PointFuzz: Efficient Fuzzing of Library Code via Point-to-Point Mutations

• Published in: Electronics (Basel) Vol. 14; no. 19; p. 3796
• Main Authors: Wen, Sheng, Tian, Liwei, Liu, Suping
• Format: Journal Article
• Language: English
• Published: Basel MDPI AG 25.09.2025
• Subjects: Algorithms; Application programming interface; Applications programming; Arrays; Boolean; C plus plus; Deep learning; Efficiency; Feedback; Floating point arithmetic; Gene mutations; Harnesses; Libraries; Mutation; Open source software; Operators; Parameter identification; Real time; Software testing; Use statistics
• ISSN: 2079-9292; 2079-9292
• DOI: 10.3390/electronics14193796

Fuzzing has established itself as a cornerstone technique for uncovering defects in both stand-alone executables and software libraries. In the domain of library testing, prior research has predominantly concentrated on the automated generation of fuzz drivers-code harnesses that invoke individual Application Programming Interfaces (APIs) under test. While these approaches successfully orchestrate API calls in the correct sequence, they often neglect a critical factor: the semantic relevance and structural validity of the input data supplied to each API parameter. Unlike monolithic programs, where inputs are typically drawn from well-defined file or network formats, API parameters may span a broad spectrum of primitive and composite data types-ranging from integers and floating-point values to strings, containers, and user-defined aggregates—each of which demands tailored mutation strategies to exercise deep code paths and trigger latent faults. To address this gap, we introduce PointFuzz, a novel fuzzing framework that integrates type-aware input generation into existing harness generation pipelines. PointFuzz begins by statically analyzing the API’s function signatures and associated type definitions to accurately identify the data type of every parameter. It then applies a suite of specialized mutation operators. This data-type-guided mutation maximizes the likelihood of traversing previously untested execution branches. Moreover, PointFuzz incorporates an innovative feedback mechanism that dynamically adjusts mutation priorities based on real-time coverage gains. By assigning quantitative scores to parameter-specific operators, our system continuously learns which strategies yield the most valuable inputs, and reallocates computational effort accordingly. Empirical evaluation across multiple widely used C/C++ libraries demonstrates that PointFuzz achieves superior API coverage compared to generic, agnostic-type fuzzers. These results validate the efficacy of combining type-aware mutation with adaptive feedback to advance the state of library API fuzzing.