WolfFuzz: A Dynamic, Adaptive, and Directed Greybox Fuzzer
Round 1
Reviewer 1 Report
Comments and Suggestions for Authors
This article introduces WolfFuzz, which presents some innovations in mutation and exploration scheduling. However, the writing in this paper is scattered and requires extensive editing.
Some examples as follows:
In the third paragraph of Section 1, the discussion of related work seems rushed and lacks comparison with the methods proposed in this paper. The mention of "between three distinct phases" in Section 1 is not promptly introduced. It is generally understood as two phases: exploration and exploitation. Or are they similar to the three phases in FishFuzz, which should be clarified early in the paper.
Why is it stated in Figure 1 that "With FishFuzz's distance calculation, A-B-D-F is 3, A-C-F is 2, showing equal preference for A-C-F." Here, there is a typo "FishFuzz," and isn't the distance different (3 vs 2)? In FishFuzz, isn't it the calculation of function distances? How are the branch reachability probabilities in this figure calculated based on FishFuzz? I cannot find the probabilities in the main body of the paper either.
On page 4, "fuzzy testing" should be "fuzz testing." There are also other instances where "fuzzy" is incorrectly used.
In Section 3.4, there's a typo in “Figure ??”.
In Section 5.2, while the result is about code coverage, it's suggested that the conclusion could indeed detect more errors: "This means that WolfFuzz could identify additional vulnerabilities."
In Section 5.5, there's virtually no explanation for Table 8, leaving readers unsure of what the numbers represent.
Comments on the Quality of English LanguageMust be improved
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Reviewer 2 Report
Comments and Suggestions for AuthorsThis paper presents an innovative approach to grey-box fuzzing by introducing a dynamic, adaptive system named WolfFuzz, designed to improve efficiency in vulnerability identification within software systems. The paper is well-organized. Some comments to the authors for improvement
Abstract. Please add some quantitative results. For example how much is % of improvement by comparative trials with state-of-the-art fuzzers such as AFL and AFLGo.
Consider adding a section/paragraph discussing the implications of the findings for practical applications in more diverse contexts or different types of software systems and any potential limitations or challenges that may arise when deploying WolfFuzz in real-world scenarios.
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
Comments and Suggestions for Authors
The paper requires a thorough rewrite, focusing on restructuring and clarifying descriptions rather than simply making minor word changes. Here are some specific examples of areas that need improvement:
The paper lacks sufficient support for statements such as "WOLFFUZZ demonstrates an average speed improvement of 3.20 times over the baseline and is able to reproduce 76.4% of known bugs at a faster rate." The source of the 3.2x improvement is unclear, and the assertion that WolfFuzz reproduces bugs faster needs more substantiation. Additionally, Table 7 only presents WolfFuzz's results, and in Section 5.4, the numbers of unique crashes are deemed irrelevant since they haven't been deduplicated.
Figure 3, illustrating the overall process of WolfFuzz, requires clearer explanation.
The utilization of IGWO (presumably a method or tool) is not adequately elucidated and necessitates a rewritten explanation.
The concept of branch reachability probability lacks sufficient explanation.
In the algorithm, there seems to be a discrepancy between the hunt_mode and its corresponding mode in Figure 4.
These issues must be addressed to enhance the clarity and credibility of the paper.
Comments on the Quality of English LanguagePoor
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Reviewer 2 Report
Comments and Suggestions for AuthorsThe authors adressed all the comments
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Round 3
Reviewer 1 Report
Comments and Suggestions for AuthorsThe revision looks much better now.
Comments on the Quality of English LanguageNo