HuntFUZZ: Enhancing error handling testing through clustering based fuzzing.

Saved in:
Bibliographic Details
Title: HuntFUZZ: Enhancing error handling testing through clustering based fuzzing.
Authors: Wei, Jin1,2 (AUTHOR), Chen, Ping2,3 (AUTHOR) pchen@fudan.edu.cn, Dai, Jun4 (AUTHOR), Sun, Xiaoyan4 (AUTHOR), Zhang, Zhihao4 (AUTHOR), Xu, Chang1 (AUTHOR), Wang, Yi2 (AUTHOR)
Source: Journal of Computer Security. Sep2025, Vol. 33 Issue 5, p334-359. 26p.
Subjects: Computer software testing, Dynamic testing, Clustering algorithms, Defect tracking (Computer software development), Constraint programming
Abstract: Testing a program's capability to effectively handle errors is a significant challenge, given that program errors are relatively uncommon. To address this, software fault injection (SFI)-based fuzzing combines SFI with traditional fuzzing to inject faults and trigger errors, enabling the testing of (error handling) code. However, current SFI-based fuzzing approaches have overlooked the correlation between paths housing error points. In fact, the execution paths of error points often share common paths. As a result, fuzzers usually generate test cases repeatedly to explore these common paths. This practice can compromise the efficiency of the fuzzer(s). To address this issue, this paper introduces HuntFUZZ, a novel SFI-based fuzzing framework designed to minimize redundant exploration of error points with correlated paths. HuntFUZZ achieves this by clustering these correlated error points and using concolic execution to resolve the path constraints necessary for approaching or reaching these clusters. This approach provides the fuzzer with optimized test cases, allowing it to efficiently explore error points within the cluster while minimizing redundancy. We evaluate HuntFUZZ on a diverse set of 42 applications, and HuntFUZZ successfully reveals 162 known bugs, with 62 of them being related to error handling. Additionally, due to its efficient error point detection method, HuntFUZZ discovers seven unique zero-day bugs, which are all missed by existing fuzzers. Furthermore, we compare HuntFUZZ with four existing fuzzing approaches, including AFL, AFL++, AFLGo, and EH-FUZZ. Our evaluation confirms that HuntFUZZ can cover a broader range of error points, and it exhibits better performance in terms of bug-finding speed. [ABSTRACT FROM AUTHOR]
Copyright of Journal of Computer Security is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 187531854
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: HuntFUZZ: Enhancing error handling testing through clustering based fuzzing.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Wei%2C+Jin%22">Wei, Jin</searchLink><relatesTo>1,2</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Chen%2C+Ping%22">Chen, Ping</searchLink><relatesTo>2,3</relatesTo> (AUTHOR)<i> pchen@fudan.edu.cn</i><br /><searchLink fieldCode="AR" term="%22Dai%2C+Jun%22">Dai, Jun</searchLink><relatesTo>4</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Sun%2C+Xiaoyan%22">Sun, Xiaoyan</searchLink><relatesTo>4</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Zhang%2C+Zhihao%22">Zhang, Zhihao</searchLink><relatesTo>4</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Xu%2C+Chang%22">Xu, Chang</searchLink><relatesTo>1</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Wang%2C+Yi%22">Wang, Yi</searchLink><relatesTo>2</relatesTo> (AUTHOR)
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Journal+of+Computer+Security%22">Journal of Computer Security</searchLink>. Sep2025, Vol. 33 Issue 5, p334-359. 26p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Computer+software+testing%22">Computer software testing</searchLink><br /><searchLink fieldCode="DE" term="%22Dynamic+testing%22">Dynamic testing</searchLink><br /><searchLink fieldCode="DE" term="%22Clustering+algorithms%22">Clustering algorithms</searchLink><br /><searchLink fieldCode="DE" term="%22Defect+tracking+%28Computer+software+development%29%22">Defect tracking (Computer software development)</searchLink><br /><searchLink fieldCode="DE" term="%22Constraint+programming%22">Constraint programming</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Testing a program's capability to effectively handle errors is a significant challenge, given that program errors are relatively uncommon. To address this, software fault injection (SFI)-based fuzzing combines SFI with traditional fuzzing to inject faults and trigger errors, enabling the testing of (error handling) code. However, current SFI-based fuzzing approaches have overlooked the correlation between paths housing error points. In fact, the execution paths of error points often share common paths. As a result, fuzzers usually generate test cases repeatedly to explore these common paths. This practice can compromise the efficiency of the fuzzer(s). To address this issue, this paper introduces HuntFUZZ, a novel SFI-based fuzzing framework designed to minimize redundant exploration of error points with correlated paths. HuntFUZZ achieves this by clustering these correlated error points and using concolic execution to resolve the path constraints necessary for approaching or reaching these clusters. This approach provides the fuzzer with optimized test cases, allowing it to efficiently explore error points within the cluster while minimizing redundancy. We evaluate HuntFUZZ on a diverse set of 42 applications, and HuntFUZZ successfully reveals 162 known bugs, with 62 of them being related to error handling. Additionally, due to its efficient error point detection method, HuntFUZZ discovers seven unique zero-day bugs, which are all missed by existing fuzzers. Furthermore, we compare HuntFUZZ with four existing fuzzing approaches, including AFL, AFL++, AFLGo, and EH-FUZZ. Our evaluation confirms that HuntFUZZ can cover a broader range of error points, and it exhibits better performance in terms of bug-finding speed. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Journal of Computer Security is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=187531854
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1177/0926227X251343867
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 26
        StartPage: 334
    Subjects:
      – SubjectFull: Computer software testing
        Type: general
      – SubjectFull: Dynamic testing
        Type: general
      – SubjectFull: Clustering algorithms
        Type: general
      – SubjectFull: Defect tracking (Computer software development)
        Type: general
      – SubjectFull: Constraint programming
        Type: general
    Titles:
      – TitleFull: HuntFUZZ: Enhancing error handling testing through clustering based fuzzing.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Wei, Jin
      – PersonEntity:
          Name:
            NameFull: Chen, Ping
      – PersonEntity:
          Name:
            NameFull: Dai, Jun
      – PersonEntity:
          Name:
            NameFull: Sun, Xiaoyan
      – PersonEntity:
          Name:
            NameFull: Zhang, Zhihao
      – PersonEntity:
          Name:
            NameFull: Xu, Chang
      – PersonEntity:
          Name:
            NameFull: Wang, Yi
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 09
              Text: Sep2025
              Type: published
              Y: 2025
          Identifiers:
            – Type: issn-print
              Value: 0926227X
          Numbering:
            – Type: volume
              Value: 33
            – Type: issue
              Value: 5
          Titles:
            – TitleFull: Journal of Computer Security
              Type: main
ResultId 1