Download file
Download file
Download file
Download file
Download file
Download file
Download file
Download file
Download file
Download file
Download file
Download file
Download file
13 files

CONFETTI: Amplifying Concolic Guidance for Fuzzers

posted on 2022-01-28, 21:20 authored by James Kukucka, Luis Gabriel Ganchinho de PinaLuis Gabriel Ganchinho de Pina, Paul Ammann, Jonathan BellJonathan Bell

This is the artifact for the ICSE 2022 paper, "CONFETTI: CONcolic Fuzzer Employing Taint Tracking Information".

Please see "" for information about this artifact.

If you are looking for the source code for CONFETTI, it can be found at , or inside of the artifact VM, which also contains all dependencies needed to build it.

The files available in this artifact are:

* - A much more thorough description of this artifact than provided in this short abstract

* CONFETTI ICSE 2022 Virtual Machine.vmdk - The OVF virtual machine image that we provide for long-term replicability. It includes all of the other files in this artifact, and can be used to fully reproduce our experimental results. To use it, create a new VM with this disk image, 4 CPU cores and 32 GB RAM. The VM image is 11GB, but we would suggest having at least 20GB of available space on the machine that you run it on.

* REQUIREMENTS.txt - A brief description of what you need to run our VM artifact

* LICENSE.txt - The full license that this artifact is distributed under

* INSTALL.txt - A brief installation guide; for a full installation guide see

* AUTHORS.txt - A listing of the authors of this artifact with citation information

* - An archive containing the workflow file and custom actions used by our continuous integration pipeline for developing and evaluating CONFETTI.

* - Various documentation that was requested specifically for the purposes of ICSE 2022 artifact evaluation, organized into a single zip and archived for perpetuity.

This artifact also contains the primary data that we collected from the 3 fuzzer/5 target/20 trial/24 hour per-trial experiment reported in our ICSE 2022 paper. That data is in the file fuzz_output.tgz, and is also included in the artifact VM for convenience.

This artifact also contains the results of processing that primary data into various intermediate forms, which are then used to build the tables and graphs in our paper. The file describes exactly how to replicate our results, and the artifact VM contains these intermediate results for ease of use. We also share them directly here, in case it is useful to download them without also getting the full artifact VM.

* jacoco-coverage.tgz: Directory of output from reproducing all 20 runs of each fuzzer/target pair. For each fuzzer/benchmark, the .jacoco.exec file is the binary coverage file stored by JaCoCo, the .jacoco.out directory is the HTML report. Generated by confetti-artifact/reproCorpusAndGetJacocoTGZ.php

* fuzz-stats-coverage.tgz: Directory of CSV files containing the coverage of each fuzzing run as calculated by the fuzzer. These files are created by extract-coverage.php and are used to create the graphs in Figure 1

* forensics.tgz: Directory of CSV files containing the results of RQ4 (Table 4) - attempting to fuzz away global dictionary hints. Generated by confetti-artifact/scripts/collectExtendedHintInfo.php

* fuzz_stats.csv: A CSV containing the last line of statistics from each fuzzing run, collected from the fuzz_stats file in each campaign, generated by scripts/extract-last-line-of-fuzz-stats.php

Cite this artifact as:

Kukucka, James; Ganchinho de Pina, Luis Gabriel; Ammann, Paul; Bell, Jonathan (2022): CONFETTI: Amplifying Concolic Guidance for Fuzzers. figshare. Software.

Or, in BibTex:



title={{CONFETTI}: Amplifying Concolic Guidance for Fuzzers},




author={Kukucka, James and Ganchinho de Pina, Luis Gabriel and Ammann, Paul and Bell, Jonathan},






NSF CCF-2100037

NSF CNS-2100015


Usage metrics