{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T16:07:15Z","timestamp":1769357235084,"version":"3.49.0"},"reference-count":49,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2025,1,21]],"date-time":"2025-01-21T00:00:00Z","timestamp":1737417600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"SW Research and Development Program","award":["UC210018AD"],"award-info":[{"award-number":["UC210018AD"]}]},{"name":"The National Research Fund, South Korea","award":["NRF-2020R1C1C1013512, NRF-2021R1A5A1021944, NRF-RS-2023-00253977, and NRF-RS-2024-00357348"],"award-info":[{"award-number":["NRF-2020R1C1C1013512, NRF-2021R1A5A1021944, NRF-RS-2023-00253977, and NRF-RS-2024-00357348"]}]},{"name":"Korea government","award":["2021-0-00905-001"],"award-info":[{"award-number":["2021-0-00905-001"]}]},{"DOI":"10.13039\/501100002380","name":"Hanyang University","doi-asserted-by":"crossref","award":["(HY-2020)"],"award-info":[{"award-number":["(HY-2020)"]}],"id":[{"id":"10.13039\/501100002380","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100004358","name":"Samsung Electronics","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100004358","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2025,2,28]]},"abstract":"<jats:p>\n            Command-line options (e.g.,\n            <jats:monospace>-l<\/jats:monospace>\n            ,\n            <jats:monospace>-F<\/jats:monospace>\n            ,\n            <jats:monospace>-R<\/jats:monospace>\n            for\n            <jats:monospace>ls<\/jats:monospace>\n            ) given to a command-line program can significantly alternate the behaviors of the program. Thus, fuzzing not only file input but also program options can improve test coverage and bug detection. In this article, we propose ZigZagFuzz which achieves higher test coverage and detects more bugs than the state-of-the-art fuzzers by separately mutating program options and file inputs in an iterative\/interleaving manner. ZigZagFuzz applies the following three core ideas. First, to utilize different characteristics of the program option domain and the file input domain, ZigZagFuzz separates phases of mutating program options from ones of mutating file inputs and performs two distinct mutation strategies on the two different domains. Second, to reach deep segments of a target program that are accessed through an interleaving sequence of program option checks and file inputs checks, ZigZagFuzz continuously interleaves phases of mutating program options with phases of mutating file inputs. Finally, to improve fuzzing performance further, ZigZagFuzz periodically shrinks input corpus by removing similar test inputs based on their function coverage. The experiment results on the 20 real-world programs show that ZigZagFuzz improves test coverage and detects 1.9 to 10.6 times more bugs than the state-of-the-art fuzzers that mutate program options such as AFL++-argv, AFL++-all, Eclipser, CarpetFuzz, ConfigFuzz, and POWER. We have reported the new bugs detected by ZigZagFuzz, and the original developers confirmed our bug reports.\n          <\/jats:p>","DOI":"10.1145\/3697014","type":"journal-article","created":{"date-parts":[[2024,9,26]],"date-time":"2024-09-26T15:43:55Z","timestamp":1727365435000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["ZigZagFuzz: Interleaved Fuzzing of Program Options and Files"],"prefix":"10.1145","volume":"34","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3798-3667","authenticated-orcid":false,"given":"Ahcheong","family":"Lee","sequence":"first","affiliation":[{"name":"KAIST, Daejeon, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-8467-3424","authenticated-orcid":false,"given":"Youngseok","family":"Choi","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4217-6031","authenticated-orcid":false,"given":"Shin","family":"Hong","sequence":"additional","affiliation":[{"name":"Chungbuk National University, Cheongju, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6366-6916","authenticated-orcid":false,"given":"Yunho","family":"Kim","sequence":"additional","affiliation":[{"name":"Hanyang University, Seoul, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-4037-1486","authenticated-orcid":false,"given":"Kyutae","family":"Cho","sequence":"additional","affiliation":[{"name":"LIG Nex1 AI R&amp;D, Seoul, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1424-1177","authenticated-orcid":false,"given":"Moonzoo","family":"Kim","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, South Korea"}]}],"member":"320","published-online":{"date-parts":[[2025,1,21]]},"reference":[{"key":"e_1_3_2_2_2","first-page":"1","volume-title":"Proceedings of the Symposium on Network and Distributed System Security (NDSS \u201919)","volume":"19","author":"Aschermann Cornelius","year":"2019","unstructured":"Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with input-to-state correspondence. In Proceedings of the Symposium on Network and Distributed System Security (NDSS \u201919), 19 (2019), 1\u201315."},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2785841"},{"key":"e_1_3_2_5_2","doi-asserted-by":"crossref","first-page":"711","DOI":"10.1109\/SP.2018.00046","volume-title":"Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP \u201918)","author":"Chen P.","year":"2018","unstructured":"P. Chen and H. Chen. 2018. Angora: Efficient fuzzing by principled search. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP \u201918), 711\u2013725."},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2020.00002"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329828"},{"key":"e_1_3_2_8_2","first-page":"736","volume-title":"Proceedings of the International Conference on Software Engineering","author":"Choi Jaeseung","year":"2019","unstructured":"Jaeseung Choi, Joonun Jang, Choongwoo Han, and Sang Kil Cha. 2019. Grey-box concolic testing on binary code. In Proceedings of the International Conference on Software Engineering, 736\u2013747."},{"key":"e_1_3_2_9_2","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1109\/ICST.2019.00015","volume-title":"Proceedings of the 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST \u201919)","author":"Coppik N.","year":"2019","unstructured":"N. Coppik, O. Schwahn, and N. Suri. 2019. MemFuzz: Using memory accesses to guide fuzzing. In Proceedings of the 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST \u201919), 48\u201358."},{"key":"e_1_3_2_10_2","doi-asserted-by":"crossref","first-page":"1497","DOI":"10.1109\/SP40000.2020.00009","volume-title":"Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP \u201920)","author":"Dinesh S.","year":"2020","unstructured":"S. Dinesh, Nathan Burow, D. Xu, and M. Payer. 2020. RetroWrite: Statically instrumenting COTS binaries for fuzzing and sanitization. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP \u201920), 1497\u20131511."},{"key":"e_1_3_2_11_2","first-page":"2829","volume-title":"Proceedings of the 30th USENIX Security Symposium (USENIX Security \u201921)","author":"Fioraldi Andrea","year":"2021","unstructured":"Andrea Fioraldi, Daniele Cono D\u2019Elia, and Davide Balzarotti. 2021. The use of likely invariants as feedback for fuzzers. In Proceedings of the 30th USENIX Security Symposium (USENIX Security \u201921). USENIX Association, 2829\u20132846. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/fioraldi"},{"key":"e_1_3_2_12_2","volume-title":"Proceedings of the 14th USENIX Workshop on Offensive Technologies (WOOT \u201920)","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. AFL++: Combining incremental steps of fuzzing research. In Proceedings of the 14th USENIX Workshop on Offensive Technologies (WOOT \u201920). USENIX Association. Retrieved from https:\/\/www.usenix.org\/conference\/woot20\/presentation\/fioraldi"},{"key":"e_1_3_2_13_2","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security \u201920)","author":"Gan Shuitao","year":"2020","unstructured":"Shuitao Gan, Chao Zhang, Peng Chen, Bodong Zhao, Xiaojun Qin, Dong Wu, and Zuoning Chen. 2020. GREYONE: Data flow sensitive fuzzing. In Proceedings of the 29th USENIX Security Symposium (USENIX Security \u201920). USENIX Association, Boston, MA. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/gan"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00040"},{"key":"e_1_3_2_15_2","unstructured":"Google. 2016. OSS-Fuzz. Retrieved 3 October 2021 from https:\/\/google.github.io\/oss-fuzz\/"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3558918"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464795"},{"key":"e_1_3_2_18_2","first-page":"445","volume-title":"Proceedings of the 21st USENIX Security Symposium (USENIX Security \u201912)","author":"Holler Christian","year":"2012","unstructured":"Christian Holler, Kim Herzig, and Andreas Zeller. 2012. Fuzzing with code fragments. In Proceedings of the 21st USENIX Security Symposium (USENIX Security \u201912). USENIX Association, Bellevue, WA, 445\u2013458. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/holler"},{"key":"e_1_3_2_19_2","first-page":"315","volume-title":"Proceedings of the International Conference on Software Engineering (ICSE \u201918)","author":"Kim Yunho","year":"2018","unstructured":"Yunho Kim, Yunja Choi, and Moonzoo Kim. 2018. Precise concolic unit testing of C programs using extended units and symbolic alarm filtering. In Proceedings of the International Conference on Software Engineering (ICSE \u201918), 315\u2013326."},{"key":"e_1_3_2_20_2","first-page":"220","volume-title":"Proceedings of the 2022 IEEE Conference on Software Testing, Verification and Validation (ICST \u201922)","author":"Lee Ahcheong","year":"2022","unstructured":"Ahcheong Lee, Irfan Ariq, Yunho Kim, and Moonzoo Kim. 2022. POWER: Program option-aware fuzzer for high bug detection ability. In Proceedings of the 2022 IEEE Conference on Software Testing, Verification and Validation (ICST \u201922). IEEE, 220\u2013231."},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213874"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238176"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER50967.2021.00019"},{"key":"e_1_3_2_24_2","first-page":"2777","volume-title":"Proceedings of the 30th USENIX Security Symposium (USENIX Security \u201921)","author":"Li Yuwei","year":"2021","unstructured":"Yuwei Li, Shouling Ji, Yuan Chen, Sizhuang Liang, Wei-Han Lee, Yueyao Chen, Chenyang Lyu, Chunming Wu, Raheem Beyah, Peng Cheng, Kangjie Lu, and Ting Wang. 2021. UNIFUZZ: A holistic and pragmatic metrics-driven platform for evaluating fuzzers. In Proceedings of the 30th USENIX Security Symposium (USENIX Security \u201921). USENIX Association, 2777\u20142794. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/li-yuwei"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338975"},{"key":"e_1_3_2_26_2","first-page":"1949","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security \u201919)","author":"Lyu Chenyang","year":"2019","unstructured":"Chenyang Lyu, Shouling Ji, Chao Zhang, Yuwei Li, Wei-Han Lee, Yu Song, and Raheem Beyah. 2019. MOPT: Optimized mutation scheduling for fuzzers. In Proceedings of the 28th USENIX Security Symposium (USENIX Security \u201919). USENIX Association, Santa Clara, CA, 1949\u20131966. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/lyu"},{"key":"e_1_3_2_27_2","first-page":"1024","volume-title":"Proceedings of the 42nd International Conference on Software Engineering (ICSE \u201920)","author":"Man\u00e8s Valentin J. M.","year":"2020","unstructured":"Valentin J. M. Man\u00e8s, Soomin Kim, and Sang Kil Cha. 2020. Ankou: Guiding grey-box fuzzing towards combinatorial difference. In Proceedings of the 42nd International Conference on Software Engineering (ICSE \u201920). IEEE Press, Seoul, Korea (South), 1024\u20131036."},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2946563"},{"key":"e_1_3_2_29_2","doi-asserted-by":"crossref","unstructured":"Jonathan Metzman Abhishek Arya and Laszlo Szekeres. 2020. FuzzBench: Fuzzer Benchmarking as a Service. Retrieved from https:\/\/security.googleblog.com\/2020\/03\/fuzzbench-fuzzer-benchmarking-as-service.html","DOI":"10.1145\/3468264.3473932"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00069"},{"key":"e_1_3_2_31_2","first-page":"1683","volume-title":"Proceedings of the 30th USENIX Security Symposium (USENIX Security \u201921)","author":"Nagy Stefan","year":"2021","unstructured":"Stefan Nagy, Anh Nguyen-Tuong, Jason D. Hiser, Jack W. Davidson, and Matthew Hicks. 2021. Breaking through binaries: Compiler-quality instrumentation for better binary-only fuzzing. In Proceedings of the 30th USENIX Security Symposium (USENIX Security \u201921). USENIX Association, 1683\u20131700. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/nagy"},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330576"},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2941681"},{"key":"e_1_3_2_34_2","first-page":"1","article-title":"VUzzer: Application-aware evolutionary fuzzing","volume":"17","author":"Rawat Sanjay","year":"2017","unstructured":"Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Application-aware evolutionary fuzzing. In NDSS, Vol. 17, 1\u201314.","journal-title":"NDSS"},{"key":"e_1_3_2_35_2","unstructured":"K. Serebryany D. Bruening A. Potapenko and D. Vyukov. 2012. AddressSanitizer: A fast address sanity checker (USENIX ATC)."},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/AHICI.2009.5340335"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3079857"},{"key":"e_1_3_2_38_2","volume-title":"Proceedings of the 32nd USENIX Conference on Security Symposium","author":"Wang Dawei","year":"2023","unstructured":"Dawei Wang, Ying Li, Zhiyu Zhang, and Kai Chen. 2023. CarpetFuzz: Automatic program option constraint extraction from documentation for fuzzing. In Proceedings of the 32nd USENIX Conference on Security Symposium. USENIX Association, Anaheim, CA."},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00081"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09927-3"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24422"},{"key":"e_1_3_2_42_2","unstructured":"Zi Wang Ben Liblit and Thomas Reps. 2020. TOFU: Target-oriented fuzzer. arXiv:2004.14375."},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380396"},{"key":"e_1_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678685"},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2936235"},{"key":"e_1_3_2_46_2","first-page":"2307","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security \u201920)","author":"Yue Tai","year":"2020","unstructured":"Tai Yue, Pengfei Wang, Yong Tang, Enze Wang, Bo Yu, Kai Lu, and Xu Zhou. 2020. EcoFuzz: Adaptive energy-saving greybox fuzzing as a variant of the adversarial multi-armed bandit. In Proceedings of the 29th USENIX Security Symposium (USENIX Security \u201920). USENIX Association, 2307\u20132324. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/yue"},{"key":"e_1_3_2_47_2","unstructured":"Andreas Zeller. 2022. Testing Configurations - The Fuzzing Book. Retrieved 13 October 2020 from https:\/\/www.fuzzingbook.org\/html\/ConfigurationFuzzer.html"},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1145\/3580597"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00109"},{"key":"e_1_3_2_50_2","first-page":"2255","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security \u201920)","author":"Zong Peiyuan","year":"2020","unstructured":"Peiyuan Zong, Tao Lv, Dawei Wang, Zizhuang Deng, Ruigang Liang, and Kai Chen. 2020. FuzzGuard: Filtering out unreachable inputs in directed grey-box fuzzing through deep learning. In Proceedings of the 29th USENIX Security Symposium (USENIX Security \u201920). USENIX Association, 2255\u20132269. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/zong"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3697014","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3697014","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T18:43:16Z","timestamp":1750272196000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3697014"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,21]]},"references-count":49,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,2,28]]}},"alternative-id":["10.1145\/3697014"],"URL":"https:\/\/doi.org\/10.1145\/3697014","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,21]]},"assertion":[{"value":"2024-04-13","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-08-21","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-01-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}