{"id":"https://openalex.org/W4402457338","doi":"https://doi.org/10.1145/3650212.3680351","title":"Tacoma: Enhanced Browser Fuzzing with Fine-Grained Semantic Alignment","display_name":"Tacoma: Enhanced Browser Fuzzing with Fine-Grained Semantic Alignment","publication_year":2024,"publication_date":"2024-09-11","ids":{"openalex":"https://openalex.org/W4402457338","doi":"https://doi.org/10.1145/3650212.3680351"},"language":"en","primary_location":{"id":"doi:10.1145/3650212.3680351","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1145/3650212.3680351","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013592416","display_name":"Jiashui Wang","orcid":"https://orcid.org/0009-0005-3100-0534"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jiashui Wang","raw_affiliation_strings":["Zhejiang University, Hang Zhou, China / Ant Group, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0009-0005-3100-0534","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hang Zhou, China / Ant Group, Hang Zhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045238792","display_name":"Peng Qian","orcid":"https://orcid.org/0000-0003-4934-5811"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Peng Qian","raw_affiliation_strings":["Zhejiang University, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4934-5811","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hang Zhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107133586","display_name":"Xilin Huang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xilin Huang","raw_affiliation_strings":["Ant Group, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0009-0005-2681-869X","affiliations":[{"raw_affiliation_string":"Ant Group, Hang Zhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085698927","display_name":"Xinlei Ying","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xinlei Ying","raw_affiliation_strings":["Ant Group, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0009-0007-2082-863X","affiliations":[{"raw_affiliation_string":"Ant Group, Hang Zhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100378166","display_name":"Yan Chen","orcid":"https://orcid.org/0000-0003-4103-1498"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Chen","raw_affiliation_strings":["Northwestern University, Evanston, USA"],"raw_orcid":"https://orcid.org/0000-0003-4103-1498","affiliations":[{"raw_affiliation_string":"Northwestern University, Evanston, USA","institution_ids":["https://openalex.org/I111979921"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058611515","display_name":"Shouling Ji","orcid":"https://orcid.org/0000-0003-4268-372X"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shouling Ji","raw_affiliation_strings":["Zhejiang University, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4268-372X","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hang Zhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101505891","display_name":"Jianhai Chen","orcid":"https://orcid.org/0000-0003-3524-3443"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianhai Chen","raw_affiliation_strings":["Zhejiang University, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0000-0003-3524-3443","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hang Zhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114225208","display_name":"Jundong Xie","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jundong Xie","raw_affiliation_strings":["Ant Group, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0009-0009-2344-4898","affiliations":[{"raw_affiliation_string":"Ant Group, Hang Zhou, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103395885","display_name":"Long Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Long Liu","raw_affiliation_strings":["Ant Group, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0009-0000-5032-8475","affiliations":[{"raw_affiliation_string":"Ant Group, Hang Zhou, China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5013592416"],"corresponding_institution_ids":["https://openalex.org/I76130692"],"apc_list":null,"apc_paid":null,"fwci":1.3925,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.83830228,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1174","last_page":"1185"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9554226398468018},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8193355798721313},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.18123561143875122},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.07854995131492615}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9554226398468018},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8193355798721313},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.18123561143875122},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.07854995131492615}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3650212.3680351","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1145/3650212.3680351","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W2065948900","https://openalex.org/W2403389194","https://openalex.org/W2654868256","https://openalex.org/W2701225458","https://openalex.org/W2774510177","https://openalex.org/W2806746626","https://openalex.org/W2904932877","https://openalex.org/W2912568927","https://openalex.org/W2964203713","https://openalex.org/W2979357014","https://openalex.org/W3154106427","https://openalex.org/W3203052926","https://openalex.org/W3212134035","https://openalex.org/W4205596332","https://openalex.org/W4238083723","https://openalex.org/W4252407977","https://openalex.org/W4302621623","https://openalex.org/W4308642082","https://openalex.org/W4308643070","https://openalex.org/W4316661173","https://openalex.org/W4324345717","https://openalex.org/W4386569390","https://openalex.org/W4387735187","https://openalex.org/W4388867283","https://openalex.org/W4389162688","https://openalex.org/W4400909786"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W3203597304","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W4248424560","https://openalex.org/W3023977444","https://openalex.org/W4210660460"],"abstract_inverted_index":{"Browsers":[0],"are":[1],"responsible":[2],"for":[3,77,220],"managing":[4],"and":[5,63,91,169,185],"interpreting":[6],"the":[7,12,15,52,115,148,151],"diverse":[8],"data":[9],"coming":[10],"from":[11],"web.":[13],"Despite":[14],"considerable":[16],"efforts":[17],"of":[18,37,55,98,106,117,150,199],"developers,":[19],"however,":[20],"it":[21],"is":[22,104,137,206],"nearly":[23],"impossible":[24],"to":[25,43,139,159],"completely":[26],"eliminate":[27],"potential":[28],"vulnerabilities":[29],"in":[30,46,120,180,214],"such":[31],"complicated":[32],"software.":[33],"While":[34],"a":[35,72,85,88,118,122,130],"family":[36],"fuzzing":[38,74],"techniques":[39],"has":[40,192],"been":[41,202],"proposed":[42],"detect":[44],"flaws":[45],"web":[47,78],"browsers,":[48,165],"they":[49],"still":[50],"face":[51],"inherent":[53],"challenge":[54],"generating":[56,107],"test":[57,110,153],"inputs":[58],"with":[59,141],"low":[60],"semantic":[61,86,89,100],"correctness":[62],"poor":[64],"diversity.":[65],"In":[66,126],"this":[67],"paper,":[68],"we":[69],"propose":[70],"Tacoma,":[71],"novel":[73],"framework":[75],"tailored":[76],"browsers.":[79],"Tacoma":[80,103,136,161,175,191,210],"comprises":[81],"three":[82,163],"main":[83],"modules:":[84],"parser,":[87],"aligner,":[90],"an":[92],"input":[93,134],"generator.":[94],"By":[95],"taking":[96],"advantage":[97],"fine-grained":[99],"alignment":[101],"techniques,":[102],"capable":[105],"semantically":[108],"correct":[109],"inputs,":[111],"which":[112,200],"significantly":[113],"improve":[114],"probability":[116],"fuzzer":[119],"triggering":[121],"deep":[123],"browser":[124,178],"state.":[125],"particular,":[127],"by":[128],"integrating":[129],"scope-aware":[131],"strategy":[132],"into":[133],"generation,":[135,144],"able":[138],"deal":[140],"asynchronous":[142],"code":[143,183],"thereby":[145],"substantially":[146],"increasing":[147],"diversity":[149],"generated":[152],"inputs.":[154],"We":[155],"conduct":[156],"extensive":[157],"experiments":[158],"evaluate":[160],"on":[162],"production-level":[164],"i.e.,":[166],"Chromium,":[167],"Safari,":[168],"Firefox.":[170],"Empirical":[171],"results":[172],"demonstrate":[173],"that":[174,209,216],"outperforms":[176],"state-of-the-art":[177],"fuzzers":[179],"both":[181],"achieving":[182],"coverage":[184],"detecting":[186],"unique":[187],"crashes.":[188],"So":[189],"far,":[190],"identified":[193],"32":[194],"previously":[195],"unknown":[196],"bugs,":[197],"10":[198],"have":[201,217],"assigned":[203],"CVEs.":[204],"It":[205],"worth":[207],"noting":[208],"unearthed":[211],"two":[212],"bugs":[213],"Chromium":[215],"remained":[218],"undetected":[219],"ten":[221],"years.":[222]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}