{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T16:54:56Z","timestamp":1758819296054,"version":"3.41.2"},"reference-count":29,"publisher":"Association for Computing Machinery (ACM)","issue":"ISSTA","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. ACM Softw. Eng."],"published-print":{"date-parts":[[2025,6,22]]},"abstract":"<jats:p>Fuzzing stands as one of the most practical techniques for testing software efficiently. When applying fuzzing to software library APIs, high-quality fuzzing harnesses are essential, enabling fuzzers to execute the APIs with precise sequences and function parameters. Although software developers commonly rely on manual efforts to create fuzzing harnesses, there has been a growing interest in automating this process. Existing works are often constrained in scalability and effectiveness due to their reliance on compiler-based analysis or runtime execution traces, which require manual setup and configuration. Our investigation of multiple actively fuzzed libraries reveals that a large number of exported API functions externally used by various open-source projects remain untested by existing harnesses or unit-test files. The lack of testing for these API functions increase the risk of vulnerabilities going undetected, potentially leading to security issues.  \nIn order to address the lack of coverage affecting existing fuzzing methods, we propose a novel approach to automatically generate fuzzing harnesses by extracting usage patterns of untested functions from real-world scenarios, using techniques based on lightweight Abstract Syntax Tree parsing to extract API usage from external source code. Then, we integrate the usage patterns into existing harnesses to construct new ones covering these untested functions. We have implemented a prototype of this concept named WildSync, enabling the automatic synthesis of fuzzing harnesses for C\/C++ libraries on OSS-Fuzz. In our experiments, WildSync successfully produced 469 new harnesses for 24 actively fuzzed libraries on OSS-Fuzz, and also 3 widely used libraries that can be later integrated into OSS-Fuzz. This results in a significant increase in test coverage spanning over 1.3k functions and 16k lines of code, while also identifying 7 previously undetected bugs.<\/jats:p>","DOI":"10.1145\/3728918","type":"journal-article","created":{"date-parts":[[2025,6,22]],"date-time":"2025-06-22T10:52:56Z","timestamp":1750589576000},"page":"963-984","source":"Crossref","is-referenced-by-count":1,"title":["WildSync: Automated Fuzzing Harness Synthesis via Wild API Usage Recovery"],"prefix":"10.1145","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9211-6224","authenticated-orcid":false,"given":"Wei-Cheng","family":"Wu","sequence":"first","affiliation":[{"name":"Dartmouth College, Hanover, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0220-1706","authenticated-orcid":false,"given":"Stefan","family":"Nagy","sequence":"additional","affiliation":[{"name":"University of Utah, Salt Lake City, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7698-8041","authenticated-orcid":false,"given":"Christophe","family":"Hauser","sequence":"additional","affiliation":[{"name":"Dartmouth College, Hanover, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,6,22]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"2021. Cisco secure development lifecycle. https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-secure-development-lifecycle.pdf"},{"key":"e_1_2_1_2_1","unstructured":"2021. Microsoft Security Development Lifecycle. https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/practices"},{"key":"e_1_2_1_3_1","unstructured":"2024. Fuzzing Introspection of OSS-Fuzz projects. https:\/\/introspector.oss-fuzz.com\/projects-overview"},{"key":"e_1_2_1_4_1","unstructured":"2024. Tree-sitter. https:\/\/tree-sitter.github.io\/tree-sitter\/"},{"key":"e_1_2_1_5_1","volume-title":"REDQUEEN: Fuzzing with Input-to-State Correspondence. In Network and Distributed System Security Symposium (NDSS).","author":"Aschermann Cornelius","year":"2018","unstructured":"Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2018. REDQUEEN: Fuzzing with Input-to-State Correspondence. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3340456"},{"key":"e_1_2_1_7_1","volume-title":"IEEE Symposium on Security and Privacy (Oakland).","author":"Chen Peng","year":"2018","unstructured":"Peng Chen and Hao Chen. 2018. Angora: efficient fuzzing by principled search. In IEEE Symposium on Security and Privacy (Oakland)."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616610"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00010"},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (ATC). 1\u201314","author":"Duplyakin Dmitry","year":"2019","unstructured":"Dmitry Duplyakin, Robert Ricci, Aleksander Maricq, Gary Wong, Jonathon Duerig, Eric Eide, Leigh Stoller, Mike Hibler, David Johnson, Kirk Webb, Aditya Akella, Kuangching Wang, Glenn Ricart, Larry Landweber, Chip Elliott, Michael Zink, Emmanuel Cecchet, Snigdhaswin Kar, and Prabodh Mishra. 2019. The Design and Operation of CloudLab. In Proceedings of the USENIX Annual Technical Conference (ATC). 1\u201314. https:\/\/www.flux.utah.edu\/paper\/duplyakin-atc19"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510228"},{"key":"e_1_2_1_12_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Ispoglou Kyriakos","year":"2020","unstructured":"Kyriakos Ispoglou, Daniel Austin, Vishwath Mohan, and Mathias Payer. 2020. $FuzzGen$: Automatic fuzzer generation. In 29th USENIX Security Symposium (USENIX Security 20). 2271\u20132287."},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the 35th Annual Computer Security Applications Conference. 627\u2013637","author":"Jang Joonun","year":"2019","unstructured":"Joonun Jang and Huy Kang Kim. 2019. Fuzzbuilder: automated building greybox fuzzing environment for c\/c++ library. In Proceedings of the 35th Annual Computer Security Applications Conference. 627\u2013637."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3202005"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179394"},{"key":"e_1_2_1_16_1","volume-title":"Martin Sablotny, and Mihai Maruseac.","author":"Liu Dongge","year":"2024","unstructured":"Dongge Liu, Oliver Chang, Jonathan metzman, Martin Sablotny, and Mihai Maruseac. 2024. OSS-Fuzz-Gen: Automated Fuzz Target Generation. https:\/\/github.com\/google\/oss-fuzz-gen"},{"key":"e_1_2_1_17_1","article-title":"The art, science, and engineering of fuzzing: A survey","author":"Marie Man\u00e8s Valentin Jean","year":"2019","unstructured":"Valentin Jean Marie Man\u00e8s, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J Schwartz, and Maverick Woo. 2019. The art, science, and engineering of fuzzing: A survey. IEEE Transactions on Software Engineering.","journal-title":"IEEE Transactions on Software Engineering."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/96267.96279"},{"key":"e_1_2_1_19_1","unstructured":"Max Moroz and Kostya Serebryany. 2016. Guided in-process fuzzing of Chrome components. Google Security Blog."},{"key":"e_1_2_1_20_1","volume-title":"IEEE Symposium on Security and Privacy (Oakland).","author":"Schwartz Edward J.","year":"2010","unstructured":"Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In IEEE Symposium on Security and Privacy (Oakland)."},{"key":"e_1_2_1_21_1","volume-title":"IEEE Cybersecurity Development Conference (SecDev).","author":"Serebryany Kosta","year":"2016","unstructured":"Kosta Serebryany. 2016. Continuous fuzzing with libfuzzer and addresssanitizer. In IEEE Cybersecurity Development Conference (SecDev)."},{"key":"e_1_2_1_22_1","volume-title":"USENIX Security Symposium (USENIX).","author":"Serebryany Kostya","year":"2017","unstructured":"Kostya Serebryany. 2017. OSS-Fuzz - Google\u2019 s continuous fuzzing service for open source software. In USENIX Security Symposium (USENIX)."},{"key":"e_1_2_1_23_1","unstructured":"Robert Swiecki. 2018. honggfuzz. http:\/\/honggfuzz.com\/"},{"key":"e_1_2_1_24_1","volume-title":"Crash Report Accumulation During Continuous Fuzzing. In Ivannikov Memorial Workshop 2024","author":"Yegorov Ilya","year":"2024","unstructured":"Ilya Yegorov and Georgy Savidov. 2024. Crash Report Accumulation During Continuous Fuzzing. In Ivannikov Memorial Workshop 2024. IEEE. arxiv:2405.18174"},{"key":"e_1_2_1_25_1","unstructured":"Michal Zalewski. 2017. American fuzzy lop. http:\/\/lcamtuf.coredump.cx\/afl\/"},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the 32nd USENIX Conference on Security Symposium. 2867\u20132884","author":"Zhang Cen","year":"2023","unstructured":"Cen Zhang, Yuekang Li, Hao Zhou, Xiaohan Zhang, Yaowen Zheng, Xian Zhan, Xiaofei Xie, Xiapu Luo, Xinghua Li, and Yang Liu. 2023. Automata-guided control-flow-sensitive fuzz driver generation. In Proceedings of the 32nd USENIX Conference on Security Symposium. 2867\u20132884."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3680355"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP52600.2021.00041"},{"key":"e_1_2_1_29_1","volume-title":"Daisy: Effective Fuzz Driver Synthesis with Object Usage Sequence Analysis. In 2023 IEEE\/ACM 45th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). 87\u201398","author":"Zhang Mingrui","year":"2023","unstructured":"Mingrui Zhang, Chijin Zhou, Jianzhong Liu, Mingzhe Wang, Jie Liang, Juan Zhu, and Yu Jiang. 2023. Daisy: Effective Fuzz Driver Synthesis with Object Usage Sequence Analysis. In 2023 IEEE\/ACM 45th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). 87\u201398."}],"container-title":["Proceedings of the ACM on Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3728918","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,16]],"date-time":"2025-07-16T16:54:54Z","timestamp":1752684894000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3728918"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,22]]},"references-count":29,"journal-issue":{"issue":"ISSTA","published-print":{"date-parts":[[2025,6,22]]}},"alternative-id":["10.1145\/3728918"],"URL":"https:\/\/doi.org\/10.1145\/3728918","relation":{},"ISSN":["2994-970X"],"issn-type":[{"type":"electronic","value":"2994-970X"}],"subject":[],"published":{"date-parts":[[2025,6,22]]}}}