HFuzz: Havoc Mode Guided Fuzzing (SBFT 2025)

Who

Yuchong Xie, Dongdong She

Track

SBFT 2025 Search-Based and Fuzz testing

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Tue 29 Apr 2025 17:00 - 17:15 at 104 - Tool Competitions 2 and Award Ceremony Chair(s): Addison Crump, Matteo Biagiola, Alessio Gambi, Vincenzo Riccio

Abstract

Taint analysis plays a crucial role in fuzzing by identifying input bytes that significantly influence program behavior. However, existing taint analysis approaches either require heavy- weight instrumentation or incur substantial runtime overhead. In this paper, we propose HFuzz, a novel fuzzing approach that leverages the havoc mutation mode - a fundamental component in modern fuzzers - to perform lightweight taint inference. Our approach operates in two phases: first identifying ”hot bytes” through havoc-based sampling, then using this information to guide subsequent mutations. By utilizing existing fuzzing components rather than adding extra execution, HFuzz achieves efficient taint inference while maintaining the simplicity and scalability of conventional fuzzers.

Yuchong Xie

Hong Kong University of Science and Technology

Dongdong She

HKUST (The Hong Kong University of Science and Technology)

Hong Kong SAR China