{"id":"https://openalex.org/W4411523030","doi":"https://doi.org/10.1145/3728916","title":"ZTaint-Havoc: From Havoc Mode to Zero-Execution Fuzzing-Driven Taint Inference","display_name":"ZTaint-Havoc: From Havoc Mode to Zero-Execution Fuzzing-Driven Taint Inference","publication_year":2025,"publication_date":"2025-06-22","ids":{"openalex":"https://openalex.org/W4411523030","doi":"https://doi.org/10.1145/3728916"},"language":"en","primary_location":{"id":"doi:10.1145/3728916","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3728916","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3728916","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102576945","display_name":"Yuchong Xie","orcid":"https://orcid.org/0009-0008-0436-8183"},"institutions":[{"id":"https://openalex.org/I200769079","display_name":"Hong Kong University of Science and Technology","ror":"https://ror.org/00q4vv597","country_code":"HK","type":"education","lineage":["https://openalex.org/I200769079"]}],"countries":["HK"],"is_corresponding":true,"raw_author_name":"Yuchong Xie","raw_affiliation_strings":["Hong Kong University of Science and Technology, Hong Kong, China"],"raw_orcid":"https://orcid.org/0009-0008-0436-8183","affiliations":[{"raw_affiliation_string":"Hong Kong University of Science and Technology, Hong Kong, China","institution_ids":["https://openalex.org/I200769079"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Wenhui Zhang","orcid":"https://orcid.org/0009-0004-5231-7736"},"institutions":[{"id":"https://openalex.org/I16609230","display_name":"Hunan University","ror":"https://ror.org/05htk5m33","country_code":"CN","type":"education","lineage":["https://openalex.org/I16609230"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenhui Zhang","raw_affiliation_strings":["Hunan University, Changsha, China"],"raw_orcid":"https://orcid.org/0009-0004-5231-7736","affiliations":[{"raw_affiliation_string":"Hunan University, Changsha, China","institution_ids":["https://openalex.org/I16609230"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048358055","display_name":"Dongdong She","orcid":"https://orcid.org/0000-0001-6655-0468"},"institutions":[{"id":"https://openalex.org/I200769079","display_name":"Hong Kong University of Science and Technology","ror":"https://ror.org/00q4vv597","country_code":"HK","type":"education","lineage":["https://openalex.org/I200769079"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Dongdong She","raw_affiliation_strings":["Hong Kong University of Science and Technology, Hong Kong, China"],"raw_orcid":"https://orcid.org/0000-0001-6655-0468","affiliations":[{"raw_affiliation_string":"Hong Kong University of Science and Technology, Hong Kong, China","institution_ids":["https://openalex.org/I200769079"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5102576945"],"corresponding_institution_ids":["https://openalex.org/I200769079"],"apc_list":null,"apc_paid":null,"fwci":4.2517,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.93429325,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":"2","issue":"ISSTA","first_page":"917","last_page":"939"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9940999746322632,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.94686359167099},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8130239248275757},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.6379491090774536},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5430391430854797},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.5071239471435547},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.42277759313583374},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3176873028278351},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2322055697441101},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.13729983568191528}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.94686359167099},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8130239248275757},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.6379491090774536},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5430391430854797},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.5071239471435547},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.42277759313583374},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3176873028278351},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2322055697441101},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.13729983568191528}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3728916","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3728916","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"},{"id":"pmh:oai:repository.hkust.edu.hk:1783.1-148116","is_oa":false,"landing_page_url":"http://repository.hkust.edu.hk/ir/Record/1783.1-148116","pdf_url":null,"source":{"id":"https://openalex.org/S4306401796","display_name":"Rare & Special e-Zone (The Hong Kong University of Science and Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200769079","host_organization_name":"Hong Kong University of Science and Technology","host_organization_lineage":["https://openalex.org/I200769079"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference paper"}],"best_oa_location":{"id":"doi:10.1145/3728916","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3728916","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.44999998807907104,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W1976878954","https://openalex.org/W2138428785","https://openalex.org/W2535617737","https://openalex.org/W2574017551","https://openalex.org/W2613534458","https://openalex.org/W2766540688","https://openalex.org/W2768013588","https://openalex.org/W2795192879","https://openalex.org/W2804093830","https://openalex.org/W2808820334","https://openalex.org/W2954292831","https://openalex.org/W2964241064","https://openalex.org/W2985896598","https://openalex.org/W3008477014","https://openalex.org/W3015384571","https://openalex.org/W3136918966","https://openalex.org/W3194771370","https://openalex.org/W4205689130","https://openalex.org/W4282566073","https://openalex.org/W4284694822","https://openalex.org/W4284704973","https://openalex.org/W4284706927","https://openalex.org/W4288057797","https://openalex.org/W4289038676","https://openalex.org/W4313563646","https://openalex.org/W4365806382","https://openalex.org/W4378591002","https://openalex.org/W4384347367","https://openalex.org/W4385301230","https://openalex.org/W4388867283","https://openalex.org/W4388867344","https://openalex.org/W4391579642","https://openalex.org/W4394745749","https://openalex.org/W4402406945","https://openalex.org/W6737694244"],"related_works":["https://openalex.org/W4282010060","https://openalex.org/W4225847901","https://openalex.org/W2008592783","https://openalex.org/W2179304688","https://openalex.org/W2004278744","https://openalex.org/W2159690530","https://openalex.org/W2107510936","https://openalex.org/W2912063542","https://openalex.org/W2027779752","https://openalex.org/W2130675906"],"abstract_inverted_index":{"Fuzzing":[0],"is":[1,15,56,226],"a":[2,35,57,83,96,103,115,129,165,209,248],"popular":[3],"software":[4],"testing":[5],"technique":[6,60],"for":[7,65],"discovering":[8],"vulnerabilities.":[9],"A":[10],"central":[11],"problem":[12],"in":[13,34,82,108,299],"fuzzing":[14,263],"identifying":[16],"hot":[17,32,63,80,202],"bytes":[18,33,64,81,203],"that":[19,102,136,148,170,224,273],"can":[20,26,111,152],"influence":[21],"program":[22,71,74,92,121,175,240],"behavior.":[23],"Taint":[24,53],"analysis":[25],"track":[27,62],"the":[28,69,133,149,192,201,214,230,253],"data":[29],"flow":[30],"of":[31,73,132,182,217,256,294],"white-box":[36],"fashion,":[37],"but":[38],"it":[39,225],"often":[40],"suffers":[41],"from":[42],"stability":[43],"issues":[44],"and":[45,77,94,158,186,266,284,296],"cannot":[46],"run":[47],"on":[48,143,184,188,252,261,282,286],"large":[49,97],"real-world":[50],"programs.":[51],"Fuzzing-Driven":[52],"Inference":[54],"(FTI)":[55],"simple":[58],"black-box":[59,84],"to":[61,212,228,233,280],"fuzzing.":[66],"It":[67],"monitors":[68],"dynamic":[70],"behaviors":[72],"execution":[75],"instances":[76],"further":[78,243],"infers":[79],"fashion.":[85],"However,":[86],"this":[87,124,144],"method":[88],"requires":[89],"additional":[90,120,174,239],"O(N)":[91],"executions":[93],"incurs":[95,178],"runtime":[98],"overhead.":[99],"We":[100,207,242,258],"observe":[101],"widely":[104],"used":[105],"mutation":[106,140,198],"scheme":[107],"fuzzing--havoc":[109],"mode":[110,135,151,232,255],"be":[112],"adapted":[113],"into":[114],"lightweight":[116],"FTI":[117,155,167,236],"with":[118,291],"zero":[119],"execution.":[122,176,241],"In":[123,191],"work,":[125],"we":[126,146,163,194],"first":[127],"present":[128],"computational":[130,215],"model":[131,216],"havoc":[134,150,218,231,254],"formally":[137],"describes":[138],"its":[139],"process.":[141],"Based":[142],"model,":[145],"show":[147,272],"simultaneously":[153],"launch":[154],"while":[156],"generating":[157],"executing":[159],"new":[160],"testcases.":[161],"Further,":[162],"propose":[164],"novel":[166],"called":[168],"ZTaint-Havoc":[169,177,250,260,274],"doesn't":[171],"need":[172],"any":[173,238],"minimal":[179],"instrumentation":[180],"overhead":[181],"3.84%":[183],"UniBench":[185,287],"12.58%":[187],"FuzzBench,":[189],"respectively.":[190],"end,":[193],"give":[195],"an":[196,234],"effective":[197],"algorithm":[199],"using":[200],"identified":[204],"by":[205,278],"ZTaint-Havoc.":[206],"conduct":[208],"comprehensive":[210],"evaluation":[211,221,270],"investigate":[213],"mode.":[219],"Our":[220,268],"result":[222],"justifies":[223],"feasible":[227],"adapt":[229],"efficient":[235],"without":[237],"implement":[244],"our":[245],"approach":[246],"as":[247],"prototype":[249],"based":[251],"AFL++.":[257],"evaluate":[259],"two":[262],"datasets":[264],"FuzzBench":[265,283],"UniBench.":[267],"extensive":[269],"results":[271],"improves":[275],"edge":[276],"coverage":[277],"up":[279],"33.71%":[281],"51.12%":[285],"over":[288],"vanilla":[289],"AFL++,":[290],"average":[292],"improvements":[293],"2.97%":[295],"6.12%":[297],"respectively,":[298],"24-hour":[300],"campaigns.":[301]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}