{"id":"https://openalex.org/W4411523103","doi":"https://doi.org/10.1145/3728877","title":"FreeWavm: Enhanced WebAssembly Runtime Fuzzing Guided by Parse Tree Mutation and Snapshot","display_name":"FreeWavm: Enhanced WebAssembly Runtime Fuzzing Guided by Parse Tree Mutation and Snapshot","publication_year":2025,"publication_date":"2025-06-22","ids":{"openalex":"https://openalex.org/W4411523103","doi":"https://doi.org/10.1145/3728877"},"language":"en","primary_location":{"id":"doi:10.1145/3728877","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3728877","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5045238792","display_name":"Peng Qian","orcid":"https://orcid.org/0000-0003-4934-5811"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Peng Qian","raw_affiliation_strings":["Zhejiang University, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4934-5811","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hang Zhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085698927","display_name":"Xinlei Ying","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xinlei Ying","raw_affiliation_strings":["Ant Group, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0009-0007-2082-863X","affiliations":[{"raw_affiliation_string":"Ant Group, Hang Zhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013592416","display_name":"Jiashui Wang","orcid":"https://orcid.org/0009-0005-3100-0534"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiashui Wang","raw_affiliation_strings":["Zhejiang University, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0009-0005-3100-0534","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hang Zhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103395885","display_name":"Long Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Long Liu","raw_affiliation_strings":["Ant Group, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0009-0000-5032-8475","affiliations":[{"raw_affiliation_string":"Ant Group, Hang Zhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071760909","display_name":"L. Q. Zhang","orcid":"https://orcid.org/0000-0002-5647-506X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lun Zhang","raw_affiliation_strings":["GoPlus Security, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0000-0002-5647-506X","affiliations":[{"raw_affiliation_string":"GoPlus Security, Hang Zhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101505891","display_name":"Jianhai Chen","orcid":"https://orcid.org/0000-0003-3524-3443"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianhai Chen","raw_affiliation_strings":["Zhejiang University, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0000-0003-3524-3443","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hang Zhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101438463","display_name":"Qinming He","orcid":"https://orcid.org/0000-0001-5147-7253"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qinming He","raw_affiliation_strings":["Zhejiang University, Hang Zhou, China"],"raw_orcid":"https://orcid.org/0000-0001-5147-7253","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hang Zhou, China","institution_ids":["https://openalex.org/I76130692"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5045238792"],"corresponding_institution_ids":["https://openalex.org/I76130692"],"apc_list":null,"apc_paid":null,"fwci":1.8704,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.85614105,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"2","issue":"ISSTA","first_page":"159","last_page":"181"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9890999794006348,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9128599166870117},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7964845299720764},{"id":"https://openalex.org/keywords/parsing","display_name":"Parsing","score":0.6551072001457214},{"id":"https://openalex.org/keywords/parse-tree","display_name":"Parse tree","score":0.6042463779449463},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.48859578371047974},{"id":"https://openalex.org/keywords/bytecode","display_name":"Bytecode","score":0.4779129922389984},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3227683901786804},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.11198616027832031},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.10300254821777344}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9128599166870117},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7964845299720764},{"id":"https://openalex.org/C186644900","wikidata":"https://www.wikidata.org/wiki/Q194152","display_name":"Parsing","level":2,"score":0.6551072001457214},{"id":"https://openalex.org/C2781466058","wikidata":"https://www.wikidata.org/wiki/Q627921","display_name":"Parse tree","level":3,"score":0.6042463779449463},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.48859578371047974},{"id":"https://openalex.org/C2779818221","wikidata":"https://www.wikidata.org/wiki/Q837330","display_name":"Bytecode","level":3,"score":0.4779129922389984},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3227683901786804},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.11198616027832031},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.10300254821777344}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3728877","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3728877","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1823953618","display_name":null,"funder_award_id":"2023YFB3105904","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G3948800021","display_name":null,"funder_award_id":"2025C01084","funder_id":"https://openalex.org/F8142712028","funder_display_name":"Key Research and Development Program of Zhejiang Province"}],"funders":[{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null},{"id":"https://openalex.org/F8142712028","display_name":"Key Research and Development Program of Zhejiang Province","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W2911270308","https://openalex.org/W3015365135","https://openalex.org/W3112572460","https://openalex.org/W3155555003","https://openalex.org/W3173485235","https://openalex.org/W3180202404","https://openalex.org/W3214439093","https://openalex.org/W4205596332","https://openalex.org/W4210812548","https://openalex.org/W4254278382","https://openalex.org/W4281769038","https://openalex.org/W4284696121","https://openalex.org/W4294658816","https://openalex.org/W4308609440","https://openalex.org/W4309222877","https://openalex.org/W4316661173","https://openalex.org/W4320057486","https://openalex.org/W4362466275","https://openalex.org/W4367310383","https://openalex.org/W4367311140","https://openalex.org/W4376607756","https://openalex.org/W4378591002","https://openalex.org/W4384155735","https://openalex.org/W4384304801","https://openalex.org/W4384347367","https://openalex.org/W4385152093","https://openalex.org/W4386569390","https://openalex.org/W4387674220","https://openalex.org/W4389162688","https://openalex.org/W4391974543","https://openalex.org/W4394769544","https://openalex.org/W4394798706","https://openalex.org/W4399668136","https://openalex.org/W4400909786","https://openalex.org/W4400910398","https://openalex.org/W4402443087","https://openalex.org/W4403537015","https://openalex.org/W4406738193"],"related_works":["https://openalex.org/W4294658816","https://openalex.org/W1889284597","https://openalex.org/W4241431292","https://openalex.org/W1500443504","https://openalex.org/W2070229111","https://openalex.org/W2156734947","https://openalex.org/W1994666727","https://openalex.org/W1598565505","https://openalex.org/W4244248952","https://openalex.org/W2177718015"],"abstract_inverted_index":{"WebAssembly,":[0],"recognized":[1],"as":[2,14,16,21,59],"a":[3,22,106,122,144,166,173],"low-level":[4],"and":[5,18,30,63,92,187,228],"portable":[6],"language,":[7],"has":[8,47,260],"been":[9,48],"widely":[10],"embraced":[11],"in":[12,32,53,112,172,183,253],"areas":[13],"diverse":[15],"browsers":[17],"blockchains,":[19],"emerging":[20],"revolutionary":[23],"force":[24],"for":[25,125,160],"Internet":[26],"evolution.":[27],"Unfortunately,":[28],"defects":[29],"flaws":[31],"WebAssembly":[33,41,54,79,107,127,135,141,161,242,254],"runtimes":[34,128],"bring":[35],"about":[36],"unexpected":[37],"results":[38,245],"when":[39],"running":[40],"applications.":[42],"A":[43],"family":[44],"of":[45,78,86,134,152,197,220,267],"solutions":[46],"proposed":[49],"to":[50,74,99,178,210,224,237],"detect":[51],"vulnerabilities":[52],"runtimes,":[55,80,255],"with":[56,205],"fuzzing":[57,69,126,231],"surging":[58],"the":[60,75,87,102,132,140,184,195,198,212,229],"most":[61],"promising":[62],"persuasive":[64],"approach.":[65],"Despite":[66],"its":[67,110],"potential,":[68],"faces":[70],"significant":[71],"challenges":[72],"due":[73],"grammatical":[76],"complexity":[77],"which":[81,268],"lacks":[82],"an":[83,206],"in-depth":[84],"understanding":[85],"unique":[88],"Module-based":[89],"code":[90,153],"structure,":[91],"thus":[93,272],"generates":[94],"test":[95,158,200],"inputs":[96,159],"that":[97,148,170,247],"struggle":[98],"tap":[100],"into":[101,143],"deep":[103],"logic":[104],"within":[105],"runtime,":[108],"limiting":[109],"effectiveness":[111],"unveiling":[113],"vulnerabilities.":[114],"To":[115,155,193],"bridge":[116],"this":[117],"gap,":[118],"we":[119,138,164,217],"introduce":[120],"FreeWavm,":[121],"novel":[123],"framework":[124],"by":[129],"aggressively":[130],"mutating":[131],"structure":[133,191],"code.":[136],"Technically,":[137],"transform":[139],"bytecode":[142],"parse":[145,185,214,221],"tree":[146,222],"format":[147],"captures":[149],"complex":[150],"characteristics":[151],"structure.":[154],"generate":[156],"meaningful":[157],"runtime":[162],"fuzzing,":[163],"design":[165],"structure-aware":[167],"mutation":[168],"module":[169],"engages":[171],"customized":[174],"node":[175],"prioritization":[176],"strategy":[177],"screen":[179],"out":[180],"interesting":[181],"nodes":[182],"tree,":[186],"then":[188],"applies":[189],"specific":[190],"mutations.":[192],"ensure":[194],"validity":[196],"mutated":[199,213],"inputs,":[201],"FreeWavm":[202,239,248,259],"is":[203],"equipped":[204],"automated":[207],"repair":[208],"mechanism":[209],"patch":[211],"tree.":[215],"Furthermore,":[216],"take":[218],"advantage":[219],"snapshots":[223],"facilitate":[225],"input":[226],"evolution":[227],"overall":[230],"process.":[232],"Extensive":[233],"experiments":[234],"are":[235,269],"conducted":[236],"evaluate":[238],"on":[240],"multiple":[241],"runtimes.":[243],"Empirical":[244],"show":[246],"effectively":[249],"triggers":[250],"structure-specific":[251],"crashes":[252],"outperforming":[256],"other":[257],"counterparts.":[258],"identified":[261],"69":[262],"previously":[263],"unknown":[264],"bugs,":[265],"24":[266],"assigned":[270],"CVEs":[271],"far.":[273]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}