journal article
Apr 10, 2026
Peeling Off the Cocoon: Unveiling Suppressed Golden Seeds for Mutational Greybox Fuzzing
Proceedings of the ACM on Programming Languages
Vol. 10
No. OOPSLA1
pp. 143-169
·
Association for Computing Machinery (ACM)
Abstract
Mutational greybox fuzzing (MGF) is a powerful software testing technique. Initial seeds are critical for MGF since they define the space of possible inputs and fundamentally shape the effectiveness of MGF. Nevertheless, having more initial seeds is not always better. A bloated initial seed set can inhibit throughput, thereby degrading the effectiveness of MGF. To avoid bloating, modern fuzzing practices recommend performing seed selection to maintain golden seeds (i.e., those identified as beneficial for MGF) while minimizing the size of the set. Typically, seed selection favors seeds that execute unique code regions and discards those that contribute stale coverage. This coverage-based strategy is straightforward and useful, and is widely adopted by the fuzzing community. However, coverage-based seed selection (CSS) is not flawless and has a notable blind spot: it fails to identify golden seeds suppressed by unpassed coverage guards, even if these seeds contain valuable payload that can benefit MGF. This blind spot prevents suppressed golden seeds from realizing their true values, which may ultimately degrade the effectiveness of downstream MGF.
In this paper, we propose a novel technique named PoCo to address the blind spot of traditional CSS. The basic idea behind PoCo is to manifest the true strengths of the suppressed golden seeds by gradually disabling obstacle conditional guards. To this end, we develop a lightweight program transformation to enable flexible disabling of guards and devise a novel guard hierarchy analysis to identify obstacle ones. An iterative seed selection algorithm is constructed to stepwise select suppressed golden seeds. We prototype PoCo on top of the AFL++ utilities (version 4.10c) and compare it with seven baselines, including two state-of-the-art tools afl-cmin and OptiMin. Compared with afl-cmin, PoCo selects 3–40 additional seeds within a practical time budget of two hours. To evaluate how effective the studied techniques are in seeding MGF, we further conduct extensive fuzzing (over 17,280 CPU hours) with eight different targets from a mature benchmark named Magma, adopting the most representative fuzzer AFL++ for MGF. The results show that the additional seeds selected by PoCo yield modest improvements in both code coverage and bug discovery. Although our evaluation reveals some limitations of PoCo, it also demonstrates the presence and value of suppressed golden seeds. Based on the evaluation results, we distill lessons and insights that may inspire the fuzzing community.
In this paper, we propose a novel technique named PoCo to address the blind spot of traditional CSS. The basic idea behind PoCo is to manifest the true strengths of the suppressed golden seeds by gradually disabling obstacle conditional guards. To this end, we develop a lightweight program transformation to enable flexible disabling of guards and devise a novel guard hierarchy analysis to identify obstacle ones. An iterative seed selection algorithm is constructed to stepwise select suppressed golden seeds. We prototype PoCo on top of the AFL++ utilities (version 4.10c) and compare it with seven baselines, including two state-of-the-art tools afl-cmin and OptiMin. Compared with afl-cmin, PoCo selects 3–40 additional seeds within a practical time budget of two hours. To evaluate how effective the studied techniques are in seeding MGF, we further conduct extensive fuzzing (over 17,280 CPU hours) with eight different targets from a mature benchmark named Magma, adopting the most representative fuzzer AFL++ for MGF. The results show that the additional seeds selected by PoCo yield modest improvements in both code coverage and bug discovery. Although our evaluation reveals some limitations of PoCo, it also demonstrates the presence and value of suppressed golden seeds. Based on the evaluation results, we distill lessons and insights that may inspire the fuzzing community.
Topics
No keywords indexed for this article. Browse by subject →
References
60
[1]
AFL. 2025. AFL Usage. https://github.com/google/AFL/blob/master/README.md
[2]
AFL. 2025. American Fuzzy Lop Github Repository. https://github.com/google/AFL
[3]
AFL++Team. 2025. American Fuzzy Lop Plus Plus (afl++). https://github.com/AFLplusplus/AFLplusplus
[4]
AFL++Team. 2025. Corpus minimization for American Fuzzy Lop. https://github.com/AFLplusplus/AFLplusplus/blob/stable/afl-cmin
[5]
Paul Ammann and Jeff Offutt. 2016. Introduction to Software Testing. Cambridge University Press.
[9]
[13]
Andrea Fioraldi, Dominik Maier, Heiko Eiß feldt, and Marc Heuse. 2020. AFL++: combining incremental steps of fuzzing research. In Proceedings of the 14th USENIX Conference on Offensive Technologies (WOOT’20). USENIX Association, USA. Article 10, 1 pages.
[14]
[18]
LAFIntel-Team. 2025. LAF-Intel: Circumventing Fuzzing Roadblocks with Compiler Transformations. https://lafintel.wordpress.com/
[19]
[21]
LibFuzzer. 2025. Libfuzzer: Coverage Guided Fuzz Testing. https://llvm.org/docs/LibFuzzer.html
[22]
LibXML2-Team. 2025. XML parser and toolkit. https://gitlab.gnome.org/GNOME/libxml2
[24]
LLVM. 2025. Introduction of LLVM pass. https://llvm.org/docs/WritingAnLLVMPass.html
[25]
Lua-List. 2025. List of Lua projects used.. https://anonymous.4open.science/r/poco-oopsla25-major-FB39/lua-list
[27]
Magma-Team. 2025. Magma bug list.. https://hexhive.epfl.ch/magma/docs/bugs.html
[28]
Magma-Team. 2025-03-10. Magma tools and technical details.. https://hexhive.epfl.ch/magma/docs/technical.html
[35]
PoCo-Team. 2026. Artifacts of PoCo. https://doi.org/10.5281/zenodo.18795126 2026-02-26 10.5281/zenodo.18795126
10.5281/zenodo.18795126
[36]
PoCo-Team. 2026. PoCo Appendix. https://zenodo.org/records/18795126/files/poco-appendix.pdf?download=1 2026-02-26
[39]
[40]
[42]
Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, and David Brumley. 2014. Optimizing seed selection for fuzzing. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC’14). USENIX Association, USA. 861–875. isbn:9781931971157
[44]
Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wör-ner, and Thorsten Holz. 2021. Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types. In 30th USENIX Security Symposium (USENIX Security 21). https://www.usenix.org/conference/usenixsecurity21/presentation/schumilo
[46]
Kostya Serebryany. 2017. Oss-fuzz: Google’s Continuous Fuzzing Service for Open Source Software.
[47]
Zekun Shen, Ritik Roongta, and Brendan Dolan-Gavitt. 2022. Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA. 1275–1290. isbn:978-1-939133-31-1 https://www.usenix.org/conference/usenixsecurity22/presentation/shen-zekun
[48]
Wenxuan Shi Yunhang Zhang Xinyu Xing and Jun Xu. 2024. Harnessing Large Language Models for Seed Generation in Greybox Fuzzing. arXiv preprint arXiv:2411.18143 https://doi.org/10.48550/arXiv.2411.18143 10.48550/arXiv.2411.18143
10.48550/arxiv.2411.18143
[49]
SQLite-Team. 2025. A C-language library that implements a portable and full-featured SQL database engine.. https://www.sqlite.org/
[50]
Showing 50 of 60 references
Metrics
0
Citations
60
References
Details
- Published
- Apr 10, 2026
- Vol/Issue
- 10(OOPSLA1)
- Pages
- 143-169
Authors
Funding
National Natural Science Foundation of China
Award: U24A20337
Cite This Article
Ruixiang Qian, Chunrong Fang, Zengxu Chen, et al. (2026). Peeling Off the Cocoon: Unveiling Suppressed Golden Seeds for Mutational Greybox Fuzzing. Proceedings of the ACM on Programming Languages, 10(OOPSLA1), 143-169. https://doi.org/10.1145/3798205
Related
You May Also Like
code2vec: learning distributed representations of code
Uri Alon, Meital Zilberstein · 2019
880 citations
Grounded Copilot: How Programmers Interact with Code-Generating Models
Shraddha Barke, Michael B. James · 2023
275 citations