{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,13]],"date-time":"2025-10-13T01:00:47Z","timestamp":1760317247067,"version":"build-2065373602"},"reference-count":42,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100004912","name":"Sichuan University","doi-asserted-by":"publisher","award":["SCUSACXYD202401"],"award-info":[{"award-number":["SCUSACXYD202401"]}],"id":[{"id":"10.13039\/501100004912","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004829","name":"Sichuan Province Department of Science and Technology","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004829","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100012542","name":"Sichuan Provincial Science and Technology Support Program","doi-asserted-by":"publisher","award":["2024YFHZ0015"],"award-info":[{"award-number":["2024YFHZ0015"]}],"id":[{"id":"10.13039\/100012542","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Information and Software Technology"],"published-print":{"date-parts":[[2025,12]]},"DOI":"10.1016\/j.infsof.2025.107875","type":"journal-article","created":{"date-parts":[[2025,9,17]],"date-time":"2025-09-17T23:34:19Z","timestamp":1758152059000},"page":"107875","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Directed fuzzing based on path constraints and deviation path correction"],"prefix":"10.1016","volume":"188","author":[{"given":"Hongsheng","family":"Zuo","sequence":"first","affiliation":[]},{"given":"Yong","family":"Fang","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Jia","sequence":"additional","affiliation":[]},{"given":"Ximing","family":"Fan","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9299-5890","authenticated-orcid":false,"given":"Xi","family":"Peng","sequence":"additional","affiliation":[]},{"given":"YiJia","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Rui","family":"Pan","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.infsof.2025.107875_b1","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1016\/j.cose.2018.02.002","article-title":"A systematic review of fuzzing techniques","volume":"75","author":"Chen","year":"2018","journal-title":"Comput. Secur."},{"issue":"3","key":"10.1016\/j.infsof.2025.107875_b2","doi-asserted-by":"crossref","first-page":"1199","DOI":"10.1109\/TR.2018.2834476","article-title":"Fuzzing: State of the art","volume":"67","author":"Liang","year":"2018","journal-title":"IEEE Trans. Reliab."},{"issue":"11s","key":"10.1016\/j.infsof.2025.107875_b3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3512345","article-title":"Fuzzing: a survey for roadmap","volume":"54","author":"Zhu","year":"2022","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.infsof.2025.107875_b4","doi-asserted-by":"crossref","DOI":"10.1016\/j.infsof.2025.107797","article-title":"A survey of coverage-guided greybox fuzzing with deep neural models","author":"Qiu","year":"2025","journal-title":"Inf. Softw. Technol."},{"key":"10.1016\/j.infsof.2025.107875_b5","doi-asserted-by":"crossref","DOI":"10.1016\/j.infsof.2024.107582","article-title":"ENZZ: Effective N-gram coverage assisted fuzzing with nearest neighboring branch estimation","volume":"177","author":"Peng","year":"2025","journal-title":"Inf. Softw. Technol."},{"year":"2013","series-title":"American fuzzy lop","author":"Zalewski","key":"10.1016\/j.infsof.2025.107875_b6"},{"key":"10.1016\/j.infsof.2025.107875_b7","doi-asserted-by":"crossref","unstructured":"H. Chen, Y. Xue, Y. Li, B. Chen, X. Xie, X. Wu, Y. Liu, Hawkeye: Towards a desired directed grey-box fuzzer, in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018, pp. 2095\u20132108.","DOI":"10.1145\/3243734.3243849"},{"key":"10.1016\/j.infsof.2025.107875_b8","series-title":"2022 IEEE Symposium on Security and Privacy","first-page":"36","article-title":"Beacon: Directed grey-box fuzzing with provable path pruning","author":"Huang","year":"2022"},{"key":"10.1016\/j.infsof.2025.107875_b9","doi-asserted-by":"crossref","unstructured":"X. Zhu, M. B\u00f6hme, Regression greybox fuzzing, in: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, 2021, pp. 2169\u20132182.","DOI":"10.1145\/3460120.3484596"},{"issue":"12","key":"10.1016\/j.infsof.2025.107875_b10","doi-asserted-by":"crossref","first-page":"1294","DOI":"10.1109\/TSE.2018.2877664","article-title":"Search-based crash reproduction and its impact on debugging","volume":"46","author":"Soltani","year":"2018","journal-title":"IEEE Trans. Softw. Eng."},{"key":"10.1016\/j.infsof.2025.107875_b11","doi-asserted-by":"crossref","unstructured":"W. You, P. Zong, K. Chen, X. Wang, X. Liao, P. Bian, B. Liang, Semfuzz: Semantics-based automatic generation of proof-of-concept exploits, in: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017, pp. 2139\u20132154.","DOI":"10.1145\/3133956.3134085"},{"key":"10.1016\/j.infsof.2025.107875_b12","doi-asserted-by":"crossref","unstructured":"Z. Du, Y. Li, Y. Liu, B. Mao, Windranger: A directed greybox fuzzer driven by deviation basic blocks, in: Proceedings of the 44th International Conference on Software Engineering, 2022, pp. 2440\u20132451.","DOI":"10.1145\/3510003.3510197"},{"key":"10.1016\/j.infsof.2025.107875_b13","series-title":"2019 IEEE 38th International Performance Computing and Communications Conference","first-page":"1","article-title":"An efficient greybox fuzzing scheme for linux-based iot programs through binary static analysis","author":"Zheng","year":"2019"},{"key":"10.1016\/j.infsof.2025.107875_b14","series-title":"2015 6th IEEE International Conference on Software Engineering and Service Science","first-page":"345","article-title":"Binary-oriented hybrid fuzz testing","author":"Fangquan","year":"2015"},{"issue":"8","key":"10.1016\/j.infsof.2025.107875_b15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.23919\/JCC.2021.08.001","article-title":"Shfuzz: A hybrid fuzzing method assisted by static analysis for binary programs","volume":"18","author":"Wang","year":"2021","journal-title":"China Commun."},{"year":"2020","series-title":"Sok: The progress, challenges, and perspectives of directed greybox fuzzing","author":"Wang","key":"10.1016\/j.infsof.2025.107875_b16"},{"issue":"2","key":"10.1016\/j.infsof.2025.107875_b17","doi-asserted-by":"crossref","DOI":"10.1002\/stvr.1869","article-title":"The progress, challenges, and perspectives of directed greybox fuzzing","volume":"34","author":"Wang","year":"2024","journal-title":"Softw. Test. Verif. Reliab."},{"key":"10.1016\/j.infsof.2025.107875_b18","doi-asserted-by":"crossref","unstructured":"F. Weissberg, J. M\u00f6ller, T. Ganz, E. Imgrund, L. Pirch, L. Seidel, M. Schloegel, T. Eisenhofer, K. Rieck, SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing, in: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, 2024, pp. 1539\u20131553.","DOI":"10.1145\/3634737.3661141"},{"issue":"FSE","key":"10.1016\/j.infsof.2025.107875_b19","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1145\/3643741","article-title":"Evaluating directed fuzzers: Are we heading in the right direction?","volume":"1","author":"Kim","year":"2024","journal-title":"Proc. ACM Softw. Eng."},{"key":"10.1016\/j.infsof.2025.107875_b20","doi-asserted-by":"crossref","unstructured":"M. B\u00f6hme, V.-T. Pham, M.-D. Nguyen, A. Roychoudhury, Directed greybox fuzzing, in: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017, pp. 2329\u20132344.","DOI":"10.1145\/3133956.3134020"},{"key":"10.1016\/j.infsof.2025.107875_b21","unstructured":"T.E. Kim, J. Choi, K. Heo, S.K. Cha, {DAFL}: Directed Grey-box Fuzzing guided by Data Dependency, in: 32nd USENIX Security Symposium, USENIX Security 23, 2023, pp. 4931\u20134948."},{"key":"10.1016\/j.infsof.2025.107875_b22","unstructured":"P. Li, W. Meng, C. Zhang, SDFuzz: Target States Driven Directed Fuzzing, in: Proceedings of the 33rd USENIX Security Symposium (Security). Philadelphia, PA, USA, 2024."},{"key":"10.1016\/j.infsof.2025.107875_b23","unstructured":"G. Lee, W. Shim, B. Lee, Constraint-guided directed greybox fuzzing, in: 30th USENIX Security Symposium, USENIX Security 21, 2021, pp. 3559\u20133576."},{"key":"10.1016\/j.infsof.2025.107875_b24","doi-asserted-by":"crossref","unstructured":"P. Srivastava, S. Nagy, M. Hicks, A. Bianchi, M. Payer, One fuzz doesn\u2019t fit all: Optimizing directed fuzzing via target-tailored program state restriction, in: Proceedings of the 38th Annual Computer Security Applications Conference, 2022, pp. 388\u2013399.","DOI":"10.1145\/3564625.3564643"},{"key":"10.1016\/j.infsof.2025.107875_b25","unstructured":"J. Chen, W. Han, M. Yin, H. Zeng, C. Song, B. Lee, H. Yin, I. Shin, SYMSAN: Time and space efficient concolic execution via dynamic data-flow analysis, in: 31st USENIX Security Symposium, 2022."},{"key":"10.1016\/j.infsof.2025.107875_b26","series-title":"2023 IEEE Symposium on Security and Privacy","first-page":"2693","article-title":"Selectfuzz: Efficient directed fuzzing with selective path exploration","author":"Luo","year":"2023"},{"issue":"3","key":"10.1016\/j.infsof.2025.107875_b27","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3428334","article-title":"Magma: A ground-truth fuzzing benchmark","volume":"4","author":"Hazimeh","year":"2020","journal-title":"Proc. ACM Meas. Anal. Comput. Syst."},{"year":"1994","series-title":"Program analysis and specialization for the C programming language","author":"Andersen","key":"10.1016\/j.infsof.2025.107875_b28"},{"key":"10.1016\/j.infsof.2025.107875_b29","series-title":"2023 38th IEEE\/ACM International Conference on Automated Software Engineering Workshops","first-page":"143","article-title":"Improving AFLGo\u2019s directed fuzzing by considering indirect function calls","author":"Jezuita","year":"2023"},{"key":"10.1016\/j.infsof.2025.107875_b30","series-title":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","first-page":"1630","article-title":"SyzDirect: Directed greybox fuzzing for linux kernel","author":"Tan","year":"2023"},{"key":"10.1016\/j.infsof.2025.107875_b31","unstructured":"Y. Xiang, X. Zhang, P. Liu, S. Ji, H. Liang, J. Xu, W. Wang, Critical Code Guided Directed Greybox Fuzzing for Commits, in: 33rd USENIX Security Symposium, USENIX Security 24, 2024, pp. 2459\u20132474."},{"issue":"1","key":"10.1016\/j.infsof.2025.107875_b32","article-title":"RDFuzz: Accelerating directed fuzzing with intertwined schedule and optimized mutation","volume":"2020","author":"Ye","year":"2020","journal-title":"Math. Probl. Eng."},{"key":"10.1016\/j.infsof.2025.107875_b33","unstructured":"M.-D. Nguyen, S. Bardin, R. Bonichon, R. Groz, M. Lemerre, Binary-level directed fuzzing for {use-after-free} vulnerabilities, in: 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020, 2020, pp. 47\u201362."},{"key":"10.1016\/j.infsof.2025.107875_b34","series-title":"29th USENIX Security Symposium","first-page":"2289","article-title":"{ParmeSan}: Sanitizer-guided greybox fuzzing","author":"\u00d6sterlund","year":"2020"},{"key":"10.1016\/j.infsof.2025.107875_b35","unstructured":"P. Zong, T. Lv, D. Wang, Z. Deng, R. Liang, K. Chen, {FuzzGuard}: Filtering out unreachable inputs in directed grey-box fuzzing through deep learning, in: 29th USENIX Security Symposium, USENIX Security 20, 2020, pp. 2255\u20132269."},{"key":"10.1016\/j.infsof.2025.107875_b36","series-title":"Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering","first-page":"475","article-title":"Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage","author":"Lemieux","year":"2018"},{"key":"10.1016\/j.infsof.2025.107875_b37","series-title":"2018 IEEE Symposium on Security and Privacy","first-page":"711","article-title":"Angora: Efficient fuzzing by principled search","author":"Chen","year":"2018"},{"issue":"7","key":"10.1016\/j.infsof.2025.107875_b38","doi-asserted-by":"crossref","first-page":"349","DOI":"10.1016\/j.tree.2011.03.016","article-title":"Red queen: from populations to taxa and communities","volume":"26","author":"Liow","year":"2011","journal-title":"Trends Ecol. Evolut."},{"key":"10.1016\/j.infsof.2025.107875_b39","series-title":"2022 IEEE Symposium on Security and Privacy","first-page":"1","article-title":"Pata: Fuzzing with path aware taint analysis","author":"Liang","year":"2022"},{"key":"10.1016\/j.infsof.2025.107875_b40","series-title":"27th USENIX Security Symposium","first-page":"745","article-title":"{QsYM}: A practical concolic execution engine tailored for hybrid fuzzing","author":"Yun","year":"2018"},{"key":"10.1016\/j.infsof.2025.107875_b41","doi-asserted-by":"crossref","unstructured":"M. Cho, S. Kim, T. Kwon, Intriguer: Field-level constraint solving for hybrid fuzzing, in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019, pp. 515\u2013530.","DOI":"10.1145\/3319535.3354249"},{"key":"10.1016\/j.infsof.2025.107875_b42","series-title":"2020 IEEE Symposium on Security and Privacy","first-page":"1613","article-title":"Pangolin: Incremental hybrid fuzzing with polyhedral path abstraction","author":"Huang","year":"2020"}],"container-title":["Information and Software Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0950584925002149?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0950584925002149?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T00:13:41Z","timestamp":1760228021000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0950584925002149"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12]]},"references-count":42,"alternative-id":["S0950584925002149"],"URL":"https:\/\/doi.org\/10.1016\/j.infsof.2025.107875","relation":{},"ISSN":["0950-5849"],"issn-type":[{"type":"print","value":"0950-5849"}],"subject":[],"published":{"date-parts":[[2025,12]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Directed fuzzing based on path constraints and deviation path correction","name":"articletitle","label":"Article Title"},{"value":"Information and Software Technology","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.infsof.2025.107875","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2025 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"107875"}}