ASE 2025
Sun 16 - Thu 20 November 2025 Seoul, South Korea

This program is tentative and subject to change.

Wed 19 Nov 2025 14:10 - 14:20 at Grand Hall 2 - Fuzzing 2

Fuzzing is a testing technique that generates a large number of inputs to cause program crashes. As large language models grow, so do the programs developed with their assistance, leading to an exponential increase in code complexity and function counts. Performing comprehensive fuzz testing on all functions has become increasingly challenging and resource-intensive. Current methods for determining when to stop fuzz testing activities rely on metrics such as function coverage, vulnerability function coverage or crash count. However, these metrics fail to account for the scale of the functions under test. For example, function coverage may lead to excessive testing on non-critical functions, while vulnerability function coverage can result in premature termination if the estimated number of vulnerability functions is too low.

This paper introduces a novel fuzzing testing termination criterion based on function clustering. We compare our criterion with three existing methods.Fisrt, by leveraging langurage model for function encoding and a multi-metric fusion algorithm for determining the number of clusters, we establish a relationship between function clustering and vulnerability distribution. Second, our experiments on eight function libraries demonstrate that the proposed termination criterion significantly improves testing efficiency, reducing fuzzing time by 1.4–7.2 hours (5–30%) across different configurations while maintaining minimal bug loss (averaging 0.25 bugs), outperforming existing criteria like vulnerability function coverage-based approaches.

This program is tentative and subject to change.

Wed 19 Nov

Displayed time zone: Seoul change

14:00 - 15:30
14:00
10m
Talk
Terminator: enabling efficient fuzzing of closed-source GUI programs by automatic coverage-guided termination
Research Papers
Jonas Zabel Fraunhofer SIT | ATHENE, Philip Kolvenbach , Steven Arzt Fraunhofer SIT; ATHENE
14:10
10m
Talk
Function Clustering-Based Fuzzing Termination: Toward Smarter Early Stopping
Research Papers
ding liang University of Science and Technology of China, Wenzhang Yang Institute of AI for industries, Yinxing Xue Institute of AI for Industries, Chinese Academy of Sciences
14:20
10m
Talk
Risk Estimation in Differential Fuzzing via Extreme Value Theory
Research Papers
Rafael Baez University of Texas at El Paso, Alejandro Olivas University of Texas at El Paso, Nathan K Diamond University of Texas at El Paso, Marcelo F. Frias Dept. of Software Engineering Instituto Tecnológico de Buenos Aires, Yannic Noller Ruhr University Bochum, Saeid Tizpaz-Niari University of Illinois Chicago
14:30
10m
Talk
Advanced White-Box Heuristics for Search-Based Fuzzing of REST APIs
Journal-First Track
Andrea Arcuri Kristiania University College and Oslo Metropolitan University, Man Zhang Beihang University, China, Juan Pablo Galeotti University of Buenos Aires
14:40
10m
Talk
BCFuzz: Bytecode-Driven Fuzzing for JavaScript Engines
Research Papers
Jiming Wang SKLP, Institute of Computing Technology, CAS & University of Chinese Academy of Sciences, Chenggang Wu Institute of Computing Technology at Chinese Academy of Sciences; University of Chinese Academy of Sciences; Zhongguancun Laboratory, Jikai Ren SKLP, Institute of Computing Technology, CAS & University of Chinese Academy of Sciences, Yuhao Hu SKLP, Institute of Computing Technology, CAS & University of Chinese Academy of Sciences, Yan Kang Institute of Computing Technology at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Xiaojie Wei SKLP, Institute of Computing Technology, CAS, Yuanming Lai Institute of Computing Technology at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Mengyao Xie SKLP, Institute of Computing Technology, CAS, Zhe Wang Institute of Computing Technology at Chinese Academy of Sciences; Zhongguancun Laboratory
14:50
10m
Talk
LSPFuzz: Hunting Bugs in Language Servers
Research Papers
Hengcheng Zhu The Hong Kong University of Science and Technology, Songqiang Chen The Hong Kong University of Science and Technology, Valerio Terragni University of Auckland, Lili Wei McGill University, Yepang Liu Southern University of Science and Technology, Jiarong Wu , Shing-Chi Cheung Hong Kong University of Science and Technology
Pre-print
15:00
10m
Talk
TEPHRA: Principled Discovery of Fuzzer Limitations
Research Papers
Vasil Sarafov μCSRL, CODE Research Institute, University of the Bundeswehr Munich, David Markvica μCSRL, CODE Research Institute, University of the Bundeswehr Munich, Stefan Brunthaler μCSRL, CODE Research Institute, University of the Bundeswehr Munich
15:10
10m
Talk
Learning-Guided Fuzzing for Testing Stateful SDN Controllers
Journal-First Track
Raphaël Ollando University of Luxembourg, Seung Yeob Shin University of Luxembourg, Lionel Briand University of Ottawa, Canada; Lero centre, University of Limerick, Ireland
15:20
10m
Talk
Learning from the Past: Real-World Exploit Migration for Smart Contract PoC Generation
Research Papers
Kairan Sun Nanyang Technological University, Zhengzi Xu Imperial Global Singapore, Kaixuan Li Nanyang Technological University, Lyuye Zhang Nanyang Technological University, Yebo Feng Nanyang Technological University, Daoyuan Wu Lingnan University, Yang Liu Nanyang Technological University