{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T04:08:19Z","timestamp":1769746099065,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,11]],"date-time":"2024-09-11T00:00:00Z","timestamp":1726012800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,11]]},"DOI":"10.1145\/3650212.3680351","type":"proceedings-article","created":{"date-parts":[[2024,9,11]],"date-time":"2024-09-11T11:44:25Z","timestamp":1726055065000},"page":"1174-1185","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Tacoma: Enhanced Browser Fuzzing with Fine-Grained Semantic Alignment"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-3100-0534","authenticated-orcid":false,"given":"Jiashui","family":"Wang","sequence":"first","affiliation":[{"name":"Zhejiang University, Hang Zhou, China \/ Ant Group, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4934-5811","authenticated-orcid":false,"given":"Peng","family":"Qian","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-2681-869X","authenticated-orcid":false,"given":"Xilin","family":"Huang","sequence":"additional","affiliation":[{"name":"Ant Group, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-2082-863X","authenticated-orcid":false,"given":"Xinlei","family":"Ying","sequence":"additional","affiliation":[{"name":"Ant Group, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4103-1498","authenticated-orcid":false,"given":"Yan","family":"Chen","sequence":"additional","affiliation":[{"name":"Northwestern University, Evanston, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4268-372X","authenticated-orcid":false,"given":"Shouling","family":"Ji","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3524-3443","authenticated-orcid":false,"given":"Jianhai","family":"Chen","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-2344-4898","authenticated-orcid":false,"given":"Jundong","family":"Xie","sequence":"additional","affiliation":[{"name":"Ant Group, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-5032-8475","authenticated-orcid":false,"given":"Long","family":"Liu","sequence":"additional","affiliation":[{"name":"Ant Group, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,9,11]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. A collection of fuzzers in a harness for testing the spidermonkey javascript engine.. https:\/\/github.com\/MozillaSecurity\/funfuzz"},{"key":"e_1_3_2_1_2_1","unstructured":"[n. d.]. Gcov. https:\/\/en.wikipedia.org\/wiki\/Gcov"},{"key":"e_1_3_2_1_3_1","volume-title":"22nd USENIX security symposium (USENIX Security 13). 257\u2013272.","author":"Akhawe Devdatta","unstructured":"Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in warningland: a $Large-Scale$ field study of browser security warning effectiveness. In 22nd USENIX security symposium (USENIX Security 13). 257\u2013272."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560624"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.68"},{"key":"e_1_3_2_1_6_1","volume-title":"Security: TFC 2023 UAF in WebAudio \/ Renderer RCE. https:\/\/issues.chromium.org\/issues\/40075943","author":"Chrome Google","year":"2023","unstructured":"Google Chrome. 2023. Security: TFC 2023 UAF in WebAudio \/ Renderer RCE. https:\/\/issues.chromium.org\/issues\/40075943"},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings 14th Euromicro Conference on Real-Time Systems. Euromicro RTS 2002. 50\u201359","author":"Colin Antoine","year":"2002","unstructured":"Antoine Colin and Guillem Bernat. 2002. Scope-tree: A program representation for symbolic worst-case execution time analysis. In Proceedings 14th Euromicro Conference on Real-Time Systems. Euromicro RTS 2002. 50\u201359."},{"key":"e_1_3_2_1_8_1","volume-title":"Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. In NDSS.","author":"Dinh Sung Ta","year":"2021","unstructured":"Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Kyle Zeng, Alexandros Kapravelos, Gail-Joon Ahn, Tiffany Bao, Ruoyu Wang, and Adam Doup\u00e9. 2021. Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. In NDSS."},{"key":"e_1_3_2_1_9_1","unstructured":"Ivan Fratric. [n. d.]. DOM fuzzer. https:\/\/github.com\/googleprojectzero\/domato"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1375581.1375607"},{"key":"e_1_3_2_1_11_1","volume-title":"Fuzzil: Coverage guided fuzzing for javascript engines. Department of Informatics","author":"Gro\u00df Samuel","year":"2018","unstructured":"Samuel Gro\u00df. 2018. Fuzzil: Coverage guided fuzzing for javascript engines. Department of Informatics, Karlsruhe Institute of Technology."},{"key":"e_1_3_2_1_12_1","volume-title":"FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities. In Network and Distributed Systems Security (NDSS) Symposium.","author":"Gro\u00df Samuel","year":"2023","unstructured":"Samuel Gro\u00df, Simon Koch, Lukas Bernhard, Thorsten Holz, and Martin Johns. 2023. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities. In Network and Distributed Systems Security (NDSS) Symposium."},{"key":"e_1_3_2_1_13_1","volume-title":"2013 Second International Conference on Informatics & Applications (ICIA). 212\u2013215","author":"Guo Tao","year":"2013","unstructured":"Tao Guo, Puhan Zhang, Xin Wang, and Qiang Wei. 2013. Gramfuzz: Fuzzing testing of web browsers based on grammar analysis and structural mutation. In 2013 Second International Conference on Informatics & Applications (ICIA). 212\u2013215."},{"key":"e_1_3_2_1_14_1","volume-title":"FuzzGAN: A Generation-Based Fuzzing Framework for Testing Deep Neural Networks. In 2022 IEEE 24th Int Conf on High Performance Computing & Communications","author":"Han Ge","unstructured":"Ge Han, Zheng Li, Peng Tang, Chengyu Hu, and Shanqing Guo. 2022. FuzzGAN: A Generation-Based Fuzzing Framework for Testing Deep Neural Networks. In 2022 IEEE 24th Int Conf on High Performance Computing & Communications; 8th Int Conf on Data Science & Systems; 20th Int Conf on Smart City; 8th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC\/DSS\/SmartCity\/DependSys). 1601\u20131608."},{"key":"e_1_3_2_1_15_1","unstructured":"HyungSeok Han DongHyeon Oh and Sang Kil Cha. 2019. CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines.. In NDSS."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484823"},{"key":"e_1_3_2_1_17_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Kim Sunwoo","year":"2022","unstructured":"Sunwoo Kim, Young Min Kim, Jaewon Hur, Suhwan Song, Gwangmu Lee, and Byoungyoung Lee. 2022. $FuzzOrigin$: Detecting $UXSS$ vulnerabilities in Browsers through Origin Fuzzing. In 31st USENIX Security Symposium (USENIX Security 22). 1008\u20131023."},{"key":"e_1_3_2_1_18_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Lee Suyoung","year":"2020","unstructured":"Suyoung Lee, HyungSeok Han, Sang Kil Cha, and Sooel Son. 2020. Montage: A neural network language $Model-Guided$$JavaScript$ engine fuzzer. In 29th USENIX Security Symposium (USENIX Security 20). 2613\u20132630."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2834476"},{"key":"e_1_3_2_1_20_1","volume-title":"2015 International Carnahan Conference on Security Technology (ICCST). 1\u20136.","author":"Lin Ying-Dar","year":"2015","unstructured":"Ying-Dar Lin, Feng-Ze Liao, Shih-Kun Huang, and Yuan-Cheng Lai. 2015. Browser fuzzing by scheduled mutation and generation of document object models. In 2015 International Carnahan Conference on Security Technology (ICCST). 1\u20136."},{"key":"e_1_3_2_1_21_1","first-page":"1","article-title":"Generation-based Differential Fuzzing for Deep Learning Libraries","volume":"33","author":"Liu Jiawei","year":"2023","unstructured":"Jiawei Liu, Yuheng Huang, Zhijie Wang, Lei Ma, Chunrong Fang, Mingzheng Gu, Xufan Zhang, and Zhenyu Chen. 2023. Generation-based Differential Fuzzing for Deep Learning Libraries. ACM Transactions on Software Engineering and Methodology, 33, 2 (2023), 1\u201328.","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v33i01.33011044"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3237370"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3623375"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2946563"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","first-page":"103178","DOI":"10.1016\/j.cose.2023.103178","article-title":"Generation-based fuzzing? Don\u2019t build a new generator, reuse!","volume":"129","author":"Pang Chengbin","year":"2023","unstructured":"Chengbin Pang, Hongbin Liu, Yifan Wang, Neil Zhenqiang Gong, Bing Mao, and Jun Xu. 2023. Generation-based fuzzing? Don\u2019t build a new generator, reuse!. Computers & Security, 129 (2023), 103178.","journal-title":"Computers & Security"},{"key":"e_1_3_2_1_27_1","volume-title":"2020 IEEE Symposium on Security and Privacy (SP). 1629\u20131642","author":"Park Soyeon","year":"2020","unstructured":"Soyeon Park, Wen Xu, Insu Yun, Daehee Jang, and Taesoo Kim. 2020. Fuzzing javascript engines with aspect-preserving mutation. In 2020 IEEE Symposium on Security and Privacy (SP). 1629\u20131642."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"Peng Qian Hanjie Wu Zeren Du Turan Vural Dazhong Rong Zheng Cao Lun Zhang Yanbin Wang Jianhai Chen and Qinming He. 2023. MuFuzz: Sequence-Aware Mutation and Seed Mask Guidance for Blockchain Smart Contract Fuzzing. arXiv preprint arXiv:2312.04512.","DOI":"10.1109\/ICDE60146.2024.00158"},{"key":"e_1_3_2_1_29_1","unstructured":"Mozilla Security. [n. d.]. dharma. https:\/\/github.com\/posidron\/dharma"},{"key":"e_1_3_2_1_30_1","unstructured":"SensePost. [n. d.]. Wadi Fuzzing Harness. https:\/\/github.com\/sensepost\/wadi"},{"key":"e_1_3_2_1_31_1","unstructured":"Konstantin Serebryany Derek Bruening Alexander Potapenko and Dmitriy Vyukov. 2012. $AddressSanitizer$: A fast address sanity checker. In 2012 USENIX annual technical conference (USENIX ATC 12). 309\u2013318."},{"key":"e_1_3_2_1_32_1","volume-title":"2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE). 215\u2013226","author":"Shou Chaofan","year":"2021","unstructured":"Chaofan Shou, Ismet Burak Kadron, Qi Su, and Tevfik Bultan. 2021. CorbFuzz: Checking browser security policies with fuzzing. In 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE). 215\u2013226."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987466"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133966"},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 1075\u20131087","author":"Song Suhwan","year":"2023","unstructured":"Suhwan Song and Byoungyoung Lee. 2023. Metamong: Detecting Render-Update Bugs in Web Browsers through Fuzzing. In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 1075\u20131087."},{"key":"e_1_3_2_1_36_1","unstructured":"NVD team. 2024. NATIONAL VULNERABILITY DATABASE. https:\/\/nvd.nist.gov"},{"key":"e_1_3_2_1_37_1","unstructured":"WebIDL Team. 2024. Web IDL Standard. https:\/\/webidl.spec.whatwg.org"},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings, Part I 26","author":"van Rooij Orpheas","year":"2021","unstructured":"Orpheas van Rooij, Marcos Antonios Charalambous, Demetris Kaizer, Michalis Papaevripides, and Elias Athanasopoulos. 2021. webfuzz: Grey-box fuzzing for web applications. In Computer Security\u2013ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4\u20138, 2021, Proceedings, Part I 26. 152\u2013172."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.23"},{"key":"e_1_3_2_1_40_1","volume-title":"FuzzJIT: Oracle-Enhanced Fuzzing for JavaScript Engine JIT Compiler. In USENIX Security Symposium. USENIX.","author":"Wang Junjie","year":"2023","unstructured":"Junjie Wang, Zhiyi Zhang, Shuang Liu, Xiaoning Du, and Junjie Chen. 2023. FuzzJIT: Oracle-Enhanced Fuzzing for JavaScript Engine JIT Compiler. In USENIX Security Symposium. USENIX."},{"key":"e_1_3_2_1_41_1","volume-title":"COOPER: Testing the Binding Code of Scripting Languages with Cooperative Mutation.. In NDSS.","author":"Xu Peng","year":"2022","unstructured":"Peng Xu, Yanhao Wang, Hong Hu, and Purui Su. 2022. COOPER: Testing the Binding Code of Scripting Languages with Cooperative Mutation.. In NDSS."},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 971\u2013986","author":"Xu Wen","year":"2020","unstructured":"Wen Xu, Soyeon Park, and Taesoo Kim. 2020. Freedom: Engineering a state-of-the-art dom fuzzer. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 971\u2013986."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993532"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3453483.3454054"},{"key":"e_1_3_2_1_45_1","volume-title":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 2441\u20132455","author":"Yu Jianjia","year":"2023","unstructured":"Jianjia Yu, Song Li, Junmin Zhu, and Yinzhi Cao. 2023. CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 2441\u20132455."},{"key":"e_1_3_2_1_46_1","unstructured":"M Zalewski. [n. d.]. cross_fuzz. https:\/\/lcamtuf.coredump.cx\/cross_fuzz"},{"key":"e_1_3_2_1_47_1","volume-title":"Proceedings of the ACM on Programming Languages, 7, OOPSLA2","author":"Zhou Chijin","year":"2023","unstructured":"Chijin Zhou, Quan Zhang, Lihua Guo, Mingzhe Wang, Yu Jiang, Qing Liao, Zhiyong Wu, Shanshan Li, and Bin Gu. 2023. Towards Better Semantics Exploration for Browser Fuzzing. Proceedings of the ACM on Programming Languages, 7, OOPSLA2 (2023), 604\u2013631."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549107"}],"event":{"name":"ISSTA '24: 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis","location":"Vienna Austria","acronym":"ISSTA '24","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","AITO"]},"container-title":["Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3650212.3680351","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3650212.3680351","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:50:08Z","timestamp":1750287008000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3650212.3680351"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,11]]},"references-count":48,"alternative-id":["10.1145\/3650212.3680351","10.1145\/3650212"],"URL":"https:\/\/doi.org\/10.1145\/3650212.3680351","relation":{},"subject":[],"published":{"date-parts":[[2024,9,11]]},"assertion":[{"value":"2024-09-11","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}