2962                                                       软件学报  2025  年第  36  卷第  7  期


                     of Software, 2025, 36(1): 399–423 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/7048.htm [doi: 10.13328/j.cnki.
                     jos.007048]
                 [22]  Even-Mendoza K, Sharma A, Donaldson AF, Cadar C. GrayC: Greybox fuzzing of compilers and analysers for C. In: Proc. of the 32nd
                     ACM SIGSOFT Int’l Symp. on Software Testing and Analysis. Seattle: ACM, 2023. 1219–1231. [doi: 10.1145/3597926.3598130]
                 [23]  Srivastava P, Payer M. Gramatron: Effective grammar-aware fuzzing. In: Proc. of the 30th ACM SIGSOFT Int’l Symp. on Software
                     Testing and Analysis. ACM, 2021. 244–256. [doi: 10.1145/3460319.3464814]
                 [24]  Parr TJ, Quong RW. ANTLR: A predicated-LL(k) parser generator. Software: Practice and Experience, 1995, 25(7): 789–810. [doi: 10.
                     1002/spe.4380250705]
                 [25]  Max Brunsfeld. Tree-sitter. 2024. https://tree-sitter.github.io/tree-sitter/
                 [26]  Bünder H. Decoupling language and editor-the impact of the language server protocol on textual domain-specific languages. In: Proc. of
                     the  7th  Int’l  Conf.  on  Model-Driven  Engineering  and  Software  Development.  Prague:  ScitePress,  2019.  129–140.  [doi:  10.5220/
                     0007556301290140]
                 [27]  Miller BP, Fredriksen L, So B. An empirical study of the reliability of UNIX utilities. Communications of the ACM, 1990, 33(12): 32–44.
                     [doi: 10.1145/96267.96279]
                 [28]  Yun I, Lee S, Xu M, Jang Y, Kim T. QSYM: A practical concolic execution engine tailored for hybrid fuzzing. In: Proc. of the 27th
                     USENIX Conf. on Security Symp. Baltimore: USENIX Association, 2018. 745–761.
                 [29]  Chen P, Liu JZ, Chen H. Matryoshka: Fuzzing deeply nested branches. In: Proc. of the 2019 ACM SIGSAC Conf. on Computer and
                     Communications Security. London: ACM, 2019. 499–513. [doi: 10.1145/3319535.3363225]
                 [30]  Aschermann C, Schumilo S, Blazytko T, Gawlik R, Holz T. Redqueen: Fuzzing with input-to-state correspondence. In: Proc. of the 26th
                     Network and Distributed System Security Symp. 2019. [doi: 10.14722/ndss.2019.23371]
                 [31]  Lyu CY, Ji SL, Zhang C, Li YW, Lee WH, Song Y, Beyah R. MOPT: Optimized mutation scheduling for fuzzers. In: Proc. of the 28th
                     USENIX Conf. on Security Symp. Santa Clara: USENIX Association, 2019. 1949–1966.
                 [32]  Chen YQ, Schwahn O, Natella R, Bradbury M, Suri N. SlowCoach: Mutating code to simulate performance bugs. In: Proc. of the 33rd
                     IEEE Int’l Symp. on Software Reliability Engineering. Charlotte: IEEE, 2022. 274–285. [doi: 10.1109/ISSRE55969.2022.00035]
                 [33]  Blair W, Mambretti A, Arshad S, Weissbacher M, Robertson W, Kirda E, Egele M. HotFuzz: Discovering algorithmic denial-of-service
                     vulnerabilities through guided micro-fuzzing. In: Proc. of the 27th Network and Distributed System Security Symp. San Diego: NDSS,
                     2020. 1–18. [doi: 10.14722/ndss.2020.24415]
                 [34]  Wen C, Wang HJ, Li YK, Qin SC, Liu Y, Xu ZW, Chen HX, Xie XF, Pu GG, Liu T. MemLock: Memory usage guided fuzzing. In: Proc.
                     of the 42nd Int’l Conf. on Software Engineering. Seoul: ACM, 2020. 765–777. [doi: 10.1145/3377811.3380396]
                 [35]  Atlidakis V, Geambasu R, Godefroid P, Polishchuk M, Ray B. Pythia: Grammar-based fuzzing of REST APIs with coverage-guided
                     feedback and learning-based mutations. arXiv:2005.11498, 2020.
                 [36]  Wei JY, Chen J, Feng Y, Ferles K, Dillig I. Singularity: Pattern fuzzing for worst case complexity. In: Proc. of the 26th ACM Joint
                     Meeting on European Software Engineering Conf. and Symp. on the Foundations of Software Engineering. Lake Buena Vista: ACM,
                     2018. 213–223. [doi: 10.1145/3236024.3236039]
                 [37]  She DD, Pei KX, Epstein D, Yang JF, Ray B, Jana S. Neuzz: Efficient fuzzing with neural program smoothing. In: Proc. of the 2019
                     IEEE Symp. on Security and Privacy. San Francisco: IEEE, 2019. 803–817. [doi: 10.1109/SP.2019.00052]
                 [38]  She DD, Krishna R, Yan L, Jana S, Ray B. MTFuzz: Fuzzing with a multi-task neural network. In: Proc. of the 28th ACM Joint Meeting
                     on European Software Engineering Conf. and Symp. on the Foundations of Software Engineering. ACM, 2020. 737–749. [doi: 10.1145/
                     3368089.3409723]
                 [39]  Godefroid  P,  Peleg  H,  Singh  R.  Learn&Fuzz:  Machine  learning  for  input  fuzzing.  In:  Proc.  of  the  32nd  IEEE/ACM  Int’l  Conf.  on
                     Automated Software Engineering. Urbana-Champaign: IEEE, 2017. 50–59.
                 [40]  Liu X, Li XT, Prajapati R, Wu DH. DeepFuzz: Automatic generation of syntax valid C programs for fuzz testing. In: Proc. of the 33rd
                     AAAI Conf. on Artificial Intelligence. Honolulu: AAAI, 2019. 1044–1051. [doi: 10.1609/aaai.v33i01.33011044]
                 [41]  Zong PY, Lv T, Wang DW, Deng ZZ, Liang RG, Chen K. FuzzGuard: Filtering out unreachable inputs in directed grey-box fuzzing
                     through deep learning. In: Proc. of the 29th USENIX Conf. on Security Symp. USENIX Association, 2020. 127.
                 [42]  Li  YK,  Xue  YX,  Chen  HX,  Wu  XH,  Zhang  C,  Xie  XF,  Wang  HJ,  Liu  Y.  Cerebro:  Context-aware  adaptive  fuzzing  for  effective
                     vulnerability detection. In: Proc. of the 27th ACM Joint Meeting on European Software Engineering Conf. and Symp. on the Foundations
                     of Software Engineering. Tallinn: ACM, 2019. 533–544. [doi: 10.1145/3338906.3338975]
                 [43]  Guo R. MongoDB’s JavaScript Fuzzer: The fuzzer is for those edge cases that your testing didn’t catch. Queue, 2017, 15(1): 38–56. [doi: