Page 42 - 《软件学报》2025年第7期

P. 42

欧先飞等: 语义可感知的灰盒编译器模糊测试 2963

10.1145/3055301.3059007]
[44] Holler C, Herzig K, Zeller A. Fuzzing with code fragments. In: Proc. of the 21st USENIX Security Symp. Bellevue: USENIX
Association, 2012. 38.
[45] Veggalam S, Rawat S, Haller I, Bos H. IFuzzer: An evolutionary interpreter fuzzer using genetic programming. In: Proc. of the 21st
European Sym. on Research in Computer Security. Heraklion: Springer, 2016. 581–601. [doi: 10.1007/978-3-319-45744-4_29]
[46] Appelt D, Nguyen CD, Briand LC, Alshahwan N. Automated testing for SQL injection vulnerabilities: An input mutation approach. In:
Proc. of the 2014 ACM Int’l Symp. on Software Testing and Analysis. San Jose: ACM, 2014. 259–269. [doi: 10.1145/2610384.2610403]
[47] Wang JJ, Chen BH, Wei L, Liu Y. Skyfire: Data-driven seed generation for fuzzing. In: Proc. of IEEE Symp. on Security and Privacy.
San Jose: IEEE, 2017. 579–594. [doi: 10.1109/SP.2017.23]
[48] Aschermann C, Frassetto T, Holz T, Jauernig P, Sadeghi AR, Teuchert D. Nautilus: Fishing for deep bugs with grammars. In: Proc. of the
26th Network and Distributed System Security Symp. 2019. [doi: 10.14722/ndss.2019.23412]
[49] Groß S, Koch S, Bernhard L, Holz T, Johns M. Fuzzilli: Fuzzing for JavaScript JIT Compiler Vulnerabilities. In: Proc. of the 30th
Network and Distributed System Security Symp. San Diego: NDSS, 2023. 1–17. [doi: 10.14722/ndss.2023.24290]
[50] Blazytko T, Aschermann C, Schlögel M, Abbasi A, Schumilo S, Wörner S, Holz T. Grimoire: Synthesizing structure while fuzzing. In:
Proc. of the 28th USENIX Conf. on Security Symp. Santa Clara: USENIX Association, 2019. 1985–2002.
[51] Padhye R, Lemieux C, Sen K, Papadakis M, Le Traon Y. Semantic fuzzing with zest. In: Proc. of the 28th ACM SIGSOFT Int’l Symp. on
Software Testing and Analysis. Beijing: ACM, 2019. 329–340. [doi: 10.1145/3293882.3330576]
[52] Han H, Oh D, Cha SK. CodeAlchemist: Semantics-aware code generation to find vulnerabilities in JavaScript engines. In: Proc. of the
27th Network and Distributed System Security Symp. San Diego: NDSS, 2019. 1–15. [doi: 10.14722/ndss.2019.23263]
[53] Zhang QR, Sun CN, Su ZD. Skeletal program enumeration for rigorous compiler testing. In: Proc. of the 38th ACM SIGPLAN Conf. on
Programming Language Design and Implementation. Barcelona: ACM, 2017. 347–361. [doi: 10.1145/3062341.3062379]
[54] Xia XM, Feng Y. Detecting interpreter bugs via filling function calls in skeletal program enumeration. In: Proc. of the 34th IEEE Int’l
Symp. on Software Reliability Engineering. Florence: IEEE, 2023. 612–622. [doi: 10.1109/ISSRE59848.2023.00066]
[55] Zang ZQ, Wiatrek N, Gligoric M, Shi A. Compiler testing using template java programs. In: Proc. of the 37th IEEE/ACM Int’l Conf. on
Automated Software Engineering. Rochester: ACM, 2022. 23. [doi: 10.1145/3551349.3556958]
[56] Chen YT, Su T, Sun CN, Su ZD, Zhao JJ. Coverage-directed differential testing of JVM implementations. In: Proc. of the 37th ACM
SIGPLAN Conf. on Programming Language Design and Implementation. Santa Barbara: ACM, 2016. 85–99. [doi: 10.1145/2908080.
2908095]

附中文参考文献:
[21] 梁杰, 吴志镛, 符景洲, 朱娟, 姜宇, 孙家广. 数据库管理系统模糊测试技术研究综述. 软件学报, 2025, 36(1): 399–423. http://www.jos.
org.cn/1000-9825/7048.htm [doi: 10.13328/j.cnki.jos.007048]

欧先飞(1996－), 男, 博士生, CCF 学生会员, 主许畅(1977－), 男, 博士, 教授, 博士生导师, CCF
要研究领域为编译器测试. 高级会员, 主要研究领域为软件测试与分析, 自
适应软件系统.

蒋炎岩(1988－), 男, 博士, 副教授, CCF 高级会

员, 主要研究领域为系统软件, 软件自动化.

37 38 39 40 41 42 43 44 45 46 47