ISSTA 2025
Wed 25 - Sat 28 June 2025 Trondheim, Norway
co-located with FSE 2025
Wed 25 Jun 2025 16:00 - 16:25 at Cosmos 3A - Fuzzing and Concolic Chair(s): Shiyi Wei

Fuzzing is one of the most efficient techniques for detecting vulnerabilities in software. Existing approaches struggle with performance inconsistencies across different targets and rely on rigid, coarse-grained fuzzing strategy composition, limiting the flexibility to adaptively combine the strengths of different fuzzing strategies at runtime. To address these challenges, we present xFUZZ, a flexible and extensible fuzzing framework supporting fine-grained, runtime-adaptive strategy composition. xFUZZ integrates popular input scheduling and mutation scheduling strategies as fine-grained, independently switchable plugins, allowing users to adaptively replace any plugins throughout the fuzzing campaign. Furthermore, we introduce an adaptive algorithm based on Sliding-Window Thompson Sampling, which dynamically selects the optimal composition of the fuzzing strategy during the fuzzing campaign. Experimental results show that xFUZZ outperforms state-of-the-art fuzzers by achieving a 10.07% increase in unique vulnerability discovery and a 4.94% improvement in code coverage. Notably, xFUZZ is the first to detect 21 out of 37 vulnerabilities in the test suite, establishing its effectiveness across varied targets.

Wed 25 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 17:15
Fuzzing and ConcolicResearch Papers at Cosmos 3A
Chair(s): Shiyi Wei University of Texas at Dallas
16:00
25m
Talk
xFUZZ: A Flexible Framework for Fine-Grained, Runtime-Adaptive Fuzzing Strategy Composition
Research Papers
DongSong Yu Zhongguancun Laboratory, Yiyi Wang Tsinghua University, Huazhong University of Science and Technology, Chao Zhang Tsinghua University, Yang Lan , Zhiyuan Jiang National University of Defense Technology, Shuitao Gan Labortory for Advanced Computing and Intelligence Engineering, Zheyu Ma Tsinghua University, Wende Tan Tsinghua University
DOI
16:25
25m
Talk
KRAKEN: Program-Adaptive Parallel Fuzzing
Research Papers
Anshunkang Zhou Hong Kong University of Science and Technology, Heqing Huang City University of Hong Kong, Charles Zhang Hong Kong University of Science and Technology
DOI Pre-print
16:50
25m
Talk
Quantum Concolic Testing
Research Papers
Shangzhou Xia Kyushu University, Jianjun Zhao Kyushu University, Fuyuan Zhang Kyushu University, Xiaoyu Guo Kyushu University
DOI

Information for Participants
Wed 25 Jun 2025 16:00 - 17:15 at Cosmos 3A - Fuzzing and Concolic Chair(s): Shiyi Wei
Info for room Cosmos 3A:

Cosmos 3A is the first room in the Cosmos 3 wing.

When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.

:
:
:
: