Program Schedule (Tentative)

All times are local time in Seattle, WA, United States (GMT-7 / PDT).

9:00am Welcome and Introductions
9:15am Keynote 1: Three Colours of Fuzzing: Reflections and Open Challenges
Cristian Cadar (Imperial College London)
Abstract: In this talk, I will reflect on my experiences designing and applying different forms of fuzzing (whitebox, greybox and blackbox) to various types of software (file processing applications, network servers, compilers, document readers, etc.) and software engineering problems (patch testing, test suite augmentation, refactoring, etc.)
While the goal of fuzzing is to find bugs, our objective as fuzzing researchers and practitioners should be to improve the reliability, security and quality of software. I therefore argue that we need to pay closer attention to how fuzzing is integrated into the software development process and how we can use fuzzing to help with other software engineering tasks.

Bio: Cristian Cadar is a Professor in the Department of Computing at Imperial College London, where he leads the Software Reliability Group (, working on automatic techniques for increasing the reliability and security of software systems. Cristian's research has been recognised by several prestigious awards, including the IEEE TCSE New Directions Award, BCS Roger Needham Award, HVC Award, EuroSys Jochen Liedtke Award, and two test of time awards. Many of the research techniques he co-authored have been used in both academia and industry. In particular, he is maintainer and developer of the KLEE symbolic execution system, a popular system with a large user base. Cristian has a PhD in Computer Science from Stanford University, and undergraduate and Master's degrees from the Massachusetts Institute of Technology.

Session Chair: TBA
10:00am Morning Break
10:30am Fishbowl Conversation
Group conversation about fuzzing and related topics. More info will follow!
11:30am Reflections on preregistration-based publication model
12:00pm Lunch Break
1:30pm Keynote 2: Rich coverage signal and the consequences for scaling
Kostya Serebryany (Google)
Abstract: Most existing fuzzing tools use edge coverage to identify interesting inputs and guide the expansion of the corpus. This coverage signal is convenient because it is bounded in size. Once fuzzing discovers all reachable edges, however, this form of coverage stops being useful. To keep providing a useful guidance to the fuzzer we can add additional signals, such as call stacks, bounded execution paths, arguments to comparison instructions, and signals derived from anomaly detection. Most of these signals can generate a large amount of data that the fuzzer needs to deal with which can have a drastic impact on the computational resources required. It is still tempting to use these rich signals. In the SiliFuzz project we have used rich coverage signals to uncover bugs that were hidden otherwise. In this talk we will discuss approaches to scaling fuzzing with rich coverage signals in a new fuzzing engine called Centipede.

Bio: Konstantin (Kostya) Serebryany is a Software Engineer at Google. His team develops and deploys dynamic testing tools, such as AddressSanitizer, MemorySanitizer, ThreadSanitizer, and libFuzzer. Prior to joining Google in 2007, Konstantin spent 4 years at Elbrus/MCST working for Sun compiler lab and then 3 years at Intel Compiler Lab. Konstantin holds a PhD from and a M.S. from

Session Chair: TBA
2:15pm Paper Session 1
Session Chair: TBA
Large Language Models for Fuzzing Parsers
Joshua Ackerman, George Cybenko (Dartmouth College)

Novelty not Found: Adaptive Fuzzer Restarts to Improve Input Space Coverage
Nico Schiller, Xinyi Xu, Lukas Bernhard, Nils Bars, Moritz Schloegel, Thorsten Holz (CISPA Helmholtz Center for Information Security)

Grammar Mutation for Testing Input Parsers
Bachir Bendrissou, Cristian Cadar, Alastair Donaldson (Imperial College London)
3:00pm Afternoon Break
3:30pm Paper Session 2
Session Chair: TBA
CrabSandwich: Fuzzing Rust with Rust
Addison Crump (CISPA), Dongjia Zhang (EURECOM), Syeda Mahnur Asif (CISPA), Dominik Maier (TU Berlin), Andrea Fioraldi (EURECOM), Thorsten Holz (CISPA), Davide Balzarotti (EURECOM)

Beyond The Coverage Plateau - A Comprehensive Study of Fuzz Blockers
Wentao Gao, Van-Thuan Pham (University of Melbourne), Dongge Liu, Oliver Chang (Google), Toby Murray, Benjamin Rubinstein (University of Melbourne)

DiPri: Distance-based Seed Prioritization for Greybox Fuzzing
Ruixiang Qian, Quanjun Zhang, Chunrong Fang, Zhenyu Chen (Nanjing University)

InFuzz: An Interactive Tool for Enhancing Efficiency in Fuzzing through Visual Bottleneck Analysis
Qian Yan, Minhuan Huang, Huayang Cao, Shuaibing Lu (National Key Laboratory of Science and Technology on Information System Security)

Multi-phase Parallel Fuzzer
Taotao Gu, Tong Wang, Xiang Li, Shuaibing Lu, Yuanping Nie, Zhaowei Zhang, Xiaohui Kuang, Gang Zhao (National Key Laboratory of Science and Technology on Information System Security)
4:45pm Concluding remarks