{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T02:12:06Z","timestamp":1775873526941,"version":"3.50.1"},"reference-count":54,"publisher":"Association for Computing Machinery (ACM)","issue":"OOPSLA2","license":[{"start":{"date-parts":[[2023,10,16]],"date-time":"2023-10-16T00:00:00Z","timestamp":1697414400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-sa\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2023,10,16]]},"abstract":"<jats:p>Web browsers exhibit rich semantics that enable a plethora of web-based functionalities. However, these intricate semantics present significant challenges for the implementation and testing of browsers. For example, fuzzing, a widely adopted testing technique, typically relies on handwritten context-free grammars (CFGs) for automatically generating inputs. However, these CFGs fall short in adequately modeling the complex semantics of browsers, resulting in generated inputs that cover only a portion of the semantics and are prone to semantic errors. In this paper, we present SaGe, an automated method that enhances browser fuzzing through the use of production-context sensitive grammars (PCSGs) incorporating semantic information. Our approach begins by extracting a rudimentary CFG from W3C standards and iteratively enhancing it to create a PCSG. The resulting PCSG enables our fuzzer to generate inputs that explore a broader range of browser semantics with a higher proportion of semantically-correct inputs. To evaluate the efficacy of SaGe, we conducted 24-hour fuzzing campaigns on mainstream browsers, including Chrome, Safari, and Firefox. Our approach demonstrated better performance compared to existing browser fuzzers, with a 6.03%-277.80% improvement in edge coverage, a 3.56%-161.71% boost in semantic correctness rate, twice the number of bugs discovered. Moreover, we identified 62 bugs across the three browsers, with 40 confirmed and 10 assigned CVEs.<\/jats:p>","DOI":"10.1145\/3622819","type":"journal-article","created":{"date-parts":[[2023,10,16]],"date-time":"2023-10-16T15:41:29Z","timestamp":1697470889000},"page":"604-631","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Towards Better Semantics Exploration for Browser Fuzzing"],"prefix":"10.1145","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6446-247X","authenticated-orcid":false,"given":"Chijin","family":"Zhou","sequence":"first","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7778-4243","authenticated-orcid":false,"given":"Quan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4336-7190","authenticated-orcid":false,"given":"Lihua","family":"Guo","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2153-6766","authenticated-orcid":false,"given":"Mingzhe","family":"Wang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0955-503X","authenticated-orcid":false,"given":"Yu","family":"Jiang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1012-5301","authenticated-orcid":false,"given":"Qing","family":"Liao","sequence":"additional","affiliation":[{"name":"Harbin Institute of Technology, Shenzhen, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1908-5043","authenticated-orcid":false,"given":"Zhiyong","family":"Wu","sequence":"additional","affiliation":[{"name":"National University of Defense Technology, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0798-974X","authenticated-orcid":false,"given":"Shanshan","family":"Li","sequence":"additional","affiliation":[{"name":"National University of Defense Technology, Changsha, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7218-4839","authenticated-orcid":false,"given":"Bin","family":"Gu","sequence":"additional","affiliation":[{"name":"Beijing Institute of Control Engineering, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,10,16]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Alfred V Aho Ravi Sethi and Jeffrey D Ullman. 2007. Compilers: principles techniques and tools. 2 Addison-wesley Reading. \t\t\t\t  Alfred V Aho Ravi Sethi and Jeffrey D Ullman. 2007. Compilers: principles techniques and tools. 2 Addison-wesley Reading."},{"key":"e_1_2_1_2_1","volume-title":"NAUTILUS: Fishing for Deep Bugs with Grammars. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019","author":"Aschermann Cornelius","year":"2019","unstructured":"Cornelius Aschermann , Tommaso Frassetto , Thorsten Holz , Patrick Jauernig , Ahmad-Reza Sadeghi , and Daniel Teuchert . 2019 . NAUTILUS: Fishing for Deep Bugs with Grammars. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019 , San Diego, California, USA , February 24-27, 2019. The Internet Society. Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, and Daniel Teuchert. 2019. NAUTILUS: Fishing for Deep Bugs with Grammars. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062349"},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022","author":"Bernhard Lukas","year":"2022","unstructured":"Lukas Bernhard , Tobias Scharnowski , Moritz Schloegel , Tim Blazytko , and Thorsten Holz . 2022 . JIT-Picking: Differential Fuzzing of JavaScript Engines . In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 , Los Angeles, CA, USA , November 7-11, 2022, Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi (Eds.). ACM, 351\u2013364. Lukas Bernhard, Tobias Scharnowski, Moritz Schloegel, Tim Blazytko, and Thorsten Holz. 2022. JIT-Picking: Differential Fuzzing of JavaScript Engines. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7-11, 2022, Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi (Eds.). ACM, 351\u2013364."},{"key":"e_1_2_1_5_1","first-page":"06","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Blazytko Tim","year":"2019","unstructured":"Tim Blazytko , Cornelius Aschermann , Moritz Schl\u00f6gel , Ali Abbasi , Sergej Schumilo , Simon W\u00f6rner , and Thorsten Holz . 2019 . GRIMOIRE: Synthesizing Structure while Fuzzing . In 28th USENIX Security Symposium (USENIX Security 19) . USENIX Association, Santa Clara, CA. 1985\u20132002. isbn:978-1-939133- 06 - 09 Tim Blazytko, Cornelius Aschermann, Moritz Schl\u00f6gel, Ali Abbasi, Sergej Schumilo, Simon W\u00f6rner, and Thorsten Holz. 2019. GRIMOIRE: Synthesizing Structure while Fuzzing. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA. 1985\u20132002. isbn:978-1-939133-06-9"},{"key":"e_1_2_1_6_1","volume-title":"28th USENIX Security Symposium, USENIX Security 2019","author":"Chen Yuanliang","year":"2019","unstructured":"Yuanliang Chen , Yu Jiang , Fuchen Ma , Jie Liang , Mingzhe Wang , Chijin Zhou , Xun Jiao , and Zhuo Su . 2019 . EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers . In 28th USENIX Security Symposium, USENIX Security 2019 , Santa Clara, CA, USA , August 14-16, 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 1967\u20131983. Yuanliang Chen, Yu Jiang, Fuchen Ma, Jie Liang, Mingzhe Wang, Chijin Zhou, Xun Jiao, and Zhuo Su. 2019. EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 1967\u20131983."},{"key":"e_1_2_1_7_1","volume-title":"All: Generic Language Processor Testing with Semantic Validation. In 2021 IEEE Symposium on Security and Privacy (SP). 642\u2013658","author":"Chen Yongheng","year":"2021","unstructured":"Yongheng Chen , Rui Zhong , Hong Hu , Hangfan Zhang , Yupeng Yang , Dinghao Wu , and Wenke Lee . 2021 . One Engine to Fuzz \u2019em All: Generic Language Processor Testing with Semantic Validation. In 2021 IEEE Symposium on Security and Privacy (SP). 642\u2013658 . Yongheng Chen, Rui Zhong, Hong Hu, Hangfan Zhang, Yupeng Yang, Dinghao Wu, and Wenke Lee. 2021. One Engine to Fuzz \u2019em All: Generic Language Processor Testing with Semantic Validation. In 2021 IEEE Symposium on Security and Privacy (SP). 642\u2013658."},{"key":"e_1_2_1_8_1","volume-title":"CSSTree - A tool set for CSS including fast detailed parser, walker, generator and lexer based on W3C specs and browser implementations. https:\/\/github.com\/csstree\/csstree (visited on","year":"2022","unstructured":"csstree. 2022. CSSTree - A tool set for CSS including fast detailed parser, walker, generator and lexer based on W3C specs and browser implementations. https:\/\/github.com\/csstree\/csstree (visited on September 20, 2022 ) csstree. 2022. CSSTree - A tool set for CSS including fast detailed parser, walker, generator and lexer based on W3C specs and browser implementations. https:\/\/github.com\/csstree\/csstree (visited on September 20, 2022)"},{"key":"e_1_2_1_9_1","volume-title":"Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021","author":"Dinh Sung Ta","year":"2021","unstructured":"Sung Ta Dinh , Haehyun Cho , Kyle Martin , Adam Oest , Kyle Zeng , Alexandros Kapravelos , Gail-Joon Ahn , Tiffany Bao , Ruoyu Wang , Adam Doup\u00e9 , and Yan Shoshitaishvili . 2021 . Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021 , virtually, February 21-25, 2021. The Internet Society. Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Kyle Zeng, Alexandros Kapravelos, Gail-Joon Ahn, Tiffany Bao, Ruoyu Wang, Adam Doup\u00e9, and Yan Shoshitaishvili. 2021. Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, February 21-25, 2021. The Internet Society."},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation","author":"Godefroid Patrice","year":"2008","unstructured":"Patrice Godefroid , Adam Kiezun , and Michael Y. Levin . 2008. Grammar-based whitebox fuzzing . In Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation , Tucson, AZ, USA , June 7-13, 2008 , Rajiv Gupta and Saman P. Amarasinghe (Eds.). ACM, 206\u2013215. Patrice Godefroid, Adam Kiezun, and Michael Y. Levin. 2008. Grammar-based whitebox fuzzing. In Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, Tucson, AZ, USA, June 7-13, 2008, Rajiv Gupta and Saman P. Amarasinghe (Eds.). ACM, 206\u2013215."},{"key":"e_1_2_1_11_1","volume-title":"Domato: A DOM fuzzer. https:\/\/github.com\/googleprojectzero\/domato (visited on","year":"2017","unstructured":"Google. 2017 . Domato: A DOM fuzzer. https:\/\/github.com\/googleprojectzero\/domato (visited on September 20, 2022) Google. 2017. Domato: A DOM fuzzer. https:\/\/github.com\/googleprojectzero\/domato (visited on September 20, 2022)"},{"key":"e_1_2_1_12_1","volume-title":"https:\/\/google.github.io\/clusterfuzz\/ (visited on","year":"2022","unstructured":"Google. 2019. ClusterFuzz. https:\/\/google.github.io\/clusterfuzz\/ (visited on September 20, 2022 ) Google. 2019. ClusterFuzz. https:\/\/google.github.io\/clusterfuzz\/ (visited on September 20, 2022)"},{"key":"e_1_2_1_13_1","volume-title":"Input Algebras. In 43rd IEEE\/ACM International Conference on Software Engineering, ICSE 2021","author":"Gopinath Rahul","year":"2021","unstructured":"Rahul Gopinath , Hamed Nemati , and Andreas Zeller . 2021 . Input Algebras. In 43rd IEEE\/ACM International Conference on Software Engineering, ICSE 2021 , Madrid, Spain , 22-30 May 2021. IEEE, 699\u2013710. Rahul Gopinath, Hamed Nemati, and Andreas Zeller. 2021. Input Algebras. In 43rd IEEE\/ACM International Conference on Software Engineering, ICSE 2021, Madrid, Spain, 22-30 May 2021. IEEE, 699\u2013710."},{"key":"e_1_2_1_14_1","volume-title":"FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities. In 30th Annual Network and Distributed System Security Symposium, NDSS 2023","author":"Gro\u00df Samuel","year":"2023","unstructured":"Samuel Gro\u00df , Simon Koch , Lukas Bernhard , Thorsten Holz , and Martin Johns . 2023 . FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities. In 30th Annual Network and Distributed System Security Symposium, NDSS 2023 , San Diego, California, USA, February 27 - March 3, 2023. The Internet Society. Samuel Gro\u00df, Simon Koch, Lukas Bernhard, Thorsten Holz, and Martin Johns. 2023. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities. In 30th Annual Network and Distributed System Security Symposium, NDSS 2023, San Diego, California, USA, February 27 - March 3, 2023. The Internet Society."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23263"},{"key":"e_1_2_1_16_1","volume-title":"Systematically Covering Input Structure. In 34th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2019","author":"Havrikov Nikolas","year":"2019","unstructured":"Nikolas Havrikov and Andreas Zeller . 2019 . Systematically Covering Input Structure. In 34th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2019 , San Diego, CA, USA , November 11-15, 2019. IEEE, 189\u2013199. Nikolas Havrikov and Andreas Zeller. 2019. Systematically Covering Input Structure. In 34th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2019, San Diego, CA, USA, November 11-15, 2019. IEEE, 189\u2013199."},{"key":"e_1_2_1_17_1","volume-title":"WPE powers hundreds of millions of embedded devices.. https:\/\/wpewebkit.org\/ (visited on","year":"2022","unstructured":"Igalia. 2021. WPE powers hundreds of millions of embedded devices.. https:\/\/wpewebkit.org\/ (visited on September 20, 2022 ) Igalia. 2021. WPE powers hundreds of millions of embedded devices.. https:\/\/wpewebkit.org\/ (visited on September 20, 2022)"},{"key":"e_1_2_1_18_1","volume-title":"PATA: Fuzzing with Path Aware Taint Analysis. In 2022 2022 IEEE Symposium on Security and Privacy (SP)(SP). IEEE Computer Society","author":"Liang Jie","year":"2022","unstructured":"Jie Liang , Mingzhe Wang , Chijin Zhou , Zhiyong Wu , Yu Jiang , Jianzhong Liu , Zhe Liu , and Jiaguang Sun . 2022 . PATA: Fuzzing with Path Aware Taint Analysis. In 2022 2022 IEEE Symposium on Security and Privacy (SP)(SP). IEEE Computer Society , Los Alamitos, CA, USA. 154\u2013170. Jie Liang, Mingzhe Wang, Chijin Zhou, Zhiyong Wu, Yu Jiang, Jianzhong Liu, Zhe Liu, and Jiaguang Sun. 2022. PATA: Fuzzing with Path Aware Taint Analysis. In 2022 2022 IEEE Symposium on Security and Privacy (SP)(SP). IEEE Computer Society, Los Alamitos, CA, USA. 154\u2013170."},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems","volume":"2","author":"Liu Jiawei","year":"2023","unstructured":"Jiawei Liu , Jinkun Lin , Fabian Ruffy , Cheng Tan , Jinyang Li , Aurojit Panda , and Lingming Zhang . 2023 . NNSmith: Generating Diverse and Valid Test Cases for Deep Learning Compilers . In Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems , Volume 2 , ASPLOS 2023, Vancouver, BC, Canada , March 25-29, 2023, Tor M. Aamodt, Natalie D. Enright Jerger, and Michael M. Swift (Eds.). ACM, 530\u2013543. Jiawei Liu, Jinkun Lin, Fabian Ruffy, Cheng Tan, Jinyang Li, Aurojit Panda, and Lingming Zhang. 2023. NNSmith: Generating Diverse and Valid Test Cases for Deep Learning Compilers. In Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2, ASPLOS 2023, Vancouver, BC, Canada, March 25-29, 2023, Tor M. Aamodt, Natalie D. Enright Jerger, and Michael M. Swift (Eds.). ACM, 530\u2013543."},{"key":"e_1_2_1_20_1","volume-title":"Proc. ACM Program. Lang., 4, OOPSLA","author":"Livinskii Vsevolod","year":"2020","unstructured":"Vsevolod Livinskii , Dmitry Babokin , and John Regehr . 2020 . Random Testing for C and C++ Compilers with YARPGen . Proc. ACM Program. Lang., 4, OOPSLA (2020), Article 196, nov, 25 pages. Vsevolod Livinskii, Dmitry Babokin, and John Regehr. 2020. Random Testing for C and C++ Compilers with YARPGen. Proc. ACM Program. Lang., 4, OOPSLA (2020), Article 196, nov, 25 pages."},{"key":"e_1_2_1_21_1","volume-title":"Clang 13 documentation: SANITIZERCOVERAGE. https:\/\/clang.llvm.org\/docs\/SanitizerCoverage.html (visited on","year":"2022","unstructured":"llvm. 2022. Clang 13 documentation: SANITIZERCOVERAGE. https:\/\/clang.llvm.org\/docs\/SanitizerCoverage.html (visited on September 20, 2022 ) llvm. 2022. Clang 13 documentation: SANITIZERCOVERAGE. https:\/\/clang.llvm.org\/docs\/SanitizerCoverage.html (visited on September 20, 2022)"},{"key":"e_1_2_1_22_1","volume-title":"Parser-Directed Fuzzing. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI","author":"Mathis Bj\u00f6rn","year":"2019","unstructured":"Bj\u00f6rn Mathis , Rahul Gopinath , Micha\u00ebl Mera , Alexander Kampmann , Matthias H\u00f6schele , and Andreas Zeller . 2019 . Parser-Directed Fuzzing. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2019). Association for Computing Machinery, New York, NY, USA. 548\u2013560. isbn:9781450367127 Bj\u00f6rn Mathis, Rahul Gopinath, Micha\u00ebl Mera, Alexander Kampmann, Matthias H\u00f6schele, and Andreas Zeller. 2019. Parser-Directed Fuzzing. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2019). Association for Computing Machinery, New York, NY, USA. 548\u2013560. isbn:9781450367127"},{"key":"e_1_2_1_23_1","volume-title":"MDN Web Docs. https:\/\/developer.mozilla.org\/ (visited on","year":"2022","unstructured":"Mozilla. 2005. MDN Web Docs. https:\/\/developer.mozilla.org\/ (visited on September 20, 2022 ) Mozilla. 2005. MDN Web Docs. https:\/\/developer.mozilla.org\/ (visited on September 20, 2022)"},{"key":"e_1_2_1_24_1","volume-title":"dharma: Generation-based, context-free grammar fuzzer. https:\/\/github.com\/MozillaSecurity\/dharma (visited on","year":"2022","unstructured":"Mozilla. 2015. dharma: Generation-based, context-free grammar fuzzer. https:\/\/github.com\/MozillaSecurity\/dharma (visited on September 20, 2022 ) Mozilla. 2015. dharma: Generation-based, context-free grammar fuzzer. https:\/\/github.com\/MozillaSecurity\/dharma (visited on September 20, 2022)"},{"key":"e_1_2_1_25_1","volume-title":"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API (visited on","author":"Is Web","year":"2022","unstructured":"mozilla. 2021. Web AP Is . https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API (visited on September 20, 2022 ) mozilla. 2021. Web APIs. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API (visited on September 20, 2022)"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00069"},{"key":"e_1_2_1_27_1","volume-title":"44th IEEE\/ACM 44th International Conference on Software Engineering, ICSE 2022","author":"Nguyen Hoang Lam","year":"2022","unstructured":"Hoang Lam Nguyen and Lars Grunske . 2022 . BEDIVFUZZ: Integrating Behavioral Diversity into Generator-based Fuzzing . In 44th IEEE\/ACM 44th International Conference on Software Engineering, ICSE 2022 , Pittsburgh, PA, USA , May 25-27, 2022. ACM, 249\u2013261. Hoang Lam Nguyen and Lars Grunske. 2022. BEDIVFUZZ: Integrating Behavioral Diversity into Generator-based Fuzzing. In 44th IEEE\/ACM 44th International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022. ACM, 249\u2013261."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330576"},{"key":"e_1_2_1_29_1","volume-title":"Proc. ACM Program. Lang., 3, OOPSLA","author":"Padhye Rohan","year":"2019","unstructured":"Rohan Padhye , Caroline Lemieux , Koushik Sen , Laurent Simon , and Hayawardh Vijayakumar . 2019 . FuzzFactory: domain-specific fuzzing with waypoints . Proc. ACM Program. Lang., 3, OOPSLA (2019), 174:1\u2013174:29. Rohan Padhye, Caroline Lemieux, Koushik Sen, Laurent Simon, and Hayawardh Vijayakumar. 2019. FuzzFactory: domain-specific fuzzing with waypoints. Proc. ACM Program. Lang., 3, OOPSLA (2019), 174:1\u2013174:29."},{"key":"e_1_2_1_30_1","volume-title":"43rd IEEE\/ACM International Conference on Software Engineering, ICSE 2021","author":"Park Jihyeok","year":"2021","unstructured":"Jihyeok Park , Seungmin An , Dongjun Youn , Gyeongwon Kim , and Sukyoung Ryu . 2021 . JEST: N+1 -version Differential Testing of Both JavaScript Engines and Specification . In 43rd IEEE\/ACM International Conference on Software Engineering, ICSE 2021 , Madrid, Spain , 22-30 May 2021. IEEE, 13\u201324. Jihyeok Park, Seungmin An, Dongjun Youn, Gyeongwon Kim, and Sukyoung Ryu. 2021. JEST: N+1 -version Differential Testing of Both JavaScript Engines and Specification. In 43rd IEEE\/ACM International Conference on Software Engineering, ICSE 2021, Madrid, Spain, 22-30 May 2021. IEEE, 13\u201324."},{"key":"e_1_2_1_31_1","volume-title":"Fuzzing JavaScript Engines with Aspect-preserving Mutation. In 2020 IEEE Symposium on Security and Privacy, SP 2020","author":"Park Soyeon","year":"2020","unstructured":"Soyeon Park , Wen Xu , Insu Yun , Daehee Jang , and Taesoo Kim . 2020 . Fuzzing JavaScript Engines with Aspect-preserving Mutation. In 2020 IEEE Symposium on Security and Privacy, SP 2020 , San Francisco, CA, USA , May 18-21, 2020. IEEE, 1629\u20131642. Soyeon Park, Wen Xu, Insu Yun, Daehee Jang, and Taesoo Kim. 2020. Fuzzing JavaScript Engines with Aspect-preserving Mutation. In 2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18-21, 2020. IEEE, 1629\u20131642."},{"key":"e_1_2_1_32_1","volume-title":"14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20)","author":"Rigger Manuel","year":"2020","unstructured":"Manuel Rigger and Zhendong Su . 2020 . Testing Database Engines via Pivoted Query Synthesis . In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20) . USENIX Association, 667\u2013682. isbn:978-1-939133-19-9 Manuel Rigger and Zhendong Su. 2020. Testing Database Engines via Pivoted Query Synthesis. In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20). USENIX Association, 667\u2013682. isbn:978-1-939133-19-9"},{"key":"e_1_2_1_33_1","volume-title":"AddressSanitizer: A Fast Address Sanity Checker. In 2012 USENIX Annual Technical Conference","author":"Serebryany Konstantin","year":"2012","unstructured":"Konstantin Serebryany , Derek Bruening , Alexander Potapenko , and Dmitriy Vyukov . 2012 . AddressSanitizer: A Fast Address Sanity Checker. In 2012 USENIX Annual Technical Conference , Boston, MA, USA , June 13-15, 2012, Gernot Heiser and Wilson C. Hsieh (Eds.). USENIX Association, 309\u2013318. Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In 2012 USENIX Annual Technical Conference, Boston, MA, USA, June 13-15, 2012, Gernot Heiser and Wilson C. Hsieh (Eds.). USENIX Association, 309\u2013318."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464814"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483547"},{"key":"e_1_2_1_36_1","volume-title":"https:\/\/www.w3.org\/standards\/ (visited on","author":"Standards C.","year":"2022","unstructured":"W3 C. 2022. W3C Standards . https:\/\/www.w3.org\/standards\/ (visited on September 20, 2022 ) W3C. 2022. W3C Standards. https:\/\/www.w3.org\/standards\/ (visited on September 20, 2022)"},{"key":"e_1_2_1_37_1","volume-title":"https:\/\/webidl.spec.whatwg.org\/ (visited on","author":"C.","year":"2022","unstructured":"W3 C. 2022. WebIDL Level 1. https:\/\/webidl.spec.whatwg.org\/ (visited on September 20, 2022 ) W3C. 2022. WebIDL Level 1. https:\/\/webidl.spec.whatwg.org\/ (visited on September 20, 2022)"},{"key":"e_1_2_1_38_1","volume-title":"Webref - Machine-readable references of terms defined in web browser specifications. https:\/\/github.com\/w3c\/webref (visited on","author":"C.","year":"2022","unstructured":"W3 C. 2022. Webref - Machine-readable references of terms defined in web browser specifications. https:\/\/github.com\/w3c\/webref (visited on September 20, 2022 ) W3C. 2022. Webref - Machine-readable references of terms defined in web browser specifications. https:\/\/github.com\/w3c\/webref (visited on September 20, 2022)"},{"key":"e_1_2_1_39_1","volume-title":"Skyfire: Data-Driven Seed Generation for Fuzzing. In 2017 IEEE Symposium on Security and Privacy (SP). 579\u2013594","author":"Wang Junjie","year":"2017","unstructured":"Junjie Wang , Bihuan Chen , Lei Wei , and Yang Liu . 2017 . Skyfire: Data-Driven Seed Generation for Fuzzing. In 2017 IEEE Symposium on Security and Privacy (SP). 579\u2013594 . Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu. 2017. Skyfire: Data-Driven Seed Generation for Fuzzing. In 2017 IEEE Symposium on Security and Privacy (SP). 579\u2013594."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00081"},{"key":"e_1_2_1_41_1","volume-title":"RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing. In 2021 USENIX Annual Technical Conference, USENIX ATC 2021","author":"Wang Mingzhe","year":"2021","unstructured":"Mingzhe Wang , Jie Liang , Chijin Zhou , Yu Jiang , Rui Wang , Chengnian Sun , and Jiaguang Sun . 2021 . RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing. In 2021 USENIX Annual Technical Conference, USENIX ATC 2021 , July 14-16, 2021, Irina Calciu and Geoff Kuenning (Eds.). USENIX Association, 147\u2013159. Mingzhe Wang, Jie Liang, Chijin Zhou, Yu Jiang, Rui Wang, Chengnian Sun, and Jiaguang Sun. 2021. RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing. In 2021 USENIX Annual Technical Conference, USENIX ATC 2021, July 14-16, 2021, Irina Calciu and Geoff Kuenning (Eds.). USENIX Association, 147\u2013159."},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3519939.3523428"},{"key":"e_1_2_1_43_1","volume-title":"Industry Practice of Coverage-Guided Enterprise-Level DBMS Fuzzing. In 43rd IEEE\/ACM International Conference on Software Engineering: Software Engineering in Practice, ICSE (SEIP) 2021","author":"Wang Mingzhe","year":"2021","unstructured":"Mingzhe Wang , Zhiyong Wu , Xinyi Xu , Jie Liang , Chijin Zhou , Huafeng Zhang , and Yu Jiang . 2021 . Industry Practice of Coverage-Guided Enterprise-Level DBMS Fuzzing. In 43rd IEEE\/ACM International Conference on Software Engineering: Software Engineering in Practice, ICSE (SEIP) 2021 , Madrid, Spain , May 25-28, 2021. IEEE, 328\u2013337. Mingzhe Wang, Zhiyong Wu, Xinyi Xu, Jie Liang, Chijin Zhou, Huafeng Zhang, and Yu Jiang. 2021. Industry Practice of Coverage-Guided Enterprise-Level DBMS Fuzzing. In 43rd IEEE\/ACM International Conference on Software Engineering: Software Engineering in Practice, ICSE (SEIP) 2021, Madrid, Spain, May 25-28, 2021. IEEE, 328\u2013337."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534364"},{"key":"e_1_2_1_45_1","volume-title":"2020 ACM SIGSAC Conference on Computer and Communications Security","author":"Xu Wen","year":"2020","unstructured":"Wen Xu , Soyeon Park , and Taesoo Kim . 2020 . FREEDOM: Engineering a State-of-the-Art DOM Fuzzer. In CCS \u201920 : 2020 ACM SIGSAC Conference on Computer and Communications Security , Virtual Event, USA , November 9-13, 2020, Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna (Eds.). ACM, 971\u2013986. Wen Xu, Soyeon Park, and Taesoo Kim. 2020. FREEDOM: Engineering a State-of-the-Art DOM Fuzzer. In CCS \u201920: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, November 9-13, 2020, Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna (Eds.). ACM, 971\u2013986."},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993532"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3453483.3454054"},{"key":"e_1_2_1_48_1","series-title":"Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics, ACL","volume-title":"Long Papers, Regina Barzilay and Min-Yen Kan (Eds.)","author":"Yin Pengcheng","year":"2017","unstructured":"Pengcheng Yin and Graham Neubig . 2017. A Syntactic Neural Model for General-Purpose Code Generation . In Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics, ACL 2017 , Vancouver, Canada, July 30 - August 4, Volume 1 : Long Papers, Regina Barzilay and Min-Yen Kan (Eds.) . Association for Computational Linguistics, 440\u2013450. Pengcheng Yin and Graham Neubig. 2017. A Syntactic Neural Model for General-Purpose Code Generation. In Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics, ACL 2017, Vancouver, Canada, July 30 - August 4, Volume 1: Long Papers, Regina Barzilay and Min-Yen Kan (Eds.). Association for Computational Linguistics, 440\u2013450."},{"key":"e_1_2_1_49_1","volume-title":"american fuzzy lop. https:\/\/lcamtuf.coredump.cx\/afl\/ (visited on","author":"Zalewski Micha\u0142","year":"2022","unstructured":"Micha\u0142 Zalewski . 2013. american fuzzy lop. https:\/\/lcamtuf.coredump.cx\/afl\/ (visited on September 20, 2022 ) Micha\u0142 Zalewski. 2013. american fuzzy lop. https:\/\/lcamtuf.coredump.cx\/afl\/ (visited on September 20, 2022)"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00086"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417260"},{"key":"e_1_2_1_52_1","volume-title":"Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling. In 35th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2020","author":"Zhou Chijin","year":"2020","unstructured":"Chijin Zhou , Mingzhe Wang , Jie Liang , Zhe Liu , and Yu Jiang . 2020 . Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling. In 35th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2020 , Melbourne, Australia , September 21-25, 2020. IEEE, 858\u2013870. Chijin Zhou, Mingzhe Wang, Jie Liang, Zhe Liu, and Yu Jiang. 2020. Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling. In 35th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2020, Melbourne, Australia, September 21-25, 2020. IEEE, 858\u2013870."},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.8328742"},{"key":"e_1_2_1_54_1","volume-title":"Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2022","author":"Zhou Chijin","year":"2022","unstructured":"Chijin Zhou , Quan Zhang , Mingzhe Wang , Lihua Guo , Jie Liang , Zhe Liu , Mathias Payer , and Yu Jiang . 2022 . Minerva: browser API fuzzing with dynamic mod-ref analysis . In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2022 , Singapore, Singapore , November 14-18, 2022, Abhik Roychoudhury, Cristian Cadar, and Miryung Kim (Eds.). ACM, 1135\u20131147. Chijin Zhou, Quan Zhang, Mingzhe Wang, Lihua Guo, Jie Liang, Zhe Liu, Mathias Payer, and Yu Jiang. 2022. Minerva: browser API fuzzing with dynamic mod-ref analysis. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2022, Singapore, Singapore, November 14-18, 2022, Abhik Roychoudhury, Cristian Cadar, and Miryung Kim (Eds.). ACM, 1135\u20131147."}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3622819","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3622819","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:04Z","timestamp":1750178224000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3622819"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,16]]},"references-count":54,"journal-issue":{"issue":"OOPSLA2","published-print":{"date-parts":[[2023,10,16]]}},"alternative-id":["10.1145\/3622819"],"URL":"https:\/\/doi.org\/10.1145\/3622819","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,10,16]]},"assertion":[{"value":"2023-10-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}