Fuzzing-based mutation testing of C/C++ software in cyber-physical systems

Fuzzing; Mutation testing; Test data generation; Cybe-physical systems; Cyber-physical systems; Fuzz Testing; Percentage points; Recommended practice; State of the art; Symbolic execution; Software

Abstract :

[en] Mutation testing can help minimize the delivery of faulty software. Therefore, it is a recommended practice for developing embedded software in safety-critical cyber-physical systems (CPS). However, state-of-the-art mutation testing techniques for C and C++ software, which are common languages for CPS, depend on symbolic execution. Unfortunately, symbolic execution’s limitations hinder its applicability (e.g., systems with black-box components). We propose relying on fuzz testing, which has demonstrated its effectiveness for C and C++ software. Fuzz testing tools automatically create test inputs that explore program branches in various ways, exercising statements in different program states, And thus enabling the detection of mutants, which is our objective. We empirically evaluated our approach using software components from operational satellite systems. Our assessment shows that our approach can detect between 40% And 90% of the mutants not detected by developers’ test suites. Further, we empirically determined that the best results are obtained by integrating the Clang compiler, a memory address sanitizer, And relying on laf-intel instrumentation to collect coverage And guide fuzzing. Our approach detects a significantly higher percentage of live mutants compared to symbolic execution, with an increase of up to 50 percentage points; further, we observed that although the combination of fuzzing and symbolic execution leads to additional mutants being killed, the benefits are minimal (a gain of less than one percentage point).

Disciplines :

Computer science

Author, co-author :

Lee, Jaekwon ; Kangwon National University, Chun-cheon, South Korea

PASTORE, Fabrizio ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV

Briand, Lionel ; Lero, University of Limerick, Limerick, Ireland ; University of Ottawa, Ottawa, Canada

External co-authors :

yes

Language :

English

Title :

Fuzzing-based mutation testing of C/C++ software in cyber-physical systems

Publication date :

November 2025

Journal title :

Empirical Software Engineering

ISSN :

1382-3256

eISSN :

1573-7616

Publisher :

Springer

Volume :

Issue :

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

https://link.springer.com/content/pdf/10.1007/s10664-025-10700-7.pdf

Name of the research project :

U-AGR-8154 - FAQAS II - PASTORE Fabrizio

Funders :

European Space Agency
NSERC Discovery and Canada Research Chair programs
Kangwon National University

Funding number :

RFQ/3-17554/21/NL/AS/kkIMPROVE

Funding text :

This research was supported by ESA via a GSTP element contract (RFQ/3-17554/21/NL/AS/kkIMPROVE), by the NSERC Discovery and Canada Research Chair programs, and by 2025 Research Grant from Kangwon National University. The experiments presented in this paper were carried out using the HPC facilities of the University of Luxembourg (see http://hpc.uni.lu).

Data Set :

Fuzzing-based Mutation Testing of C/C++ CPS

Available on ORBilu :

since 19 December 2025

Statistics

Number of views

35 (0 by Unilu)

Number of downloads

0 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™

Bibliography

H. Almulla G. Gay Learning how to search: generating effective test cases through adaptive fitness function selection Empir Softw Eng 27 2 38 10.1007/s10664-021-10048-8
P. Ammann J. Offutt Introduction to software testing Cambridge University Press 10.1017/9781316771273
S. Anand E.K. Burke T.Y. Chen J. Clark M.B. Cohen W. Grieskamp M. Harman M.J. Harrold P. McMinn A. Bertolino J. Jenny Li H. Zhu An orchestrated survey of methodologies for automated software test case generation J Syst Softw 86 8 1978 2001 10.1016/j.jss.2013.02.061
Andrews JH, Briand LC, Labiche Y (2005) Is mutation an appropriate tool for testing experiments?. In: Proceedings of the 27th international conference on Software engineering. ACM, pp 402–411
Arcuri A, Briand L (2011) A practical guide for using statistical tests to assess randomized algorithms in software engineering. In: Proceedings of the 33rd international conference on software engineering, ser. ICSE ’11. Association for Computing Machinery, New York, NY, USA, pp 1–10
Arcuri A, Fraser G, Just R (2017) Private api access and functional mocking in automated unit test generation. In: Proceedings of the international conference on software testing, verification and validation (ICST), March 13–17 2017, pp 126–137. https://homes.cs.washington.edu/~rjust/publ/mocking_reflection_testing_icst_2017.pdf
Asprone D, Metzman J, Arya A, Guizzo G, Sarro F (2022) Comparing fuzzers on a level playing field with fuzzbench. In: 2022 IEEE conference on software testing, verification and validation (ICST). IEEE Computer Society, Los Alamitos, CA, USA, pp 302–311. https://doi.ieeecomputersociety.org/10.1109/ICST53961.2022.00039
Ayari K, Bouktif S, Antoniol G (2007) Automatic mutation test input data generation via ant colony. In: Proceedings of the 9th annual conference on genetic and evolutionary computation, pp 1074–1081
Babić D, Bucur S, Chen Y, Ivančić F, King T, Kusano M, Lemieux C, Szekeres L, Wang W (2019) Fudge: fuzz driver generation at scale. In: Proceedings of the 2019 27th ACM joint meeting on european software engineering conference and symposium on the foundations of software engineering, ser. ESEC/FSE 2019. Association for Computing Machinery, New York, NY, USA, pp 975–985. https://doi.org/10.1145/3338906.3340456
Böhme M, Pham V-T, Roychoudhury A (2016) Coverage-based greybox fuzzing as markov chain. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, ser. CCS ’16. Association for Computing Machinery, New York, NY, USA, pp 1032–1043
Bordeaux L, Hamadi Y, Zhang L (2006) Propositional satisfiability and constraint programming: a comparative survey. ACM Comput Surv 38(4). https://doi.org/10.1145/1177352.1177354
Borzacchiello L, Coppa E, Demetrescu C (2021) Fuzzing symbolic expressions. In: 2021 IEEE/ACM 43rd international conference on software engineering (ICSE), pp 711–722
Borzacchiello L, Coppa E, Demetrescu C (2021) FUZZOLIC: mixing fuzzing and concolic execution. Comp Secur
Brown DB (2020) Mutation testing: algorithms and applications. The University of Wisconsin-Madison
Buffoni L, Ochel L, Pop A, Fritzson P, Fors N, Hedin G, Taha W, Sjölund M (2021) Open source languages and methods for cyber-physical system development: overview and case studies. Electronics 10(8):902. https://www.mdpi.com/2079-9292/10/8/902
Cadar C, Dunbar D, Engler D (2008) Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of the 8th USENIX conference on operating systems design and implementation, ser. OSDI’08, vol 8. USENIX Association, USA, pp 209–224
Chekam TT, Papadakis M, Cordy M, Traon YL (2021) Killing stubborn mutants with symbolic execution. ACM Trans Softw Eng Method (TOSEM) 30(2)
Chekam TT, Papadakis M, Le Traon Y, Harman M (2017) An empirical study on mutation, statement and branch coverage fault revelation that avoids the unreliable clean program assumption. In: 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE), pp 597–608
Chekam TT (2023) SEMu: symbolic execution-based mutant analysis framework. https://github.com/thierry-tct/KLEE-SEMu
Chen J, Han W, Yin M, Zeng H, Song C, Lee B, Yin H, Shin I (2022) SYMSAN: time and space efficient concolic execution via dynamic data-flow analysis. In: 31st USENIX security symposium (USENIX Security 22). USENIX Association, Boston, MA, pp 2531–2548. https://www.usenix.org/conference/usenixsecurity22/presentation/chen-ju
Chen P, Xie Y, Lyu Y, Wang Y, Chen H (2023) Hopper: interpretative fuzzing for libraries. In: Proceedings of the 2023 ACM SIGSAC conference on computer and communications security, ser. CCS ’23. Association for Computing Machinery, New York, NY, USA, pp 1600–1614. https://doi-org.proxy.bnl.lu/10.1145/3576915.3616610
J.J. Chilenski S.P. Miller Applicability of modified condition/decision coverage to software testing Softw Eng J 9 5 193 200 10.1049/sej.1994.0025
Chipounov V, Kuznetsov V, Candea G (2011) S2e: a platform for in-vivo multi-path analysis of software systems. In: Proceedings of the sixteenth international conference on architectural support for programming languages and operating systems, ser. ASPLOS XVI. Association for Computing Machinery, New York, NY, USA, pp 265–278. https://doi.org/10.1145/1950365.1950396
CLANG (2020) Undefined behavior sanitizer. http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#ubsan-checks
Clang 22.0.0git documentation: Leak sanitizer. (2025b). https://clang.llvm.org/docs/LeakSanitizer.html. Accessed 28 Jul 2024
Clang 22.0.0git documentation: Undefined behavior sanitizer. (2025a). https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html. Accessed 28 Jul 2024
O.E. Cornejo Olivares F. Pastore L. Briand Mutation analysis for cyber-physical systems: scalable solutions and results in the space domain IEEE Trans Software Eng 48 10 3913 3939 10.1109/TSE.2021.3107680
Cornejo O, Pastore F, Briand L (2022) Mass: a tool for mutation analysis of space cps. In: 2022 IEEE/ACM 44th international conference on software engineering: companion proceedings (ICSE-Companion), pp 134–138
X. Dang X. Yao D. Gong T. Tian Efficiently generating test data to kill stubborn mutants by dynamically reducing the search domain IEEE Trans Reliab 69 1 334 348 10.1109/TR.2019.2922684
Degiovanni R, Papadakis M (2022) µbert: Mutation testing using pre-trained language models. In: 2022 IEEE international conference on software testing, verification and validation workshops (ICSTW), pp 160–169
Delamaro ME, Offutt J, Ammann P (2014) Designing deletion mutation operators. In: 2014 IEEE seventh international conference on software testing, verification and validation. IEEE, pp 11–20
M.E. Delamaro J. Maidonado A.P. Mathur Interface mutation: an approach for integration testing IEEE Trans Software Eng 27 3 228 247 10.1109/32.910859
P. Delgado-Pérez S. Segura I. Medina-Bulo Assessment of c++ object-oriented mutation operators: a selective mutation approach Softw Test Verification Reliab 27 4–5 e1630 10.1002/stvr.1630
P. Delgado-Pérez I. Habli S. Gregory R. Alexander J. Clark I. Medina-Bulo Evaluation of mutation testing in a nuclear industry case study IEEE Trans Reliab 67 4 1406 1419 10.1109/TR.2018.2864678
M. Dorigo M. Birattari T. Stutzle Ant colony optimization IEEE Comput Intell Mag 1 4 28 39 10.1109/MCI.2006.329691
ESA (2009) ECSS-E-ST-40C - Software general requirements. http://ecss.nl/standard/ecss-e-st-40c-software-general-requirements/
ESA (2017) ECSS-Q-ST-80C Rev.1 - Software product assurance. http://ecss.nl/standard/ecss-q-st-80c-rev-1-software-product-assurance-15-february-2017/
European Space Agency (2021) ESAIL microsatellite. https://www.esa.int/Applications/Telecommunications_Integrated_Applications/ESAIL_maritime_satellite_ready_for_launch
European Space Agency (2021) MLFS - mathematical library for space software. https://essr.esa.int/project/mlfs-mathematical-library-for-flight-software
European Space Agency (2021) Space. https://sir.csc.ncsu.edu/portal/bios/space.php
Fan A, Gokkaya B, Harman M, Lyubarskiy M, Sengupta S, Yoo S, Zhang JM (2023) Large language models for software engineering: survey and open problems. In: 2023 IEEE/ACM international conference on software engineering: future of software engineering (ICSE-FoSE), pp 31–53
FAQAS project (2023). https://faqas.uni.lu
Feldt R, Magazinius A (2010) Validity threats in empirical software engineering research—an initial survey. In: Proceedings of the 22nd international conference on software engineering and knowledge engineering (SEKE), San Francisco Bay, USA, 2010, pp 374–379. https://www.cse.chalmers.se/~feldt/publications/feldt_2010_validity_threats_in_ese_initial_survey.pdf
Fioraldi A, Maier D, Eißfeldt H, Heuse M (2020) AFL++: combining incremental steps of fuzzing research. In: 14th USENIX workshop on offensive technologies (WOOT 20). USENIX Association
G. Fraser A. Arcuri Achieving scalable mutation-based generation of whole test suites Empir Softw Eng 20 3 783 812 10.1007/s10664-013-9299-z
G. Fraser A. Arcuri Achieving scalable mutation-based generation of whole test suites Empirical Softw Engg 20 3 783 812 10.1007/s10664-013-9299-z
G. Fraser A. Zeller Mutation-driven generation of unit tests and oracles IEEE Trans Software Eng 38 2 278 292 10.1109/TSE.2011.93
Fraser G, Arcuri A (2011) Evosuite: automatic test suite generation for object-oriented software. In: Proceedings of the 19th ACM SIGSOFT symposium and the 13th european conference on foundations of software engineering, ser. ESEC/FSE ’11. ACM, New York, NY, USA, pp 416–419. http://doi.acm.org/10.1145/2025113.2025179
Free Software Foundation F (2021) GCC, the GNU compiler collection. https://gcc.gnu.org/
Fuzzbench Team (2024) FuzzBench: 2024-08-03-test report. https://www.fuzzbench.com/reports/2024-08-10-test/index.html
Gaisler C (2021) RTEMS cross compilation system. https://www.gaisler.com/index.php/products/operating-systems/rtems
Garg A, Degiovanni R, Papadakis M, Traon YL (2024) On the coupling between vulnerabilities and llm-generated mutants: a study on vul4j dataset. In: 2024 IEEE conference on software testing, verification and validation (ICST), pp 305–316
Google (2022) Honggfuzz. https://github.com/google/honggfuzz
GTD-GmbB (2024) Mathematical library for critical systems (LibmCS). https://gitlab.com/gtd-gmbh/libmcs/
Holling D, Banescu S, Probst M, Petrovska A, Pretschner A (2016) Nequivack: assessing mutation score confidence. In: 2016 IEEE ninth international conference on software testing, verification and validation workshops (ICSTW). IEEE, pp 152–161
Hu J, Duan Y, Yin H (2024) Marco: a stochastic asynchronous concolic explorer. In: Proceedings of the IEEE/ACM 46th international conference on software engineering, ser. ICSE ’24. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3597503.3623301
Ispoglou K, Austin D, Mohan V, Payer M (2020) FuzzGen: automatic fuzzer generation. In: 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, pp 2271–2287. https://www.usenix.org/conference/usenixsecurity20/presentation/ispoglou
Jeong B, Jang J, Yi H, Moon J, Kim J, Jeon I, Kim T, Shim W, Hwang YH (2023) UTopia: automatic generation of fuzz driver using unit tests. In:, pp Proceedings - IEEE symposium on security and privacy, vol 2023-May 2676–2692
R. Just G. Fraser M. Ivanković G. Petrovic Practical mutation testing at scale: a view from google IEEE Trans Software Eng 47 2780 2795
Kim M, Xin Q, Sinha S, Orso A (2022) Automated test generation for REST APIs: no time to rest yet. In:, Ryu S, Smaragdakis Y (eds) ISSTA ’22: 31st ACM SIGSOFT international symposium on software testing and analysis, Virtual Event, South Korea, July 18 - 222022. ACM, pp 289–301. https://doi.org/10.1145/3533767.3534401
M. Kintis M. Papadakis A. Papadopoulos E. Valvis N. Malevris Y. Le Traon How effective are mutation testing tools? An empirical analysis of Java mutation testing tools with manual analysis and real faults Empir Softw Eng 23 4 2426 2463 10.1007/s10664-017-9582-5
B. Korel Automated software test data generation IEEE Trans Software Eng 16 8 870 879 10.1109/32.57624
Laf-intel (2024) https://lafintel.wordpress.com/. Accessed 28 Feb 2024
Lakhotia K (2022) Honggfuzz. https://github.com/kiranlak/austin-sbst
Lakhotia K, Harman M, Gross (2010) Austin: an open source tool for search based software testing of c programs. Inf Softw Technol 55(:1)112–125. special section: Best papers from the 2nd International Symposium on Search Based Software Engineering 2010
Lakhotia K, Harman M, Gross H (2010) Austin: a tool for search based software testing for the c language and its evaluation on deployed automotive systems. In: 2nd International symposium on search based software engineering. IEEE, pp 101–110
Lee J, Pastore F, Briand L (2024) Replication package. https://figshare.com/s/5a9a1fa723c374f5d0fd
Lee J, Vigano E, Cornejo O, Pastore F, Briand L (2023) Fuzzing for cps mutation testing. In: 2023 38th IEEE/ACM international conference on Automated Software Engineering (ASE). IEEE Computer Society, Los Alamitos, CA, USA, pp 1377–1389. https://doi.ieeecomputersociety.org/10.1109/ASE56229.2023.00079
Lee J, Viganò E, Cornejo O, Pastore F, Briand L (2024) MOTIF toolset. https://github.com/SNTSVV/MOTIF
Lee J, Vigano E, Pastore F, Briand L (2024) Motif: a tool for mutation testing with fuzzing. In: 17th IEEE international conference on software testing, verification and validation (ICST). https://orbilu.uni.lu/handle/10993/61840
Liu X, You W, Zhang Z, Zhang X (2022) Tensilefuzz: facilitating seed input generation in fuzzing via string constraint solving. In: Proceedings of the 31st ACM SIGSOFT international symposium on software testing and analysis, ser. ISSTA 2022. Association for Computing Machinery, New York, NY, USA, pp 391–403. https://doi.org/10.1145/3533767.3534403
LLVM (2022) LLVM documentation - libfuzzer – a library for coverage-guided fuzz testing. https://llvm.org/docs/LibFuzzer.html
LLVM project (2023) Clang library. https://clang.llvm.org/
LLVM project (2023) The LLVM compiler infrastructure project. https://llvm.org/
Lyu C, Ji S, Zhang C, Li Y, Lee W-H, Song Y, Beyah R (2019) MOPT: optimized mutation scheduling for fuzzers. In: 28th USENIX security symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, pp 1949–1966. https://www.usenix.org/conference/usenixsecurity19/presentation/lyu
Lyu Y, Xie Y, Chen P, Chen H (2024) Prompt fuzzing for fuzz driver generation. In: Proceedings of the 31st ACM conference on computer and communications security (CCS). Association for Computing Machinery. http://arxiv.org/abs/2312.17677
Majumdar R, Sen K (2007) Hybrid concolic testing. In: 29th international conference on software engineering (ICSE’07), pp 416–426
Mamais G, Tsiodras T, Lesens D, Perrotin M (2012) An ASN.1 compiler for embedded/space systems. In: Embedded real time software and systems (ERTS2012), Toulouse, France. https://hal.science/hal-02263447
V.J. Manès H. Han C. Han S.K. Cha M. Egele E.J. Schwartz M. Woo The art, science, and engineering of fuzzing: a survey IEEE Trans Software Eng 47 11 2312 2331 10.1109/TSE.2019.2946563
Metzman J, Szekeres L, Maurice Romain Simon L, Trevelin Sprabery R, Arya A (2021) FuzzBench: an open fuzzer benchmarking platform and service. In: Proceedings of the 29th ACM joint meeting on european software engineering conference and symposium on the foundations of software engineering, ser. ESEC/FSE 2021. Association for Computing Machinery, New York, NY, USA, pp 1393–1403. https://doi.org/10.1145/3468264.3473932
Nilizadeh S, Noller Y, Pasareanu CS (2019) Diffuzz: differential fuzzing for side-channel analysis. In: 2019 IEEE/ACM 41st international conference on software engineering (ICSE), pp 176–187
A.J. Offutt J. Pan Automatically detecting equivalent mutants and infeasible paths Softw Test Verification Reliab 7 3 165 192 10.1002/(SICI)1099-1689(199709)7:3<165::AID-STVR143>3.0.CO;2-U
A.J. Offutt A. Lee G. Rothermel R.H. Untch C. Zapf An experimental determination of sufficient mutant operators ACM Trans Softw Eng Method (TOSEM) 5 2 99 118 10.1145/227607.227610
Ounjai J, Wüstholz V, Christakis M (2023) Green fuzzer benchmarking. In: Proceedings of the 32nd ACM SIGSOFT international symposium on software testing and analysis, ser. ISSTA 2023. Association for Computing Machinery, New York, NY, USA, pp 1396–1406. https://doi.org/10.1145/3597926.3598144
Papadakis M, Kintis M, Zhang J, Jia Y, Le Traon Y, Harman M (2019) Mutation testing advances: an analysis and survey. In: Advances in computers
Papadakis M, Shin D, Yoo S, Bae D-H (2018) Are mutation scores correlated with real fault detection? a large scale empirical study on the relationship between mutants and real faults. In: 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE). IEEE, pp 537–548
Poeplau S, Francillon A (2020) Symbolic execution with SymCC: don’t interpret, compile!. In: 29th USENIX security symposium (USENIX Security 20). USENIX Association, pp 181–198
Poeplau S, Francillon A (2021) SymQEMU: compilation-based symbolic execution for binaries. In: Network and distributed system security symposium. network & distributed system security symposium
Qian R, Zhang Q, Fang C, Guo L (2022) Investigating coverage guided fuzzing with mutation testing. In: Proceedings of the 13th Asia-Pacific symposium on internetware, ser. Internetware ’22. Association for Computing Machinery, New York, NY, USA, pp 272–281. https://doi.org/10.1145/3545258.3545285
Ralph P, Tempero E (2018) Construct validity in software engineering research and software metrics. In: Proceedings of the 22nd international conference on evaluation and assessment in software engineering 2018, ser. EASE ’18. Association for Computing Machinery, New York, NY, USA, pp 13–23. https://doi.org/10.1145/3210459.3210461
Ramler R, Wetzlmaier T, Klammer C (2017) An empirical study on the application of mutation testing for a safety-critical industrial software system. Proc ACM Symposium Appl Comput Part F128005(Section 4):1401–1408
Riener H, Bloem R, Fey G (2011) Test case generation from mutants using model checking techniques. In: 2011 IEEE fourth international conference on software testing, verification and validation workshops. IEEE, pp 388–397
Sălcianu A, Rinard M (2005) Purity and side effect analysis for java programs. In: Verification, model checking, and abstract interpretation (VMCAI 2005), ser. Lecture Notes in Computer Science, vol 3385. Springer, pp 199–215. https://link.springer.com/chapter/10.1007/978-3-540-30579-8_14
Scalabrino S, Grano G, Di Nucci D, Guerra M, De Lucia A, Gall HC, Oliveto R (2018) Ocelot: a search-based test-data generation tool for c. In: Proceedings of the 33rd ACM/IEEE international conference on automated software engineering, ser. ASE ’18. Association for Computing Machinery, New York, NY, USA, pp 868–871. https://doi.org/10.1145/3238147.3240477
Schuler D, Dallmeier V, Zeller A (2009) Efficient mutation testing by checking invariant violations. In: Proceedings of the eighteenth international symposium on Software testing and analysis (ISSTA’18)
Schuler D, Zeller A (2013) Covering and uncovering equivalent mutants. STVR
Semantix and Neuropublic (2021) ASN.1 certified compiler. https://github.com/ttsiodras/asn1scc
Serebryany K, Bruening D, Potapenko A, Vyukov D (2012) Addresssanitizer: a fast address sanity checker. In: Proceedings of the USENIX ATC 2012. https://www.usenix.org/conference/usenixfederatedconferencesweek/addresssanitizer-fast-address-sanity-checker
Shin SY, Pastore F, Bianculli D, Baicoianu A (2024) Towards generating executable metamorphic relations using large language models. https://arxiv.org/abs/2401.17019
D. Shin S. Yoo D. Bae A theoretical and empirical study of diversity-aware mutation adequacy criterion IEEE Trans Software Eng 44 10 914 931 10.1109/TSE.2017.2732347
Shin D, Yoo S, Bae D-H (2017) A theoretical and empirical study of diversity-aware mutation adequacy criterion. IEEE TSE
Shoshitaishvili Y, Wang R, Salls C, Stephens N, Polino M, Dutcher A, Grosen J, Feng S, Hauser C, Kruegel C, Vigna G (2016) Sok: (state of) the art of war: offensive techniques in binary analysis. In: IEEE symposium on security and privacy
Soltana G, Sabetzadeh M, Briand LC (2021) ESA sentinel missions. https://sentinel.esa.int/web/sentinel/home
Souza FCM, Papadakis M, Le Traon Y, Delamaro ME (2016) Strong mutation-based test data generation using hill climbing. In: Proceedings of the 9th international workshop on search-based software testing, pp 45–54
Stepanov E, Serebryany K (2015) Memorysanitizer: fast detector of uninitialized memory use in c++. In: Proceedings of the 2015 IEEE/ACM international symposium on code generation and optimization (CGO), pp 46–55
Stephens N, Grosen J, Salls C, Dutcher A, Wang R, Corbetta J, Shoshitaishvili Y, Kruegel C, Vigna G (2016) Driller: augmenting fuzzing through selective symbolic execution nick. Network and Distributed System Security Symposium, pp 21–24
Team GO-F (2024) Oss-fuzz-gen: Llm powered fuzzing via oss-fuzz. https://github.com/google/oss-fuzz-gen. Accessed 28 Aug 2024
Varrette S, Bouvry P, Cartiaux H, Georgatos F (2014) Management of an academic HPC cluster: the UL experience. In:, pp Proceedings of the 2014 international conference on high performance computing & simulation (HPCS’14). IEEE959–967
Vikram V, Laybourn I, Li A, Nair N, OBrien K, Sanna R, Padhye R (2023) Guiding greybox fuzzing with mutation testing. In: Proceedings of the 32nd ACM SIGSOFT international symposium on software testing and analysis. ACM, New York, NY, USA, pp 929–941. https://doi.org/10.1145/3597926.3598107
J. Wang Y. Huang C. Chen Z. Liu S. Wang Q. Wang Software testing with large language models: survey, landscape, and vision IEEE Trans Software Eng 50 4 911 936 10.1109/TSE.2024.3368208
Wang J, Chen B, Wei L, Liu Y (2017) Skyfire: data-driven seed generation for fuzzing. In: 2017 IEEE symposium on security and privacy (SP), pp 579–594
Wang J, Duan Y, Song W, Yin H, Song C (2019) Be sensitive and collaborative: analyzing impact of coverage metrics in greybox fuzzing. Proceedings of the 22nd international symposium on research in attacks, intrusions and defenses (RAID2019), pp 1–15
Wang Z, Liblit B, Reps T (2020) Tofu: target-oriented fuzzer. arXiv preprint arXiv:2004.14375
Wang P, Zhou X, Yue T, Lin P, Liu Y, Lu K (2024) The progress, challenges, and perspectives of directed greybox fuzzing. Softw Test Verification Reliab 34(2):e1869. https://onlinelibrary.wiley.com/doi/abs/10.1002/stvr.1869
Wohlin C, Runeson P, Höst M, Ohlsson MC, Regnell B, Wesslén A (2012) Experimentation in software engineering. Springer. https://link.springer.com/book/10.1007/978-3-662-69306-3
Yun I, Lee S, Xu M, Jang Y, Kim T (2018) QSYM: a practical concolic execution engine tailored for hybrid fuzzing. In: 27th USENIX security symposium. Baltimore, MD, USENIX Association, pp 745–761
Zalewski M (2020) American fuzzy lop: a security-oriented fuzzer. http://lcamtuf.coredump.cx/afl/
Zalewski M (2022) How AFL works. https://afl-1.readthedocs.io/en/latest/about_afl.html#how-afl-works
Zhang C, Bai M, Zheng Y, Li Y, Xie X, Li Y, Ma W, Sun L, Liu Y (2024) Understanding large language model based fuzz driver generation. In: Proceedings of the 33rd international symposium on software testing and analysis (ISSTA). Association for Computing Machinery. http://arxiv.org/abs/2307.12469
Zhang D, Fioraldi A, Balzarotti D (2024) On understanding and forecasting fuzzers performance with static analysis. In: CCS 2024, 31st ACM conference on computer and communications security, 14-18 October 2024, Salt Lake City, UT, USA. ACM, Ed., Salt Lake City
Zhang C, Lin X, Li Y, Xue Y, Xie J, Chen H, Ying X, Wang J, Liu Y (2021) APICraft: fuzz driver generation for closed-source SDK libraries. In: 30th USENIX security symposium (USENIX Security 21). USENIX Association, pp 2811–2828. https://www.usenix.org/conference/usenixsecurity21/presentation/zhang-cen
Zhu X, Böhme M (2021) Regression greybox fuzzing. In: Proceedings of the 28th ACM conference on computer and communications security, ser. CCS