{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T02:14:12Z","timestamp":1775873652812,"version":"3.50.1"},"reference-count":72,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2025,2,23]],"date-time":"2025-02-23T00:00:00Z","timestamp":1740268800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"European Research Council","award":["101045669"],"award-info":[{"award-number":["101045669"]}]},{"name":"German Federal Ministry of Education and Research","award":["16KIS1898"],"award-info":[{"award-number":["16KIS1898"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2025,3,31]]},"abstract":"\n Greybox fuzzing enhances software security through unprecedented effectiveness in automated fault detection. Its success lies in the coverage feedback extracted from the system under test, guiding the fuzzer to explore different program parts. The most prominent way to use this feedback is\n novelty search<\/jats:italic>\n , where the fuzzer keeps only new inputs exercising a new program edge. However, this approach\u2014by design\u2014ignores\n input shadowing<\/jats:italic>\n , in which interesting inputs are discarded if they do not contribute to new coverage. This limits the accepted input space and may overlook bugs that shadowed inputs could trigger with mutations.\n <\/jats:p>\n \n In this work, we present a comprehensive analysis of input shadowing and demonstrate that multiple fuzzing runs of the same target exhibit a different basic block hit frequency distribution despite overlapping code coverage. We propose\n fuzzer restarts<\/jats:italic>\n to effectively redistribute basic block hit frequencies and show that this increases the overall achieved coverage on 15 evaluated targets on average by\n \n \\(9.5\\%\\)<\/jats:tex-math>\n <\/jats:inline-formula>\n and up to\n \n \\(25.0\\%\\)<\/jats:tex-math>\n <\/jats:inline-formula>\n . Furthermore, restarts help to find more bugs and trigger them more reliably. Overall, our results highlight the importance of considering input shadowing in the fuzzers\u2019 design and the potential benefits of a restart-based strategy to enhance the performance of complex fuzzing methods.\n <\/jats:p>","DOI":"10.1145\/3712186","type":"journal-article","created":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T14:48:33Z","timestamp":1737038913000},"page":"1-32","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Novelty Not Found: Exploring Input Shadowing in Fuzzing through Adaptive Fuzzer Restarts"],"prefix":"10.1145","volume":"34","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-6401-5989","authenticated-orcid":false,"given":"Nico","family":"Schiller","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5378-959X","authenticated-orcid":false,"given":"Xinyi","family":"Xu","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8564-1476","authenticated-orcid":false,"given":"Lukas","family":"Bernhard","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-5179-4002","authenticated-orcid":false,"given":"Nils","family":"Bars","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1630-1687","authenticated-orcid":false,"given":"Moritz","family":"Schloegel","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2783-1264","authenticated-orcid":false,"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany"}]}],"member":"320","published-online":{"date-parts":[[2025,2,23]]},"reference":[{"key":"e_1_3_2_2_2","volume-title":"USENIX Security Symposium","author":"Angelakopoulos Ioannis","year":"2023","unstructured":"Ioannis Angelakopoulos, Gianluca Stringhini, and Manuel Egele. 2023. FirmSolo: Enabling dynamic analysis of binary Linux-based IoT kernel modules. In USENIX Security Symposium."},{"key":"e_1_3_2_3_2","volume-title":"International Conference on Software Engineering (ICSE \u201911)","author":"Arcuri Andrea","year":"2011","unstructured":"Andrea Arcuri and Lionel Briand. 2011. A practical guide for using statistical tests to assess randomized algorithms in software engineering. In International Conference on Software Engineering (ICSE \u201911)."},{"key":"e_1_3_2_4_2","volume-title":"Symposium on Network and Distributed System Security (NDSS \u201919)","author":"Aschermann Cornelius","year":"2019","unstructured":"Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with input-to-state correspondence. In Symposium on Network and Distributed System Security (NDSS \u201919)."},{"key":"e_1_3_2_5_2","volume-title":"USENIX Security Symposium","author":"Ba Jinsheng","year":"2022","unstructured":"Jinsheng Ba, Marcel B\u00f6hme, Zahra Mirzamomen, and Abhik Roychoudhury. 2022. Stateful greybox fuzzing. In USENIX Security Symposium."},{"key":"e_1_3_2_6_2","volume-title":"USENIX Security Symposium","author":"Bars Nils","year":"2023","unstructured":"Nils Bars, Moritz Schloegel, Tobias Scharnowski, Nico Schiller, and Thorsten Holz. 2023. Fuzztruction: Using fault injection-based fuzzing to leverage implicit domain knowledge. In USENIX Security Symposium."},{"key":"e_1_3_2_7_2","volume-title":"ACM Conference on Computer and Communications Security (CCS \u201922)","author":"Bernhard Lukas","year":"2022","unstructured":"Lukas Bernhard, Tobias Scharnowski, Moritz Schloegel, Tim Blazytko, and Thorsten Holz. 2022. JIT-picking: Differential fuzzing of JavaScript engines. In ACM Conference on Computer and Communications Security (CCS \u201922)."},{"key":"e_1_3_2_8_2","volume-title":"USENIX Security Symposium","author":"Blazytko Tim","year":"2019","unstructured":"Tim Blazytko, Cornelius Aschermann, Moritz Schloegel, Ali Abbasi, Sergej Schumilo, Simon W\u00f6rner, and Thorsten Holz. 2019. GRIMOIRE: Synthesizing structure while fuzzing. In USENIX Security Symposium."},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2785841"},{"key":"e_1_3_2_11_2","volume-title":"Symposium on Operating Systems Design and Implementation (OSDI \u201908)","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. 2008. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Symposium on Operating Systems Design and Implementation (OSDI \u201908)."},{"key":"e_1_3_2_12_2","volume-title":"IEEE Symposium on Security and Privacy (S & P \u201922)","author":"Chen Ju","year":"2022","unstructured":"Ju Chen, Jinghan Wang, Chengyu Song, and Heng Yin. 2022. JIGSAW: Efficient and scalable path constraints fuzzing. In IEEE Symposium on Security and Privacy (S & P \u201922)."},{"key":"e_1_3_2_13_2","volume-title":"IEEE Symposium on Security and Privacy (S & P \u201918)","author":"Chen Peng","year":"2018","unstructured":"Peng Chen and Hao Chen. 2018. Angora: Efficient fuzzing by principled search. In IEEE Symposium on Security and Privacy (S & P \u201918)."},{"key":"e_1_3_2_14_2","volume-title":"USENIX Security Symposium","author":"Chen Yuanliang","year":"2019","unstructured":"Yuanliang Chen, Yu Jiang, Fuchen Ma, Jie Liang, Mingzhe Wang, Chijin Zhou, Xun Jiao, and Zhuo Su. 2019. EnFuzz: Ensemble fuzzing with Seed synchronization among diverse fuzzers. In USENIX Security Symposium."},{"key":"e_1_3_2_15_2","doi-asserted-by":"crossref","first-page":"158","DOI":"10.1109\/CEC.2011.5949613","volume-title":"IEEE Congress of Evolutionary Computation (CEC \u201911)","author":"Cuccu Giuseppe","year":"2011","unstructured":"Giuseppe Cuccu, Faustino Gomez, and Tobias Glasmachers. 2011. Novelty-based restarts for evolution strategies. In IEEE Congress of Evolutionary Computation (CEC \u201911). IEEE, 158\u2013163."},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598067"},{"key":"e_1_3_2_17_2","volume-title":"Genetic and Evolutionary Computation Conference (GECCO \u201919)","author":"Doncieux Stephane","year":"2019","unstructured":"Stephane Doncieux, Alban Laflaqui\u00e8re, and Alexandre Coninx. 2019. Novelty search: A theoretical perspective. In Genetic and Evolutionary Computation Conference (GECCO \u201919)."},{"key":"e_1_3_2_18_2","volume-title":"ACM Conference on Computer and Communications Security (CCS\u2019 21)","author":"Feng Xiaotao","year":"2021","unstructured":"Xiaotao Feng, Ruoxi Sun, Xiaogang Zhu, Minhui Xue, Sheng Wen, Dongxi Liu, Surya Nepal, and Yang Xiang. 2021. Snipuzz: Black-box fuzzing of IoT firmware via message snippet inference. In ACM Conference on Computer and Communications Security (CCS\u2019 21)."},{"key":"e_1_3_2_19_2","volume-title":"USENIX Security Symposium","author":"Fioraldi Andrea","year":"2021","unstructured":"Andrea Fioraldi, Daniele Cono D\u2019Elia, and Davide Balzarotti. 2021. The use of likely invariants as feedback for fuzzers. In USENIX Security Symposium."},{"key":"e_1_3_2_20_2","volume-title":"USENIX Workshop on Offensive Technologies (WOOT \u201920)","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. AFL++: Combining incremental steps of fuzzing research. In USENIX Workshop on Offensive Technologies (WOOT \u201920)."},{"key":"e_1_3_2_21_2","volume-title":"USENIX Security Symposium","author":"Fu Yu-Fu","year":"2023","unstructured":"Yu-Fu Fu, Jaehyuk Lee, and Taesoo Kim. 2023. autofz: Automated fuzzer composition at runtime. In USENIX Security Symposium."},{"key":"e_1_3_2_22_2","first-page":"357","volume-title":"International Conference on Parallel Problem Solving from Nature","author":"Fukunaga Alex S.","year":"1998","unstructured":"Alex S. Fukunaga. 1998. Restart scheduling for genetic algorithms. In International Conference on Parallel Problem Solving from Nature. Springer, 357\u2013366."},{"key":"e_1_3_2_23_2","volume-title":"IEEE Symposium on Security and Privacy (S & P \u201918)","author":"Gan Shuitao","year":"2018","unstructured":"Shuitao Gan, Chao Zhang, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, and Zuoning Chen. 2018. CollAFL: Path sensitive fuzzing. In IEEE Symposium on Security and Privacy (S & P \u201918)."},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0020-0255(96)00121-1"},{"key":"e_1_3_2_25_2","unstructured":"Google. 2025. Syzkaller - Kernel Fuzzer. Retrieved January 17 2025 from https:\/\/github.com\/google\/syzkaller"},{"key":"e_1_3_2_26_2","volume-title":"Symposium on Network and Distributed System Security (NDSS \u201923)","author":"Gro\u00df Samuel","year":"2023","unstructured":"Samuel Gro\u00df, Simon Koch, Lukas Bernhard, Thorsten Holz, and Martin Johns. 2023. Fuzzilli: Fuzzing for JavaScript JIT compiler vulnerabilities. In Symposium on Network and Distributed System Security (NDSS \u201923)."},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427266"},{"key":"e_1_3_2_28_2","volume-title":"Workshop Notes: 2nd DIMACS Challenge","author":"Hampson Steven","year":"1993","unstructured":"Steven Hampson and Dennis Kibler. 1993. Plateaus and plateau search in Boolean satisfiability problems: When to give up searching and start again. In Workshop Notes: 2nd DIMACS Challenge. Citeseer."},{"key":"e_1_3_2_29_2","volume-title":"ACM Conference on Computer and Communications Security (CCS \u201921)","author":"He Xiaoyu","year":"2021","unstructured":"Xiaoyu He, Xiaofei Xie, Yuekang Li, Jianwen Sun, Feng Li, Wei Zou, Yang Liu, Lei Yu, Jianhua Zhou, Wenchang Shi, and Wei Huo. 2021. SoFi: Reflection-augmented fuzzing for JavaScript engines. In ACM Conference on Computer and Communications Security (CCS \u201921)."},{"issue":"5","key":"e_1_3_2_30_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3587159","article-title":"DatAFLow: Toward a data-flow-guided fuzzer","volume":"32","author":"Herrera Adrian","year":"2022","unstructured":"Adrian Herrera, Mathias Payer, and Antony L. Hosking. 2022. DatAFLow: Toward a data-flow-guided fuzzer. ACM Transactions on Software Engineering and Methodology 32, 5 (2022), 1\u201331.","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"e_1_3_2_31_2","volume-title":"IEEE Symposium on Security and Privacy (S & P \u201919)","author":"Jeong Dae R.","year":"2019","unstructured":"Dae R. Jeong, Kyungtae Kim, Basavesh Shivakumar, Byoungyoung Lee, and Insik Shin. 2019. Razzer: Finding kernel race bugs through fuzzing. In IEEE Symposium on Security and Privacy (S & P \u201919)."},{"key":"e_1_3_2_32_2","volume-title":"Symposium on Network and Distributed System Security (NDSS \u201920)","author":"Kim Kyungtae","year":"2020","unstructured":"Kyungtae Kim, Dae R. Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee. 2020. HFL: Hybrid fuzzing on the Linux kernel. In Symposium on Network and Distributed System Security (NDSS \u201920)."},{"key":"e_1_3_2_33_2","volume-title":"ACM Conference on Computer and Communications Security (CCS \u201918)","author":"Klees George","year":"2018","unstructured":"George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. 2018. Evaluating fuzz testing. In ACM Conference on Computer and Communications Security (CCS \u201918)."},{"key":"e_1_3_2_34_2","volume-title":"ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI \u201921)","author":"Koenig Jason R.","year":"2021","unstructured":"Jason R. Koenig, Oded Padon, and Alex Aiken. 2021. Adaptive restarts for stochastic synthesis. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI \u201921)."},{"key":"e_1_3_2_35_2","unstructured":"lafintel. 2016. Laf-Intel - Circumventing Fuzzing Roadblocks with Compiler Transformations. Retrieved from https:\/\/lafintel.wordpress.com"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0132886"},{"key":"e_1_3_2_37_2","volume-title":"International Conference on Software Engineering (ICSE \u201923)","author":"Lemieux Caroline","year":"2023","unstructured":"Caroline Lemieux, Jeevana Priya Inala, Shuvendu K. Lahiri, and Siddhartha Sen. 2023. CodaMosa: Escaping coverage plateaus in Test generation with pre-trained large language models. In International Conference on Software Engineering (ICSE \u201923)."},{"key":"e_1_3_2_38_2","volume-title":"ACM\/IEEE International Conference on Automated Software Engineering (ASE \u201918)","author":"Lemieux Caroline","year":"2018","unstructured":"Caroline Lemieux and Koushik Sen. 2018. FairFuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage. In ACM\/IEEE International Conference on Automated Software Engineering (ASE \u201918)."},{"key":"e_1_3_2_39_2","volume-title":"International Conference on Software Engineering (ICSE \u201924)","author":"Liyanage Danushka","year":"2024","unstructured":"Danushka Liyanage, Seongmin Lee, Chakkrit Tantithamthavorn, and Marcel B\u00f6hme. 2024. Extrapolating coverage rate in greybox fuzzing. In International Conference on Software Engineering (ICSE \u201924)."},{"key":"e_1_3_2_40_2","volume-title":"USENIX Security Symposium","author":"Luo Zhengxiong","year":"2023","unstructured":"Zhengxiong Luo, Junze Yu, Feilong Zuo, Jianzhong Liu, Yu Jiang, Ting Chen, Abhik Roychoudhury, and Jiaguang Sun. 2023. Bleem: Packet sequence oriented fuzzing for protocol implementations. In USENIX Security Symposium."},{"key":"e_1_3_2_41_2","volume-title":"USENIX Security Symposium","author":"Lyu Chenyang","year":"2019","unstructured":"Chenyang Lyu, Shouling Ji, Chao Zhang, Yuwei Li, Wei-Han Lee, Yu Song, and Raheem Beyah. 2019. MOPT: Optimized mutation scheduling for fuzzers. In USENIX Security Symposium."},{"key":"e_1_3_2_42_2","volume-title":"31st Annual Network and Distributed System Security Symposium (NDSS \u201924)","author":"Meng Ruijie","year":"2024","unstructured":"Ruijie Meng, Martin Mirchev, Marcel B\u00f6hme, and Abhik Roychoudhury. 2024. Large language model guided protocol fuzzing. In 31st Annual Network and Distributed System Security Symposium (NDSS \u201924)."},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3473932"},{"key":"e_1_3_2_44_2","unstructured":"Mike Aizatsky Kostya Serebryany (Software Engineers Dynamic Tools); Oliver Chang Abhishek Arya (Security Engineers Google Chrome); and Meredith Whittaker (Open research Lead). 2016. Announcing OSS-Fuzz: Continuous Fuzzing for Open Source Software. Retrieved from https:\/\/opensource.googleblog.com\/2016\/12\/announcing-oss-fuzz-continuous-fuzzing.html"},{"key":"e_1_3_2_45_2","volume-title":"Fuzz Revisited: A Re-Examination of the Reliability of UNIX Utilities and Services","author":"Miller Barton P","year":"1995","unstructured":"Barton P Miller, David Koski, Cjin Pheow Lee, Vivekandanda Maganty, Ravi Murthy, Ajitkumar Natarajan, and Jeff Steidl. 1995. Fuzz Revisited: A Re-Examination of the Reliability of UNIX Utilities and Services. Technical report, University of Wisconsin-Madison Department of Computer Sciences."},{"key":"e_1_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10233-3"},{"key":"e_1_3_2_47_2","unstructured":"Yaroslav Oliinyk Michael Scott Ryan Tsang Chongzhou Fang and Houman Homayoun. 2024. Fuzzing BusyBox: Leveraging LLM and crash reuse for embedded bug unearthing. arXiv:2403.03897. Retrieved from https:\/\/arxiv.org\/abs\/2403.03897"},{"key":"e_1_3_2_48_2","volume-title":"IEEE Symposium on Security and Privacy (S & P \u201918)","author":"Peng Hui","year":"2018","unstructured":"Hui Peng, Yan Shoshitaishvili, and Mathias Payer. 2018. T-fuzz: Fuzzing by program transformation. In IEEE Symposium on Security and Privacy (S & P \u201918)."},{"key":"e_1_3_2_49_2","volume-title":"IEEE International Conference on Software Testing, Validation and Verification (ICST \u201920)","author":"Pham Van-Thuan","year":"2020","unstructured":"Van-Thuan Pham, Marcel B\u00f6hme, and Abhik Roychoudhury. 2020. AFLNet: A greybox fuzzer for network protocols. In IEEE International Conference on Software Testing, Validation and Verification (ICST \u201920)."},{"issue":"9","key":"e_1_3_2_50_2","first-page":"1980","article-title":"Smart greybox fuzzing","volume":"47","author":"Pham Van-Thuan","year":"2019","unstructured":"Van-Thuan Pham, Marcel B\u00f6hme, Andrew E Santosa, Alexandru R\u0103zvan C\u0103ciulescu, and Abhik Roychoudhury. 2019. Smart greybox fuzzing. IEEE Transactions on Software Engineering 47, 9 (2019), 1980\u20131997.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_51_2","volume-title":"USENIX Security Symposium","author":"Poeplau Sebastian","year":"2010","unstructured":"Sebastian Poeplau and Aur\u00e9lien Francillon. 2010. Symbolic execution with SymCC: Don\u2019t interpret, compile! In USENIX Security Symposium."},{"key":"e_1_3_2_52_2","volume-title":"USENIX Security Symposium","author":"Scharnowski Tobias","year":"2022","unstructured":"Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi. 2022. Fuzzware: Using precise MMIO modeling for effective firmware fuzzing. In USENIX Security Symposium."},{"key":"e_1_3_2_53_2","volume-title":"USENIX Security Symposium","author":"Scharnowski Tobias","year":"2023","unstructured":"Tobias Scharnowski, Simon Woerner, Felix Buchmann, Nils Bars, Moritz Schloegel, and Thorsten Holz. 2023. Hoedur: Embedded firmware fuzzing using multi-Stream inputs. In USENIX Security Symposium."},{"key":"e_1_3_2_54_2","article-title":"Drone security and the mysterious case of DJI\u2019s droneid","author":"Schiller Nico","year":"2023","unstructured":"Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Sch\u00f6nherr, and Thorsten Holz. 2023. Drone security and the mysterious case of DJI\u2019s droneid. In NDSS.","journal-title":"NDSS"},{"key":"e_1_3_2_55_2","volume-title":"IEEE Symposium on Security and Privacy (S & P \u201924)","author":"Schloegel M.","year":"2024","unstructured":"M. Schloegel, N. Bars, N. Schiller, L. Bernhard, T. Scharnowski, A. Crump, A. Ale-Ebrahim, N. Bissantz, M. Muench, and T. Holz. 2024. Sok: Prudent evaluation practices for fuzzing. In IEEE Symposium on Security and Privacy (S & P \u201924)."},{"key":"e_1_3_2_56_2","volume-title":"USENIX Security Symposium","author":"Schumilo Sergej","year":"2021","unstructured":"Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon W\u00f6rner, and Thorsten Holz. 2021. Nyx: Greybox hypervisor fuzzing using fast snapshots and affine types. In USENIX Security Symposium."},{"key":"e_1_3_2_57_2","volume-title":"USENIX Security Symposium","author":"Schumilo Sergej","year":"2017","unstructured":"Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, and Thorsten Holz. 2017. kAFL: Hardware-assisted feedback fuzzing for OS kernels. In USENIX Security Symposium."},{"key":"e_1_3_2_58_2","volume-title":"USENIX Security Symposium","author":"Seidel Lukas","year":"2023","unstructured":"Lukas Seidel, Dominik Maier, and Marius Muench. 2023. Forming faster firmware fuzzers. In USENIX Security Symposium."},{"key":"e_1_3_2_59_2","volume-title":"IEEE Symposium on Security and Privacy (S & P \u201919)","author":"She Dongdong","year":"2019","unstructured":"Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, and Suman Jana. 2019. NEUZZ: Efficient fuzzing with neural program smoothing. In IEEE Symposium on Security and Privacy (S & P \u201919)."},{"key":"e_1_3_2_60_2","volume-title":"IEEE Symposium on Security and Privacy (S & P \u201922)","author":"She Dongdong","year":"2022","unstructured":"Dongdong She, Abhishek Shah, and Suman Jana. 2022. Effective Seed scheduling for fuzzing with graph centrality analysis. In IEEE Symposium on Security and Privacy (S & P \u201922)."},{"key":"e_1_3_2_61_2","volume-title":"ACM\/IEEE International Conference on Automated Software Engineering (ASE \u201922)","author":"Song Suhwan","year":"2022","unstructured":"Suhwan Song, Jaewon Hur, Sunwoo Kim, Philip Rogers, and Byoungyoung Lee. 2022. R2Z2: Detecting rendering regressions in Web browsers through differential fuzz testing. In ACM\/IEEE International Conference on Automated Software Engineering (ASE \u201922)."},{"issue":"2","key":"e_1_3_2_62_2","first-page":"101","article-title":"A critique and improvement of the CL common language effect size statistics of McGraw and Wong","volume":"25","author":"Vargha Andr\u00e1s","year":"2000","unstructured":"Andr\u00e1s Vargha and Harold D. Delaney. 2000. A critique and improvement of the CL common language effect size statistics of McGraw and Wong. Journal of Educational and Behavioral Statistics 25, 2 (2000), 101\u2013132.","journal-title":"Journal of Educational and Behavioral Statistics"},{"key":"e_1_3_2_63_2","volume-title":"USENIX Security Symposium","author":"Wang Daimeng","year":"2021","unstructured":"Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, and Nael B. Abu-Ghazaleh. 2021. SyzVegas: Beating kernel fuzzing odds with reinforcement learning. In USENIX Security Symposium."},{"key":"e_1_3_2_64_2","volume-title":"Symposium on Recent Advances in Intrusion Detection (RAID \u201919)","author":"Wang Jinghan","year":"2019","unstructured":"Jinghan Wang, Yue Duan, Wei Song, Heng Yin, and Chengyu Song. 2019. Be sensitive and collaborative: Analyzing impact of coverage metrics in greybox fuzzing. In Symposium on Recent Advances in Intrusion Detection (RAID \u201919)."},{"key":"e_1_3_2_65_2","volume-title":"ACM\/IEEE International Conference on Automated Software Engineering (ASE \u201919)","author":"Wang Junjie","year":"2019","unstructured":"Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu. 2019. Superion: Grammar-aware greybox fuzzing. In ACM\/IEEE International Conference on Automated Software Engineering (ASE \u201919)."},{"key":"e_1_3_2_66_2","volume-title":"IEEE Symposium on Security and Privacy (S & P \u201910)","author":"Wang Tielei","year":"2010","unstructured":"Tielei Wang, Tao Wei, Guofei Gu, and Wei Zou. 2010. TaintScope: A checksum-aware directed fuzzing Tool for automatic software vulnerability detection. In IEEE Symposium on Security and Privacy (S & P \u201910)."},{"key":"e_1_3_2_67_2","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3616294"},{"key":"e_1_3_2_68_2","volume-title":"ACM Conference on Computer and Communications Security (CCS \u201920)","author":"Xu Wen","year":"2020","unstructured":"Wen Xu, Soyeon Park, and Taesoo Kim. 2020. FREEDOM: Engineering a State-of-the-art DOM fuzzer. In ACM Conference on Computer and Communications Security (CCS \u201920)."},{"key":"e_1_3_2_69_2","volume-title":"USENIX Security Symposium","author":"Yun Insu","year":"2018","unstructured":"Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM: A practical concolic execution engine tailored for hybrid fuzzing. In USENIX Security Symposium."},{"key":"e_1_3_2_70_2","volume-title":"I Can\u2019t Believe It\u2019s Not Better Workshop at NeurIPS","author":"Zaidi Sheheryar","year":"2022","unstructured":"Sheheryar Zaidi, Tudor Berariu, Hyunjik Kim, J\u00f6rg Bornschein, Claudia Clopath, Yee Whye Teh, and Razvan Pascanu. 2022. When does re-initialization work? In I Can\u2019t Believe It\u2019s Not Better Workshop at NeurIPS."},{"key":"e_1_3_2_71_2","unstructured":"Micha\u0142 Zalewski. 2025. American Fuzzy Lop. Retrieved January 17 2025 from http:\/\/lcamtuf.coredump.cx\/afl\/."},{"key":"e_1_3_2_72_2","volume-title":"USENIX Security Symposium","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. 2019. FIRM-AFL: High-throughput greybox fuzzing of IoT firmware via augmented process emulation. In USENIX Security Symposium."},{"key":"e_1_3_2_73_2","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549107"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3712186","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3712186","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:10:28Z","timestamp":1750295428000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3712186"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,23]]},"references-count":72,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,3,31]]}},"alternative-id":["10.1145\/3712186"],"URL":"https:\/\/doi.org\/10.1145\/3712186","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,2,23]]},"assertion":[{"value":"2023-08-31","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-06-05","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-02-23","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}