{"id":"https://openalex.org/W7131296635","doi":"https://doi.org/10.48550/arxiv.2602.18689","title":"Automatic, Expressive, and Scalable Fuzzing with Stitching","display_name":"Automatic, Expressive, and Scalable Fuzzing with Stitching","publication_year":2026,"publication_date":"2026-02-21","ids":{"openalex":"https://openalex.org/W7131296635","doi":"https://doi.org/10.48550/arxiv.2602.18689"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.18689","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5126708206","display_name":"Harrison Green","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Green, Harrison","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003256269","display_name":"Fraser Brown","orcid":"https://orcid.org/0009-0006-6601-7317"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Brown, Fraser","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"Goues, Claire Le","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Goues, Claire Le","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5126708206"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.6661999821662903,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.6661999821662903,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.30070000886917114,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10533","display_name":"Teaching and Learning Programming","score":0.005100000184029341,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9768000245094299},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6173999905586243},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.48399999737739563},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.4343000054359436},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.3898000121116638},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.3650999963283539},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.35339999198913574},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.352400004863739},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.34610000252723694},{"id":"https://openalex.org/keywords/image-stitching","display_name":"Image stitching","score":0.34470000863075256}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9768000245094299},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8141999840736389},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.6205999851226807},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6173999905586243},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.48399999737739563},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.4343000054359436},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.3898000121116638},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.3650999963283539},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.35339999198913574},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.352400004863739},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.34610000252723694},{"id":"https://openalex.org/C29081049","wikidata":"https://www.wikidata.org/wiki/Q1364242","display_name":"Image stitching","level":2,"score":0.34470000863075256},{"id":"https://openalex.org/C2781238097","wikidata":"https://www.wikidata.org/wiki/Q175026","display_name":"Object (grammar)","level":2,"score":0.314300000667572},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.31360000371932983},{"id":"https://openalex.org/C2777062904","wikidata":"https://www.wikidata.org/wiki/Q545406","display_name":"Toolchain","level":3,"score":0.30970001220703125},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.30320000648498535},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.2957000136375427},{"id":"https://openalex.org/C73752529","wikidata":"https://www.wikidata.org/wiki/Q79872","display_name":"Object-oriented programming","level":2,"score":0.29030001163482666},{"id":"https://openalex.org/C20574231","wikidata":"https://www.wikidata.org/wiki/Q844605","display_name":"Backward compatibility","level":2,"score":0.29019999504089355},{"id":"https://openalex.org/C116253237","wikidata":"https://www.wikidata.org/wiki/Q1437424","display_name":"Formal specification","level":2,"score":0.27959999442100525},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.2761000096797943},{"id":"https://openalex.org/C52723943","wikidata":"https://www.wikidata.org/wiki/Q1127410","display_name":"Serialization","level":2,"score":0.2750999927520752},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.27469998598098755},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.27379998564720154},{"id":"https://openalex.org/C2780992000","wikidata":"https://www.wikidata.org/wiki/Q17016113","display_name":"Generator (circuit theory)","level":3,"score":0.2734000086784363},{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.26969999074935913},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.25940001010894775},{"id":"https://openalex.org/C2780767217","wikidata":"https://www.wikidata.org/wiki/Q5532421","display_name":"Generality","level":2,"score":0.2574999928474426},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.25609999895095825},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.25029999017715454}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.18689","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.18689","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.18689","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.18689","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Fuzzing":[0],"is":[1],"a":[2,60,70,87,113,147],"powerful":[3],"technique":[4,61],"for":[5,144,195],"finding":[6],"bugs":[7,179,212],"in":[8,67,136],"software":[9],"libraries,":[10],"but":[11],"scaling":[12],"it":[13,167],"remains":[14],"difficult.":[15],"Automated":[16],"harness":[17,31],"generation":[18],"commits":[19],"to":[20,44,50,98,116,140,181],"fixed":[21],"API":[22,55,64,123],"sequences":[23,39],"at":[24,74],"synthesis":[25],"time,":[26],"limiting":[27],"the":[28,42,126,153,169,196],"behaviors":[29],"each":[30],"can":[32],"test.":[33],"Approaches":[34],"that":[35,62,69,125],"instead":[36],"explore":[37],"new":[38,211],"dynamically":[40,72],"lack":[41],"expressiveness":[43],"model":[45],"real-world":[46],"usage":[47,65],"constraints":[48,66,102],"leading":[49],"false":[51],"positives":[52],"from":[53],"straightforward":[54],"misuse.":[56],"We":[57,133,156],"propose":[58],"stitching,":[59],"encodes":[63],"pieces":[68],"fuzzer":[71,127],"assembles":[73],"runtime.":[75],"A":[76],"static":[77],"type":[78],"system":[79],"governs":[80],"how":[81],"objects":[82],"flow":[83],"between":[84],"blocks,":[85,95],"while":[86],"dynamically-checked":[88],"extrinsic":[89],"typestate":[90],"tracks":[91],"arbitrary":[92],"metadata":[93],"across":[94,213],"enabling":[96],"specifications":[97],"express":[99],"rich":[100],"semantic":[101],"such":[103],"as":[104],"object":[105],"state":[106],"dependencies":[107],"and":[108,151,175],"cross-function":[109],"preconditions.":[110],"This":[111],"allows":[112],"single":[114],"specification":[115,154],"describe":[117],"an":[118],"open-ended":[119],"space":[120],"of":[121,217],"valid":[122],"interactions":[124],"explores":[128],"guided":[129],"by":[130,183],"coverage":[131,172],"feedback.":[132],"implement":[134],"stitching":[135],"STITCH,":[137],"using":[138],"LLMs":[139],"automatically":[141,201],"configure":[142],"projects":[143],"fuzzing,":[145],"synthesize":[146],"specification,":[148],"triage":[149],"crashes,":[150],"repair":[152],"itself.":[155],"evaluated":[157],"STITCH":[158,208],"against":[159],"four":[160],"state-of-the-art":[161],"tools":[162,186],"on":[163,173,202],"33":[164],"benchmarks,":[165],"where":[166],"achieved":[168],"highest":[170],"code":[171],"21":[174],"found":[176],"30":[177],"true-positive":[178],"compared":[180],"10":[182],"all":[184],"other":[185],"combined,":[187],"with":[188],"substantially":[189],"higher":[190],"precision":[191],"(70%":[192],"vs.":[193],"12%":[194],"next-best":[197],"LLM-based":[198],"tool).":[199],"Deployed":[200],"1365":[203],"widely":[204],"used":[205],"open-source":[206],"projects,":[207,215],"discovered":[209],"131":[210],"102":[214],"73":[216],"which":[218],"have":[219],"already":[220],"been":[221],"patched.":[222]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-02-25T00:00:00"}