How Custom Targeted Dictionaries Supercharge Grey‑Box Fuzzing – Insights from an ACM SIGSOFT Award Paper

As software systems become more complex, traditional fuzzing struggles to uncover bugs, especially when program states are guarded by intricate constraints such as constant checks. Existing grey‑box fuzzing techniques often suffer from low efficiency in these scenarios.

Recent work from the Southern University of Science and Technology–Ant Group Trusted Computing Joint Research Platform was presented at the top‑tier software engineering conference ICSE2025 and received the ACM SIGSOFT Outstanding Paper Award. The paper, titled Tumbling Down the Rabbit Hole: How do Assisting Exploration Strategies Facilitate Grey‑box Fuzzing? , proposes a novel custom‑targeted dictionary approach called CDFuzz that achieves simultaneous gains in coverage and vulnerability detection without additional instrumentation.

Paper Highlights

Grey‑box fuzzing faces a long‑standing efficiency bottleneck when trying to explore deep program paths protected by complex conditions, limiting both the depth and breadth of bug discovery. Traditional assisting strategies such as symbolic execution add high overhead or lose effectiveness on deep constraints.

This study systematically reveals the performance boundaries of various assisting strategies and introduces the lightweight CDFuzz technique. By dynamically generating a targeted dictionary, CDFuzz improves test precision and efficiency while incurring zero compilation or runtime overhead.

Key advantage: CDFuzz requires no extra instrumentation and achieves precise, high‑efficiency testing with zero added cost.

Live Session Details

The live “Paper Show” will feature the paper’s sole corresponding author, Associate Professor Zhang Yuqun, who will deeply analyze CDFuzz’s design principles and validation results, giving viewers direct insight into the innovation behind this distinguished conference paper.

Watch time: June 12, 2025, 18:00‑20:00 Platforms: WeChat Channels (Ant Technology Research Institute), Bilibili (Ant Technology Research Institute) – please follow and reserve your spot.