Document Open Access Logo

FuzzFlesh: Randomised Testing of Decompilers via Control Flow Graph-Based Program Generation

Authors Amber Gorzynski , Alastair F. Donaldson

PDF

File

Thumbnail PDF
PDF
LIPIcs.ECOOP.2025.13.pdf
  • Filesize: 1.88 MB
  • 26 pages

Document Identifiers

Subject Classification

ACM Subject Classification
  • Security and privacy → Software reverse engineering
  • Software and its engineering → Software testing and debugging
  • Software and its engineering → Compilers
Keywords
  • Decompiler
  • Reverse Engineering
  • Control Flow
  • Software Testing
  • Fuzzing

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
    0
    Metadata Views

Abstract

Decompilation is the process of translating compiled code into high-level code. Control flow recovery is a challenging part of the process. "Misdecompilations" can occur, whereby the decompiled code does not accurately represent the semantics of the compiled code, despite it being syntactically valid. This is problematic because it can mislead users who are trying to reason about the program. 
We present CFG-based program generation: a novel approach to randomised testing that aims to improve the control flow recovery of decompilers. CFG-based program generation involves randomly generating control flow graphs (CFGs) and paths through each graph. Inspired by prior work in the domain of GPU computing, (CFG, path) pairs are "fleshed" into test programs. Each program is decompiled and recompiled. The test oracle verifies whether the actual runtime path through the graph matches the expected path. Any difference in the execution paths after recompilation indicates a possible misdecompilation. A key benefit of this approach is that it is largely independent of the source and target languages in question because it is focused on control flow. The approach is therefore applicable to numerous decompilation settings. The trade-off resulting from the focus on control flow is that misdecompilation bugs that do not relate to control flow (e.g. bugs that involve specific arithmetic operations) are out of scope.
We have implemented this approach in FuzzFlesh, an open-source randomised testing tool. FuzzFlesh can be easily configured to target a variety of low-level languages and decompiler toolchains because most of the CFG and path generation process is language-independent. At present, FuzzFlesh supports testing decompilation of Java bytecode, .NET assembly and x86 machine code. In addition to program generation, FuzzFlesh also includes an automated test-case reducer that operates on the CFG rather than the low-level program, which means that it can be applied to any of the target languages. 
We present a large experimental campaign applying FuzzFlesh to a variety of decompilers, leading to the discovery of 12 previously-unknown bugs across two language formats, six of which have been fixed. We present experiments comparing our generic FuzzFlesh tool to two state-of-the-art decompiler testing tools targeted at specific languages. As expected, the coverage our generic FuzzFlesh tool achieves on a given decompiler is lower than the coverage achieved by a tool specifically designed for the input format of that decompiler. However, due to its focus on control flow, FuzzFlesh is able to cover sections of control flow recovery code that the targeted tools cannot reach, and identify control flow related bugs that the targeted tools miss.

Cite As Get BibTex

Amber Gorzynski and Alastair F. Donaldson. FuzzFlesh: Randomised Testing of Decompilers via Control Flow Graph-Based Program Generation. In 39th European Conference on Object-Oriented Programming (ECOOP 2025). Leibniz International Proceedings in Informatics (LIPIcs), Volume 333, pp. 13:1-13:26, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2025) https://doi.org/10.4230/LIPIcs.ECOOP.2025.13

Author Details

Amber Gorzynski
  • Imperial College London, UK
Alastair F. Donaldson
  • Imperial College London, UK

Funding

This work was supported by EPSRC grant EP/R006865/1 and gift funding from Google.

References

  1. Jaime Acosta and Daniel Krych. Hands-on cybersecurity studies: Uncovering and decoding malware communications-malware analysis with Ghidra. Technical Report ARL-TR-9129, Computational and Information Sciences Directorate, DEVCOM Army Research Laboratory, 2020. Accessed: 2025-04-25. URL: https://apps.dtic.mil/sti/trecms/pdf/AD1119396.pdf.
  2. Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman. Compilers: Principles, Techniques, and Tools (2nd Edition). Addison-Wesley Longman Publishing Co., Inc., USA, 2006. Google Scholar
  3. Avast. RetDec: A retargetable machine-code decompiler based on LLVM, 2022. Accessed: 2025-04-25. URL: https://github.com/avast/retdec.
  4. Zion Leonahenahe Basque, Ati Priya Bajaj, Wil Gibbs, Jude O'Kain, Derron Miao, Tiffany Bao, Adam Doupé, Yan Shoshitaishvili, and Ruoyu Wang. Ahoy SAILR! there is no need to DREAM of C: A Compiler-Aware structuring algorithm for binary decompilation. In 33rd USENIX Security Symposium (USENIX Security 24), pages 361-378, Philadelphia, PA, August 2024. USENIX Association. Accessed: 2025-04-25. URL: https://www.usenix.org/system/files/usenixsecurity24-basque.pdf.
  5. Lee Benfield. CFR - another Java decompiler, 2025. Accessed: 2025-04-25. URL: https://www.benf.org/other/cfr/.
  6. David Brumley, JongHyup Lee, Edward J. Schwartz, and Maverick Woo. Native x86 decompilation using semantics-preserving structural analysis and iterative control-flow structuring. In 22nd USENIX Security Symposium (USENIX Security 13), pages 353-368, Washington, D.C., August 2013. USENIX Association. Accessed: 2025-04-25. URL: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_schwartz.pdf.
  7. Ying Cao, Runze Zhang, Ruigang Liang, and Kai Chen. Evaluating the effectiveness of decompilers. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2024, pages 491-502, New York, NY, USA, 2024. Association for Computing Machinery. URL: https://doi.org/10.1145/3650212.3652144.
  8. Larry Carter, Jeanne Ferrante, and Clark D. Thomborson. Folklore confirmed: reducible flow graphs are exponentially larger. In Alex Aiken and Greg Morrisett, editors, Conference Record of POPL 2003: The 30th SIGPLAN-SIGACT Symposium on Principles of Programming Languages, New Orleans, Louisisana, USA, January 15-17, 2003, pages 106-114. ACM, 2003. URL: https://doi.org/10.1145/604131.604141.
  9. Junjie Chen, Wenxiang Hu, Dan Hao, Yingfei Xiong, Hongyu Zhang, Lu Zhang, and Bing Xie. An empirical comparison of compiler testing techniques. In Laura K. Dillon, Willem Visser, and Laurie A. Williams, editors, Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016, pages 180-190. ACM, 2016. URL: https://doi.org/10.1145/2884781.2884878.
  10. Junjie Chen, Jibesh Patra, Michael Pradel, Yingfei Xiong, Hongyu Zhang, Dan Hao, and Lu Zhang. A survey of compiler testing. ACM Comput. Surv., 53(1):4:1-4:36, 2021. URL: https://doi.org/10.1145/3363562.
  11. T.Y. Chen, S.C. Cheung, and S.M. Yiu. Metamorphic testing: a new approach for generating next test cases. Technical Report HKUST-CS98-01, Department of Computer Science, The Hong Kong University of Science and Technology, 1998. Accessed: 2025-04-25. URL: https://www.cse.ust.hk/faculty/scc/publ/CS98-01-metamorphictesting.pdf.
  12. Yuting Chen, Ting Su, Chengnian Sun, Zhendong Su, and Jianjun Zhao. Coverage-directed differential testing of JVM implementations. In Chandra Krintz and Emery D. Berger, editors, Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13-17, 2016, pages 85-99. ACM, 2016. URL: https://doi.org/10.1145/2908080.2908095.
  13. Cristina Cifuentes and K. John Gough. Decompilation of binary programs. Softw. Pract. Exp., 25(7):811-829, 1995. URL: https://doi.org/10.1002/SPE.4380250706.
  14. Alastair F. Donaldson, Hugues Evrard, Andrei Lascu, and Paul Thomson. Automated testing of graphics shader compilers. Proc. ACM Program. Lang., 1(OOPSLA):93:1-93:29, 2017. URL: https://doi.org/10.1145/3133917.
  15. Alastair F. Donaldson, Paul Thomson, Vasyl Teliman, Stefano Milizia, André Perez Maselco, and Antoni Karpinski. Test-case reduction and deduplication almost for free with transformation-based compiler testing. In Stephen N. Freund and Eran Yahav, editors, PLDI '21: 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation, Virtual Event, Canada, June 20-25, 2021, pages 1017-1032. ACM, 2021. URL: https://doi.org/10.1145/3453483.3454092.
  16. Luke Dramko, Jeremy Lacomis, Edward J. Schwartz, Bogdan Vasilescu, and Claire Le Goues. A taxonomy of C decompiler fidelity issues. In Davide Balzarotti and Wenyuan Xu, editors, 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association, 2024. Accessed: 2025-04-25. URL: https://www.usenix.org/system/files/usenixsecurity24-dramko.pdf.
  17. Lukás Durfina, Jakub Kroustek, and Petr Zemek. PsybOt malware: A step-by-step decompilation case study. In Ralf Lämmel, Rocco Oliveto, and Romain Robbes, editors, 20th Working Conference on Reverse Engineering, WCRE 2013, Koblenz, Germany, October 14-17, 2013, pages 449-456. IEEE Computer Society, 2013. URL: https://doi.org/10.1109/WCRE.2013.6671321.
  18. Mike Van Emmerik and Trent Waddington. Using a decompiler for real-world source recovery. In 11th Working Conference on Reverse Engineering, WCRE 2004, Delft, The Netherlands, November 8-12, 2004, pages 27-36. IEEE Computer Society, 2004. URL: https://doi.org/10.1109/WCRE.2004.42.
  19. P Erdös and A Rényi. On random graphs I. Publicationes Mathematicae Debrecen, 6:290-297, 1959. Google Scholar
  20. Miguel Gómez-Zamalloa, Elvira Albert, and Germán Puebla. Decompilation of Java bytecode to Prolog by partial evaluation. Inf. Softw. Technol., 51(10):1409-1427, 2009. URL: https://doi.org/10.1016/J.INFSOF.2009.04.010.
  21. Amber Gorzynski. FuzzFlesh, 2024. URL: https://github.com/ambergorzynski/control_flow_fleshing.
  22. Amber Gorzynski. FuzzFlesh artifact, 2024. URL: https://github.com/ambergorzynski/control_flow_fleshing/tree/ecoop-2025.
  23. James Gosling and Henry McGilton. The Java Language Environment, 1996. Accessed: 2025-04-25. URL: https://www.oracle.com/java/technologies/simple-familiar.html.
  24. Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. Gigahorse: thorough, declarative decompilation of smart contracts. In Joanne M. Atlee, Tevfik Bultan, and Jon Whittle, editors, Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, Montreal, QC, Canada, May 25-31, 2019, pages 1176-1186. IEEE / ACM, 2019. URL: https://doi.org/10.1109/ICSE.2019.00120.
  25. Andrea Gussoni, Alessandro Di Federico, Pietro Fezzardi, and Giovanni Agosta. A comb for decompiled C code. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS '20, pages 637-651, New York, NY, USA, 2020. Association for Computing Machinery. URL: https://doi.org/10.1145/3320269.3384766.
  26. Yann Herklotz and John Wickerson. Finding and understanding bugs in FPGA synthesis tools. In Stephen Neuendorffer and Lesley Shannon, editors, FPGA '20: The 2020 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays, Seaside, CA, USA, February 23-25, 2020, pages 277-287. ACM, 2020. URL: https://doi.org/10.1145/3373087.3375310.
  27. Hex-Rays. IDA Pro, 2025. Accessed: 2025-04-25. URL: https://hex-rays.com/ida-pro/.
  28. Joshua Homan. Deobfuscating Python bytecode, 2016. Accessed: 2025-04-25. URL: https://cloud.google.com/blog/topics/threat-intelligence/deobfuscating-python.
  29. ICSharpCode. ILSpy, 2025. Accessed: 2025-04-25. URL: https://github.com/icsharpcode/ILSpy.
  30. IntelliJ. Fernflower, 2025. Accessed: 2025-04-25. URL: https://github.com/JetBrains/intellij-community/blob/master/plugins/java-decompiler/engine/src/org/jetbrains/java/decompiler.
  31. Daniel Jackson. Alloy: a language and tool for exploring software designs. Commun. ACM, 62(9):66-76, 2019. URL: https://doi.org/10.1145/3338843.
  32. JADX Authors. JADX, 2025. Accessed: 2025-04-25. URL: https://github.com/skylot/jadx.
  33. George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. Evaluating fuzz testing. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018, pages 2123-2138. ACM, 2018. URL: https://doi.org/10.1145/3243734.3243804.
  34. Vasileios Klimis, Jack Clark, Alan Baker, David Neto, John Wickerson, and Alastair F. Donaldson. Taking back control in an intermediate representation for GPU computing. Proc. ACM Program. Lang., 7(POPL):1740-1769, 2023. URL: https://doi.org/10.1145/3571253.
  35. P. L. Krapivsky and S. Redner. Organization of growing random networks. Physical Review E, 63(6), May 2001. URL: https://doi.org/10.1103/physreve.63.066123.
  36. Ryan Kurtz. Git commit fixing a bug found by fuzzflesh in Ghidra, 2024. Accessed: 2025-04-25. URL: https://github.com/NationalSecurityAgency/ghidra/commit/6ede2b498f75e29c13fe64d3ce7549e90e17aa2b.
  37. Vu Le, Mehrdad Afshari, and Zhendong Su. Compiler validation via equivalence modulo inputs. In Michael F. P. O'Boyle and Keshav Pingali, editors, ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, Edinburgh, United Kingdom - June 09 - 11, 2014, pages 216-226. ACM, 2014. URL: https://doi.org/10.1145/2594291.2594334.
  38. Christopher Lidbury and Alastair F. Donaldson. Dynamic race detection for C++11. In Giuseppe Castagna and Andrew D. Gordon, editors, Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017, pages 443-457. ACM, 2017. URL: https://doi.org/10.1145/3009837.3009857.
  39. Jiawei Liu, Jinkun Lin, Fabian Ruffy, Cheng Tan, Jinyang Li, Aurojit Panda, and Lingming Zhang. NNSmith: Generating diverse and valid test cases for deep learning compilers. In Tor M. Aamodt, Natalie D. Enright Jerger, and Michael M. Swift, editors, Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2, ASPLOS 2023, Vancouver, BC, Canada, March 25-29, 2023, pages 530-543. ACM, 2023. URL: https://doi.org/10.1145/3575693.3575707.
  40. Jiawei Liu, Yuxiang Wei, Sen Yang, Yinlin Deng, and Lingming Zhang. Coverage-guided tensor compiler fuzzing with joint IR-pass mutation. Proc. ACM Program. Lang., 6(OOPSLA1):1-26, 2022. URL: https://doi.org/10.1145/3527317.
  41. Zhibo Liu and Shuai Wang. How far we have come: Testing decompilation correctness of C decompilers. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2020, pages 475-487, New York, NY, USA, 2020. Association for Computing Machinery. URL: https://doi.org/10.1145/3395363.3397370.
  42. Vsevolod Livinskii, Dmitry Babokin, and John Regehr. Random testing for C and C++ compilers with yarpgen. Proc. ACM Program. Lang., 4(OOPSLA):196:1-196:25, 2020. URL: https://doi.org/10.1145/3428264.
  43. Yifei Lu, Weidong Hou, Minxue Pan, Xuandong Li, and Zhendong Su. Understanding and finding Java decompiler bugs. Proc. ACM Program. Lang., 8(OOPSLA1), April 2024. URL: https://doi.org/10.1145/3649860.
  44. Haoyang Ma, Qingchao Shen, Yongqiang Tian, Junjie Chen, and Shing-Chi Cheung. Fuzzing deep learning compilers with HirGen. In René Just and Gordon Fraser, editors, Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023, Seattle, WA, USA, July 17-21, 2023, pages 248-260. ACM, 2023. URL: https://doi.org/10.1145/3597926.3598053.
  45. Alessandro Mantovani, Luca Compagna, Yan Shoshitaishvili, and Davide Balzarotti. The convergence of source code and binary vulnerability discovery - A case study. In Yuji Suga, Kouichi Sakurai, Xuhua Ding, and Kazue Sako, editors, ASIA CCS '22: ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May 2022 - 3 June 2022, pages 602-615. ACM, 2022. URL: https://doi.org/10.1145/3488932.3497764.
  46. William M. McKeeman. Differential testing for software. Digit. Tech. J., 10(1):100-107, 1998. Accessed: 2025-04-25. URL: http://www.dtjcd.vmsresource.org.uk/pdfs/dtj_v10-01_1998.pdf.
  47. Jonathan Meyner and Daniel Reynaud. Jasmin, 2004. Accessed: 2025-04-25. URL: https://jasmin.sourceforge.net/.
  48. Omid Mirzaei, Roman Vasilenko, Engin Kirda, Long Lu, and Amin Kharraz. SCRUTINIZER: detecting code reuse in malware via decompilation and machine learning. In Leyla Bilge, Lorenzo Cavallaro, Giancarlo Pellegrino, and Nuno Neves, editors, Detection of Intrusions and Malware, and Vulnerability Assessment - 18th International Conference, DIMVA 2021, Virtual Event, July 14-16, 2021, Proceedings, volume 12756 of Lecture Notes in Computer Science, pages 130-150. Springer, 2021. URL: https://doi.org/10.1007/978-3-030-80825-9_7.
  49. Kazuhiro Nakamura and Nagisa Ishiura. Random testing of C compilers based on test program generation by equivalence transformation. In 2016 IEEE Asia Pacific Conference on Circuits and Systems, APCCAS 2016, Jeju, South Korea, October 25-28, 2016, pages 676-679. IEEE, 2016. URL: https://doi.org/10.1109/APCCAS.2016.7804063.
  50. National Security Agency. Ghidra - reverse software engineering framework, 2025. Accessed: 2025-04-25. URL: https://ghidra-sre.org/.
  51. Oracle. The Java virtual machine instruction set, 2025. Accessed: 2025-04-25. URL: https://docs.oracle.com/javase/specs/jvms/se24/html/jvms-6.html.
  52. Jihee Park, Sungho Lee, Jaemin Hong, and Sukyoung Ryu. Static analysis of JNI programs via binary decompilation. IEEE Trans. Software Eng., 49(5):3089-3105, 2023. URL: https://doi.org/10.1109/TSE.2023.3241639.
  53. PNF Software. JEB3, 2013. Accessed: 2025-04-25. URL: https://www.pnfsoftware.com/blog/category/jeb3/.
  54. Bernardo Quintero. From assistant to analyst: The power of Gemini 1.5 Pro for malware analysis, 2024. Accessed: 2025-04-25. URL: https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis.
  55. Pemma Reiter, Hui Jun Tay, Westley Weimer, Adam Doupé, Ruoyu Wang, and Stephanie Forrest. Automatically mitigating vulnerabilities in x86 binary programs via partially recompilable decompilation. CoRR, abs/2202.12336, 2022. URL: https://arxiv.org/abs/2202.12336.
  56. Mayank Sharma, Pingshi Yu, and Alastair F. Donaldson. RustSmith: Random differential compiler testing for rust. In René Just and Gordon Fraser, editors, Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023, Seattle, WA, USA, July 17-21, 2023, pages 1483-1486. ACM, 2023. URL: https://doi.org/10.1145/3597926.3604919.
  57. Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Krügel, and Giovanni Vigna. SOK: (state of) the art of war: Offensive techniques in binary analysis. In IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016, pages 138-157. IEEE Computer Society, 2016. URL: https://doi.org/10.1109/SP.2016.17.
  58. Robert Tarjan. Depth-first search and linear graph algorithms. SIAM Journal on Computing, 1(2):146-160, 1972. URL: https://doi.org/10.1137/0201010.
  59. Daniel Votipka, Seth M. Rabin, Kristopher K. Micinski, Jeffrey S. Foster, and Michelle L. Mazurek. An observational investigation of reverse engineers' processes. In Srdjan Capkun and Franziska Roesner, editors, 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, pages 1875-1892. USENIX Association, 2020. Accessed: 2025-04-25. URL: https://www.usenix.org/system/files/sec20-votipka-observational.pdf.
  60. Pei Wang, Qinkun Bao, Li Wang, Shuai Wang, Zhaofeng Chen, Tao Wei, and Dinghao Wu. Software protection on the go: a large-scale empirical study on mobile app obfuscation. In Michel Chaudron, Ivica Crnkovic, Marsha Chechik, and Mark Harman, editors, Proceedings of the 40th International Conference on Software Engineering, ICSE 2018, Gothenburg, Sweden, May 27 - June 03, 2018, pages 26-36. ACM, 2018. URL: https://doi.org/10.1145/3180155.3180169.
  61. Qian Wang and Ralf Jung. Rustlantis: Randomized differential testing of the Rust compiler. Proc. ACM Program. Lang., 8(OOPSLA2):1955-1981, 2024. URL: https://doi.org/10.1145/3689780.
  62. Mingyuan Wu, Minghai Lu, Heming Cui, Junjie Chen, Yuqun Zhang, and Lingming Zhang. JITfuzz: Coverage-guided fuzzing for JVM just-in-time compilers. In 45th IEEE/ACM International Conference on Software Engineering, ICSE 2023, Melbourne, Australia, May 14-20, 2023, pages 56-68. IEEE, 2023. URL: https://doi.org/10.1109/ICSE48619.2023.00017.
  63. Chunqiu Steven Xia, Matteo Paltenghi, Jia Le Tian, Michael Pradel, and Lingming Zhang. Fuzz4All: Universal fuzzing with large language models. In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, ICSE 2024, Lisbon, Portugal, April 14-20, 2024, pages 126:1-126:13. ACM, 2024. URL: https://doi.org/10.1145/3597503.3639121.
  64. Khaled Yakdan, Sergej Dechand, Elmar Gerhards-Padilla, and Matthew Smith. Helping Johnny to analyze malware: A usability-optimized decompiler and malware analysis user study. In IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016, pages 158-177. IEEE Computer Society, 2016. URL: https://doi.org/10.1109/SP.2016.18.
  65. Khaled Yakdan, Sebastian Eschweiler, Elmar Gerhards-Padilla, and Matthew Smith. No more gotos: Decompilation using pattern-independent control-flow structuring and semantic-preserving transformations. In 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, February 8-11, 2015. The Internet Society, 2015. Accessed: 2025-04-25. URL: https://www.ndss-symposium.org/wp-content/uploads/2017/09/11_4_2.pdf.
  66. Andrey Yakovlev, Mohammad R. Haghighat, and Dmitry Khukhro. AzulSystems/JavaFuzzer, 2018. Accessed: 2025-04-25. URL: https://github.com/AzulSystems/JavaFuzzer.
  67. Chenyuan Yang, Yinlin Deng, Runyu Lu, Jiayi Yao, Jiawei Liu, Reyhaneh Jabbarvand, and Lingming Zhang. Whitefox: White-box compiler fuzzing empowered by large language models. Proc. ACM Program. Lang., 8(OOPSLA2):709-735, 2024. URL: https://doi.org/10.1145/3689736.
  68. Xuejun Yang, Yang Chen, Eric Eide, and John Regehr. Finding and understanding bugs in C compilers. In Mary W. Hall and David A. Padua, editors, Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, San Jose, CA, USA, June 4-8, 2011, pages 283-294. ACM, 2011. URL: https://doi.org/10.1145/1993498.1993532.
  69. Zhiqiang Zang, Nathan Wiatrek, Milos Gligoric, and August Shi. Compiler testing using template java programs. In 37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022, Rochester, MI, USA, October 10-14, 2022, pages 23:1-23:13. ACM, 2022. URL: https://doi.org/10.1145/3551349.3556958.
  70. Qirun Zhang, Chengnian Sun, and Zhendong Su. Skeletal program enumeration for rigorous compiler testing. In Albert Cohen and Martin T. Vechev, editors, Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18-23, 2017, pages 347-361. ACM, 2017. URL: https://doi.org/10.1145/3062341.3062379.
  71. Muqi Zou, Arslan Khan, Ruoyu Wu, Han Gao, Antonio Bianchi, and Dave (Jing) Tian. D-Helix: A generic decompiler testing framework using symbolic differentiation. In Davide Balzarotti and Wenyuan Xu, editors, 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association, 2024. Accessed: 2025-04-25. URL: https://www.usenix.org/system/files/usenixsecurity24-zou.pdf.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2025 Schloss Dagstuhl – LZI GmbH About DROPS Imprint Privacy Contact