wcventure / fuzzingpaper Goto Github PK

https://conf.researchr.org/details/ase-2022/ase-2022-research-papers/56/Effectively-Generating-Vulnerable-Transaction-Sequences-in-Smart-Contracts-with-Reinf

the paper "Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing" from CCS 2021 is linked to another paper

why hunting for interesting new papers I found two links that point to nowhere:

same-coverage-less-bloat-accelerating-binary-only-fuzzing-with-coverage-preserving-coverage-guided-tracing-ccs-2021 =
https://people.cs.vt.edu/snagy2/papers/21CCS.pdf

spotfuzzer-static-instrument-and-fuzzing-windows-cots-2022 = https://arxiv.org/abs/2201.07938

there might be more. would have done a PR but no time, sorry!

https://www.usenix.org/system/files/sec23fall-prepub-129-lyu.pdf 非常不错

link is here.KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations

add Reading Note for AFL++: Combining Incremental Steps of Fuzzing Research

First of all, I greatly appreciate your efforts on setting up this website collecting so many interesting fuzzing papers for researchers around the world! Below is a small issue that I noticed:
Free Lunch for Testing: Fuzzing Deep-Learning Libraries from Open Source (ICSE'22) may be better to be categorized as API Testing/Fuzzing because this paper targets fuzzing Deep Learning libraries (i.e., Python APIs) instead of DL models. So it would be great if the paper could also be put under API Testing/Fuzzing.

The link for Free Lunch for Testing: Fuzzing Deep-Learning Libraries from Open Source is https://cs.stanford.edu/~anjiang/papers/WeiETAL22FreeFuzz.pdf

Also, the code is open source https://github.com/ise-uiuc/FreeFuzz

Please let me know if there is anything unclear. Thanks!

Hybrid Fuzz Testing - Discovering Software Bugs via Fuzzing and Symbolic Execution (2012)
By the way, thanks for your contribution to the community. I appreciate it very much, which help me a lot.

Hi,

I noticed that the paper Fuzzing Symbolic Expressions (ICSE 2021) is classified as "SMT Fuzzing".
However, according to its abstract and preprint (https://arxiv.org/pdf/2102.06580), it is more about constraint solving, similar to the one Just Fuzz It: Solving Floating-Point Constraints Using Coverage-guided Fuzzing (FSE 2019)

I think we can remain the following papers in this category

• MDPFuzz: Testing Models Solving Markov Decision Processes
• RapidFuzz: Accelerating fuzzing via Generative Adversarial Networks
• CoCoFuzzing: Testing Neural Code Models with Coverage-Guided
• Fuzz Testing based Data Augmentation to Improve Robustness of Deep Neural Networks
• Coverage Guided Differential Adversarial Testing of Deep Learning Systems
• CAGFuzz: Coverage-Guided Adversarial Generative Fuzzing Testing of Deep Learning Systems
• DeepHunter: A Coverage-Guided Fuzz Testing Framework for Deep Neural Networks
• TensorFuzz: Debugging Neural Networks with Coverage-Guided Fuzzing
• DLFuzz: Differential Fuzzing Testing of Deep Learning Systems

As for others, except for Graph-based Fuzz Testing for Deep Learning Inference Engines, they belong to another category possibly titled "Fuzzing Deep Learning Libraries".

As for Graph-based Fuzz Testing for Deep Learning Inference Engines, a deep learning inference engine is a compiler-like tool (not a compiler but contains compilation). I'd like to categorize it into another new category, "Fuzzing Deep Learning Compilers". In this category, there are also several other works, such as:

• Fuzzing Deep Learning Compilers with HirGen [ISSTA '23]
• NNSmith: Generating Diverse and Valid Test Cases for Deep Learning Compilers [ASPLOS '23]

Do you think it's a good idea to re-organize these papers? After the reorganization, I'd like to add some papers belonging to "Fuzzing Deep Learning Compilers" category.

Carry on! This repostory is cool! Looking forward to your new commits!

Now the repo use the Bulleted list for category name, if we turn it into a header(maybe header 2), we can get a more fine-grained toc, and in some software it can be more easy to scan the categories and jump to one.