Catalogo dei prodotti della ricerca

Automated fuzz testing is now standard practice, yet key blind spots persist. Coverage-guided fuzzers typically rely on edge coverage as a lightweight proxy for program behavior. However, this metric captures path variations only weakly: it cannot differentiate executions that follow distinct control-flow paths but traverse the same edges-causing many path-dependent bugs to go undetected. Path awareness would offer a richer coverage view but has been considered too costly for fuzzing.We introduce a lightweight method for tracking intraprocedural execution paths, enabling efficient path-aware feedback. This enhances the fuzzer's ability to detect subtle bugs, even in well-tested software. To counter the resulting seed explosion, we evaluate two strategies-culling and opportunistic path-aware fuzzing-that balance precision and throughput. Our findings show that path-aware fuzzing, when properly guided, uncovers more bugs and reveals untapped potential in fuzzing research.

Towards Path-Aware Coverage-Guided Fuzzing / Priamo, G., D'Elia, D.C., Payer, M., Querzoni, L.. - (2026), pp. 84-97. (International Symposium on Code Generation and Optimization Sydney, Australia ) [10.1109/cgo68049.2026.11395191].

Towards Path-Aware Coverage-Guided Fuzzing

Priamo, Giacomo
Primo
;D'Elia, Daniele Cono
Secondo
;Querzoni, Leonardo
Ultimo
2026

Abstract

Automated fuzz testing is now standard practice, yet key blind spots persist. Coverage-guided fuzzers typically rely on edge coverage as a lightweight proxy for program behavior. However, this metric captures path variations only weakly: it cannot differentiate executions that follow distinct control-flow paths but traverse the same edges-causing many path-dependent bugs to go undetected. Path awareness would offer a richer coverage view but has been considered too costly for fuzzing.We introduce a lightweight method for tracking intraprocedural execution paths, enabling efficient path-aware feedback. This enhances the fuzzer's ability to detect subtle bugs, even in well-tested software. To counter the resulting seed explosion, we evaluate two strategies-culling and opportunistic path-aware fuzzing-that balance precision and throughput. Our findings show that path-aware fuzzing, when properly guided, uncovers more bugs and reveals untapped potential in fuzzing research.
2026
International Symposium on Code Generation and Optimization
Fuzzing; Coverage feedback; Path profiling
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Towards Path-Aware Coverage-Guided Fuzzing / Priamo, G., D'Elia, D.C., Payer, M., Querzoni, L.. - (2026), pp. 84-97. (International Symposium on Code Generation and Optimization Sydney, Australia ) [10.1109/cgo68049.2026.11395191].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1769557
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? 0
social impact