671-0142","authenticated-orcid":false,"given":"Kihong","family":"Heo","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6012-7228","authenticated-orcid":false,"given":"Sang Kil","family":"Cha","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, Korea"}]}],"member":"320","published-online":{"date-parts":[[2024,7,12]]},"reference":[{"key":"e_1_3_1_2_1","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.1486"},{"key":"e_1_3_1_3_1","first-page":"1","article-title":"Stack Trace Analysis for Large Scale Debugging","author":"Arnold Dorian C.","year":"2007","unstructured":"Dorian C. Arnold, Dong H. Ahn, Bronis R. de Supinski, Gregory L. Lee, Barton P. Miller, and Martin Schulz. 2007. Stack Trace Analysis for Large Scale Debugging. In 21th International Parallel and Distributed Processing Symposium (IPDPS 2007), Proceedings, 26-30 March 2007, Long Beach, California, USA. 1\u201310.","journal-title":"21th International Parallel and Distributed Processing Symposium (IPDPS 2007), Proceedings, 26-30 March 2007, Long Beach, California, USA"},{"key":"e_1_3_1_4_1","article-title":"Finding Similar Failures Using Callstack Similarity","author":"Bartz Kevin","year":"2008","unstructured":"Kevin Bartz, Jack W. Stokes, John C. Platt, Ryan Kivett, David Grant, Silviu Calinoiu, and Gretchen Loihle. 2008. Finding Similar Failures Using Callstack Similarity. In Third Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, SysML 2008, December 11, 2008, San Diego, CA, USA, Proceedings.","journal-title":"Third Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, SysML 2008, December 11, 2008, San Diego, CA, USA, Proceedings"},{"key":"e_1_3_1_5_1","unstructured":"Trail Of Bits. 2017. CGC Challenge Dataset. https:\/\/github.com\/trailofbits\/cb_multios."},{"key":"e_1_3_1_6_1","unstructured":"Marcel B\u00f6hme. 2016. GCC Bug #70926. https:\/\/gcc.gnu.org\/bugzilla\/show_bug.cgi?id=70926."},{"key":"e_1_3_1_7_1","unstructured":"Marcel B\u00f6hme. 2016a. Patch for CVE-2016-4489. https:\/\/gcc.gnu.org\/git\/?p=gcc.git&a=commit;h=59dad006fa31fe3."},{"key":"e_1_3_1_8_1","unstructured":"Marcel B\u00f6hme. 2016b. Patch for CVE-2016-4492 and CVE-2016-4493. https:\/\/gcc.gnu.org\/git\/?p=gcc.git&a=commit;h=03ef0c6c55ab810."},{"key":"e_1_3_1_9_1","first-page":"2329","article-title":"Directed Greybox Fuzzing","author":"B\u00f6hme Marcel","year":"2017","unstructured":"Marcel B\u00f6hme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury. 2017. Directed Greybox Fuzzing. In Proceedings of the ACM Conference on Computer and Communications Security. 2329\u20132344.","journal-title":"Proceedings of the ACM Conference on Computer and Communications Security."},{"key":"e_1_3_1_10_1","article-title":"Benchmarking Solvers, SAT-style","author":"Brain Martin","year":"2017","unstructured":"Martin Brain, James H Davenport, and Alberto Griggio. 2017. Benchmarking Solvers, SAT-style. In Proceedings of ISSAC Workshop on Satisfiability Checking and Symbolic Computation.","journal-title":"Proceedings of ISSAC Workshop on Satisfiability Checking and Symbolic Computation"},{"key":"e_1_3_1_11_1","first-page":"561","article-title":"TargetFuzz: Using DARTs to Guide Directed Greybox Fuzzers","author":"Canakci Sadullah","year":"2022","unstructured":"Sadullah Canakci, Nikolay Matyunin, Kalman Graffi, Ajay Joshi, and Manuel Egele. 2022. TargetFuzz: Using DARTs to Guide Directed Greybox Fuzzers. In Proceedings of the Asia Conference on Computer and Communications Security. 561\u2013573.","journal-title":"Proceedings of the Asia Conference on Computer and Communications Security"},{"key":"e_1_3_1_12_1","first-page":"2095","article-title":"Hawkeye: Towards a Desired Directed Grey-box Fuzzer","author":"Chen Hongxu","year":"2018","unstructured":"Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu. 2018. Hawkeye: Towards a Desired Directed Grey-box Fuzzer. In Proceedings of the ACM Conference on Computer and Communications Security. 2095\u20132108.","journal-title":"Proceedings of the ACM Conference on Computer and Communications Security"},{"key":"e_1_3_1_13_1","first-page":"1580","article-title":"SAVIOR: Towards Bug-Driven Hybrid Testing","author":"Chen Yaohui","year":"2020","unstructured":"Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. 2020. SAVIOR: Towards Bug-Driven Hybrid Testing. In Proceedings of the IEEE Symposium on Security and Privacy. 1580\u20131596.","journal-title":"Proceedings of the IEEE Symposium on Security and Privacy"},{"key":"e_1_3_1_14_1","first-page":"144","article-title":"Guiding Dynamic Symbolic Execution Toward Unverified Program Executions","author":"Christakis Maria","year":"2016","unstructured":"Maria Christakis, Peter M\u00fcller, and Valentin W\u00fcstholz. 2016. Guiding Dynamic Symbolic Execution Toward Unverified Program Executions. In Proceedings of the International Conference on Software Engineering. 144\u2013155.","journal-title":"Proceedings of the International Conference on Software Engineering"},{"key":"e_1_3_1_15_1","first-page":"110","article-title":"LAVA: Large-scale Automated Vulnerability Addition","author":"Dolan-Gavitt Brendan","year":"2016","unstructured":"Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, Wil Robertson, Frederick Ulrich, and Ryan Whelan. 2016. LAVA: Large-scale Automated Vulnerability Addition. In Proceedings of the IEEE Symposium on Security and Privacy. 110\u2013121.","journal-title":"Proceedings of the IEEE Symposium on Security and Privacy"},{"key":"e_1_3_1_16_1","first-page":"110","article-title":"LAVA: Large-Scale Automated Vulnerability Addition","author":"Dolan-Gavitt Brendan","year":"2016","unstructured":"Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, William K. Robertson, Frederick Ulrich, and Ryan Whelan. 2016. LAVA: Large-Scale Automated Vulnerability Addition. In Proceedings of the IEEE Symposium on Security and Privacy. 110\u2013121.","journal-title":"Proceedings of the IEEE Symposium on Security and Privacy"},{"key":"e_1_3_1_17_1","first-page":"2440","article-title":"Windranger: A Directed Greybox Fuzzer driven by Deviation Basic Blocks","author":"Du Zhengjie","year":"2022","unstructured":"Zhengjie Du, Yuekang Li, Yang Liu, and Bing Mao. 2022. Windranger: A Directed Greybox Fuzzer driven by Deviation Basic Blocks. In Proceedings of the International Conference on Software Engineering. 2440\u20132451.","journal-title":"Proceedings of the International Conference on Software Engineering"},{"key":"e_1_3_1_18_1","unstructured":"Google. 2021. Fuzzer Test Suite. https:\/\/github.com\/google\/fuzzer-test-suite."},{"key":"e_1_3_1_19_1","first-page":"4535","article-title":"Systematic Assessment of Fuzzers using Mutation Analysis","author":"G\u00f6rz Philipp","year":"2023","unstructured":"Philipp G\u00f6rz, Bj\u00f6rn Mathis, Keno Hassler, Emre G\u00fcler, Thorsten Holz, Andreas Zeller, and Rahul Gopinath. 2023. Systematic Assessment of Fuzzers using Mutation Analysis. In Proceedings of the USENIX Security Symposium. 4535\u20134552.","journal-title":"Proceedings of the USENIX Security Symposium"},{"key":"e_1_3_1_20_1","first-page":"81","article-title":"Magma: A Ground-Truth Fuzzing Benchmark","author":"Hazimeh Ahmad","year":"2021","unstructured":"Ahmad Hazimeh, Adrian Herrera, and Mathias Payer. 2021. Magma: A Ground-Truth Fuzzing Benchmark. In Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems. 81\u201382.","journal-title":"Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems"},{"key":"e_1_3_1_21_1","first-page":"36","article-title":"Beacon: Directed Grey-Box Fuzzing with Provable Path Pruning","author":"Huang Heqing","year":"2022","unstructured":"Heqing Huang, Yiyuan Guo, Qingkai Shi, Peisen Yao, Rongxin Wu, and Charles Zhang. 2022. Beacon: Directed Grey-Box Fuzzing with Provable Path Pruning. In Proceedings of the IEEE Symposium on Security and Privacy. 36\u201350.","journal-title":"Proceedings of the IEEE Symposium on Security and Privacy"},{"key":"e_1_3_1_22_1","first-page":"486","article-title":"Crash graphs: An aggregated view of multiple crashes to improve crash triage","author":"Kim Sunghun","year":"2011","unstructured":"Sunghun Kim, Thomas Zimmermann, and Nachiappan Nagappan. 2011. Crash graphs: An aggregated view of multiple crashes to improve crash triage. In Proceedings of the International Conference on Dependable Systems and Networks. 486\u2013493.","journal-title":"Proceedings of the International Conference on Dependable Systems and Networks"},{"key":"e_1_3_1_23_1","unstructured":"Tae Eun Kim Jaeseung Choi Kihong Heo and Sang Kil Cha. 2023a. DAFL Artifact GitHub Repository. https:\/\/github.com\/prosyslab\/DAFL-artifact."},{"key":"e_1_3_1_24_1","first-page":"4931","article-title":"DAFL: Directed Grey-box Fuzzing guided by Data Dependency","author":"Kim Tae Eun","year":"2023","unstructured":"Tae Eun Kim, Jaeseung Choi, Kihong Heo, and Sang Kil Cha. 2023b. DAFL: Directed Grey-box Fuzzing guided by Data Dependency. In Proceedings of the USENIX Security Symposium. 4931\u20134948.","journal-title":"Proceedings of the USENIX Security Symposium"},{"key":"e_1_3_1_25_1","doi-asserted-by":"publisher","unstructured":"Tae Eun Kim Jaeseung Choi Seongjae Im Kihong Heo and Sang Kil Cha. 2024. Reproduction Package for the FSE 2024 Article \u2018Evaluating Directed Fuzzers: Are We Heading in the Right Direction?\u2019. https:\/\/doi.org\/10.5281\/zenodo.10669580 10.5281\/zenodo.10669580.","DOI":"10.5281\/zenodo.10669580"},{"key":"e_1_3_1_26_1","first-page":"2123","article-title":"Evaluating fuzz testing","author":"Klees George","year":"2018","unstructured":"George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. 2018. Evaluating fuzz testing. In Proceedings of the ACM Conference on Computer and Communications Security. 2123\u20132138.","journal-title":"Proceedings of the ACM Conference on Computer and Communications Security"},{"key":"e_1_3_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/b97377"},{"key":"e_1_3_1_28_1","first-page":"3559","article-title":"Constraint-guided Directed Greybox Fuzzing","author":"Lee Gwangmu","year":"2021","unstructured":"Gwangmu Lee, Woochul Shim, and Byoungyoung Lee. 2021. Constraint-guided Directed Greybox Fuzzing. In Proceedings of the USENIX Security Symposium. 3559\u20133576.","journal-title":"Proceedings of the USENIX Security Symposium"},{"key":"e_1_3_1_29_1","article-title":"Fuzzle: Making a Puzzle for Fuzzers","author":"Lee Haeun","year":"2022","unstructured":"Haeun Lee, Soomin Kim, and Sang Kil Cha. 2022. Fuzzle: Making a Puzzle for Fuzzers. In Proceedings of the International Conference on Automated Software Engineering.","journal-title":"Proceedings of the International Conference on Automated Software Engineering"},{"key":"e_1_3_1_30_1","first-page":"11","article-title":"On the Effectiveness of Synthetic Benchmarks for Evaluating Directed Grey-box Fuzzers","author":"Lee Haeun","year":"2023","unstructured":"Haeun Lee, Hee Dong Yang, Su Geun Ji, and Sang Kil Cha. 2023. On the Effectiveness of Synthetic Benchmarks for Evaluating Directed Grey-box Fuzzers. In Proceedings of the Asia-Pacific Software Engineering Conference. 11\u201320.","journal-title":"Proceedings of the Asia-Pacific Software Engineering Conference"},{"key":"e_1_3_1_31_1","doi-asserted-by":"crossref","unstructured":"Woosuk Lee. 2021. Combining the top-down propagation and bottom-up enumeration for inductive program synthesis. (2021) 1\u201328.","DOI":"10.1145\/3434335"},{"key":"e_1_3_1_32_1","first-page":"1050","article-title":"SELECTFUZZ: Efficient Directed Fuzzing with Selective Path Exploration","author":"Luo Changhua","year":"2023","unstructured":"Changhua Luo, Wei Meng, and Penghui Li. 2023. SELECTFUZZ: Efficient Directed Fuzzing with Selective Path Exploration. In Proceedings of the IEEE Symposium on Security and Privacy. 1050\u20131064.","journal-title":"Proceedings of the IEEE Symposium on Security and Privacy"},{"key":"e_1_3_1_33_1","article-title":"Demystify the Fuzzing Methods: A Comprehensive Survey","author":"Mallissery Sanoop","year":"2023","unstructured":"Sanoop Mallissery and Yu-Sung Wu. 2023. Demystify the Fuzzing Methods: A Comprehensive Survey. Comput. Surveys (2023).","journal-title":"Comput. Surveys"},{"key":"e_1_3_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2946563"},{"key":"e_1_3_1_35_1","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177730491"},{"key":"e_1_3_1_36_1","first-page":"1343","article-title":"Linear-time Temporal Logic guided Greybox Fuzzing","author":"Meng Ruijie","year":"2022","unstructured":"Ruijie Meng, Zhen Dong, Jialin Li, Ivan Beschastnikh, and Abhik Roychoudhury. 2022. Linear-time Temporal Logic guided Greybox Fuzzing. In Proceedings of the International Conference on Software Engineering. 1343\u20131355.","journal-title":"Proceedings of the International Conference on Software Engineering"},{"key":"e_1_3_1_37_1","first-page":"1393","article-title":"FuzzBench: An Open Fuzzer Benchmarking Platform and Service","author":"Metzman Jonathan","year":"2021","unstructured":"Jonathan Metzman, L\u00e1szl\u00f3 Szekeres, Laurent Simon, Read Sprabery, and Abhishek Arya. 2021. FuzzBench: An Open Fuzzer Benchmarking Platform and Service. In Proceedings of the International Symposium on Foundations of Software Engineering. 1393\u20131403.","journal-title":"Proceedings of the International Symposium on Foundations of Software Engineering"},{"key":"e_1_3_1_38_1","unstructured":"MITRE. 2016a. CVE-2016-4489. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-4489."},{"key":"e_1_3_1_39_1","unstructured":"MITRE. 2016b. CVE-2016-4491. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-4491."},{"key":"e_1_3_1_40_1","unstructured":"MITRE. 2016c. CVE-2016-4492. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-4492."},{"key":"e_1_3_1_41_1","unstructured":"MITRE. 2016d. CVE-2016-9831. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-9831."},{"key":"e_1_3_1_42_1","unstructured":"MITRE. 2019. CVE-2019-9071. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-9071."},{"key":"e_1_3_1_43_1","unstructured":"MITRE. 2023. MITRE CVE Database. https:\/\/cve.mitre.org."},{"key":"e_1_3_1_44_1","first-page":"47","article-title":"Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities","author":"Nguyen Manh-Dung","year":"2020","unstructured":"Manh-Dung Nguyen, S\u00e9bastien Bardin, Richard Bonichon, Roland Groz, and Matthieu Lemerre. 2020. Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities. In Proceedings of the International Conference on Research in Attacks, Intrusions, and Defenses. 47\u201362.","journal-title":"Proceedings of the International Conference on Research in Attacks, Intrusions, and Defenses"},{"key":"e_1_3_1_45_1","first-page":"2289","article-title":"ParmeSan: Sanitizer-Guided Greybox Fuzzing","author":"\u00d6sterlund Sebastian","year":"2020","unstructured":"Sebastian \u00d6sterlund, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2020. ParmeSan: Sanitizer-Guided Greybox Fuzzing. In Proceedings of the USENIX Security Symposium. 2289\u20132306.","journal-title":"Proceedings of the USENIX Security Symposium"},{"key":"e_1_3_1_46_1","first-page":"214","article-title":"EvilCoder: Automated Bug Insertion","author":"Pewny Jannik","year":"2016","unstructured":"Jannik Pewny and Thorsten Holz. 2016. EvilCoder: Automated Bug Insertion. In Proceedings of the Annual Computer Security Applications Conference. 214\u2013225.","journal-title":"Proceedings of the Annual Computer Security Applications Conference"},{"key":"e_1_3_1_47_1","first-page":"224","article-title":"Bug Synthesis: Challenging Bug-Finding Tools with Deep Faults","author":"Roy Subhajit","year":"2018","unstructured":"Subhajit Roy, Awanish Pandey, Brendan Dolan-Gavitt, and Yu Hu. 2018. Bug Synthesis: Challenging Bug-Finding Tools with Deep Faults. In Proceedings of the International Symposium on Foundations of Software Engineering. 224\u2013234.","journal-title":"Proceedings of the International Symposium on Foundations of Software Engineering"},{"key":"e_1_3_1_48_1","first-page":"499","article-title":"Detection of Duplicate Defect Reports Using Natural Language Processing","author":"Runeson Per","year":"2007","unstructured":"Per Runeson, Magnus Alexandersson, and Oskar Nyholm. 2007. Detection of Duplicate Defect Reports Using Natural Language Processing. In Proceedings of the International Conference on Software Engineering. 499\u2013510.","journal-title":"Proceedings of the International Conference on Software Engineering"},{"key":"e_1_3_1_49_1","first-page":"309","article-title":"AddressSanitizer: A Fast Address Sanity Checker","author":"Serebryany Konstantin","year":"2012","unstructured":"Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In Proceedings of the USENIX Annual Technical Conference. 309\u2013318.","journal-title":"Proceedings of the USENIX Annual Technical Conference"},{"key":"e_1_3_1_50_1","first-page":"2595","article-title":"MC2: Rigorous and Efficient Directed Greybox Fuzzing","author":"Shah Abhishek","year":"2022","unstructured":"Abhishek Shah, Dongdong She, Samanway Sadhu, Krish Singal, Peter Coffman, and Suman Jana. 2022. MC2: Rigorous and Efficient Directed Greybox Fuzzing. In Proceedings of the ACM Conference on Computer and Communications Security. 2595\u20132609.","journal-title":"Proceedings of the ACM Conference on Computer and Communications Security"},{"key":"e_1_3_1_51_1","doi-asserted-by":"crossref","first-page":"388","DOI":"10.1145\/3564625.3564643","article-title":"One Fuzz Doesn\u2019t Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction","author":"Srivastava Prashast","year":"2022","unstructured":"Prashast Srivastava, Stefan Nagy, Matthew Hicks, Antonio Bianchi, and Mathias Payer. 2022. One Fuzz Doesn\u2019t Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction. In Proceedings of the Annual Computer Security Applications Conference. 388\u2013399.","journal-title":"Proceedings of the Annual Computer Security Applications Conference"},{"key":"e_1_3_1_52_1","article-title":"SoK: The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing","author":"Wang Pengfei","year":"2020","unstructured":"Pengfei Wang, Xu Zhou, Kai Lu, Tai Yue, and Yingying Liu. 2020. SoK: The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing. CoRR (2020). arXiv:2005.11907","journal-title":"CoRR"},{"key":"e_1_3_1_53_1","first-page":"497","article-title":"TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection","author":"Wang Tielei","year":"2010","unstructured":"Tielei Wang, Tao Wei, Guofei Gu, and Wei Zou. 2010. TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection. In Proceedings of the IEEE Symposium on Security and Privacy. 497\u2013512.","journal-title":"Proceedings of the IEEE Symposium on Security and Privacy"},{"key":"e_1_3_1_54_1","first-page":"461","article-title":"An approach to detecting duplicate bug reports using natural language and execution information","author":"Wang Xiaoyin","year":"2008","unstructured":"Xiaoyin Wang, Lu Zhang, Tao Xie, John Anvik, and Jiasu Sun. 2008. An approach to detecting duplicate bug reports using natural language and execution information. In Proceedings of the International Conference on Software Engineering. 461\u2013470.","journal-title":"Proceedings of the International Conference on Software Engineering"},{"key":"e_1_3_1_55_1","unstructured":"Mark Wielaard. 2016a. Initial patch of CVE-2016-4491. https:\/\/gcc.gnu.org\/git\/?p=gcc.git&a=commit;h=a46586c34f32db5."},{"key":"e_1_3_1_56_1","unstructured":"Mark Wielaard. 2016b. Supplementary patch for CVE-2016-4491. https:\/\/gcc.gnu.org\/git\/?p=gcc.git&a=commit;h=6b086d35b79425d."},{"key":"e_1_3_1_57_1","doi-asserted-by":"crossref","first-page":"1657","DOI":"10.1145\/3591288","article-title":"Inductive Program Synthesis via Iterative Forward-Backward Abstract Interpretation","author":"Yoon Yongho","year":"2023","unstructured":"Yongho Yoon, Woosuk Lee, and Kwangkeun Yi. 2023. Inductive Program Synthesis via Iterative Forward-Backward Abstract Interpretation. In Proceedings of the ACM Conference on Programming Language Design and Implementation. 1657\u20131681.","journal-title":"Proceedings of the ACM Conference on Programming Language Design and Implementation"},{"key":"e_1_3_1_58_1","first-page":"3699","article-title":"FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing","author":"Zhang Zenong","year":"2022","unstructured":"Zenong Zhang, Zach Patterson, Michael Hicks, and Shiyi Wei. 2022. FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing. In Proceedings of the USENIX Security Symposium. 3699\u20133715.","journal-title":"Proceedings of the USENIX Security Symposium"},{"key":"e_1_3_1_59_1","first-page":"1343","article-title":"FISHFUZZ: Catch Deeper Bugs by Throwing Larger Nets","author":"Zheng Han","year":"2023","unstructured":"Han Zheng, Jiayuan Zhang, Yuhang Huang, Zezhong Ren, He Wang, Chunjie Cao, Yuqing Zhang, Flavio Toffalini, and Mathias Payer. 2023. FISHFUZZ: Catch Deeper Bugs by Throwing Larger Nets. In Proceedings of the USENIX Security Symposium. 1343\u20131360.","journal-title":"Proceedings of the USENIX Security Symposium"},{"key":"e_1_3_1_60_1","first-page":"2255","article-title":"FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning","author":"Zong Peiyuan","year":"2020","unstructured":"Peiyuan Zong, Tao Lv, Dawei Wang, Zizhuang Deng, Ruigang Liang, and Kai Chen. 2020. FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning. In Proceedings of the USENIX Security Symposium. 2255\u20132269.","journal-title":"Proceedings of the USENIX Security Symposium"}],"container-title":["Proceedings of the ACM on Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643741","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3643741","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T08:06:53Z","timestamp":1770192413000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643741"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,12]]},"references-count":59,"journal-issue":{"issue":"FSE","published-print":{"date-parts":[[2024,7,12]]}},"alternative-id":["10.1145\/3643741"],"URL":"https:\/\/doi.org\/10.1145\/3643741","relation":{},"ISSN":["2994-970X"],"issn-type":[{"value":"2994-970X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7,12]]}}}