PathFuzzing: A Path-Centric Fuzzing Approach
- PathFuzzing is a family of fuzzing methods that prioritize execution path analysis by focusing on rare edges, targeted call chains, and symbolic constraints.
- It utilizes diverse representations such as edge bitmaps, call paths, and fixed-length bit strings to drive methodical exploration of program behavior.
- Empirical results show significant improvements in bug discovery speed and code coverage efficiency, making it a promising approach for vulnerability detection.
Searching arXiv for papers on PathFuzzing and closely related path-directed fuzzing. arXiv search query: "PathFuzzing directed fuzzing path diversity greybox fuzzing" PathFuzzing denotes a family of fuzzing methods that treat execution paths, target edges, call chains, or symbolic-execution paths as first-class search objects rather than relying only on undirected global coverage. In the literature, this includes path-directed greybox fuzzing toward rare edges (Wang et al., 2023), multiple-target fuzzing with target path diversity and unbiased energy assignment (Rong et al., 2023), path-aware generation from static call paths in CLI applications (Shiraishi et al., 25 Nov 2025), and worst-case analysis over symbolic-execution paths encoded as binary strings (Chen et al., 14 Jul 2025). In a closely related formalization, the objective is to preserve a path prefix and flip a selected later Boolean outcome, yielding a neighboring execution path in a controlled local space (Jonáš et al., 29 Jan 2025).
1. Conceptual scope
In one line of work, path-oriented fuzzing is defined operationally as explicitly steering toward rare or under-exercised edges. The adversarial fuzzing scheme built on AFL learns a differentiable approximation of input-to-edge-coverage behavior and then targets the least frequent edges, feeding the resulting inputs back into AFL’s queue so that deterministic and havoc mutations explore around those seeds (Wang et al., 2023). In AFLRun, the path diversity of a target is defined as the total code coverage contributed by seeds that hit that target, and the design is explicitly motivated by preconditioned flaw activation and post-target activation, where merely reaching the target is insufficient (Rong et al., 2023). PILOT uses a different path notion: it statically computes call paths from main to a target function, supplies those paths to an LLM, and iteratively refines commands and file-generation scripts using feedback on which functions along those paths were actually covered (Shiraishi et al., 25 Nov 2025). PathFuzzing for worst-case analysis moves the search space from concrete inputs to execution paths encoded as fixed-length binary strings, then fuzzes those path strings to maximize resource cost subject to path satisfiability (Chen et al., 14 Jul 2025).
Taken together, these formulations indicate that PathFuzzing is not a single algorithm but a path-centric viewpoint spanning edge-level objectives, target-conditioned path diversity, call-chain realization, and symbolic path optimization. A plausible implication is that the common abstraction is not the input format or mutation engine, but the use of path structure as the primary search target.
2. Path representations and objective functions
PathFuzzing systems differ chiefly in how they represent a path and in what they optimize once that representation is fixed.
| Path representation | Operational objective | Representative work |
|---|---|---|
| Edge bitmap and edge frequencies | Activate specific rare edges and mutate around resulting seeds | adversarial fuzzing (Wang et al., 2023) |
| Target-specific path sets via target virgin maps and critical blocks | Maximize target path diversity and assign energy fairly across targets | AFLRun (Rong et al., 2023) |
Static call chains from main to a target function |
Generate commands and files that realize the target call path | PILOT (Shiraishi et al., 25 Nov 2025) |
| Fixed-length bit strings of branch decisions | Search satisfiable paths with maximal resource cost | PathFuzzing for WCA (Chen et al., 14 Jul 2025) |
| Trace of atomic Boolean expressions with preserved prefix and flipped suffix | Reach a neighboring execution path in local space | local-space gray-box fuzzing (Jonáš et al., 29 Jan 2025) |
For edge-centric path fuzzing, AFL’s instrumentation bitmap remains the underlying runtime object. If is the set of instrumented edges and is the set hit by input , global coverage is described as
while path novelty is approximated by edge rarity,
The adversarial scheme then selects edges with small as explicit search targets (Wang et al., 2023).
In multiple-target directed fuzzing, path representation becomes target-relative. AFLRun maintains a primary virgin map for ordinary coverage and additional target virgin maps—one per target cluster—to record coverage achieved specifically by seeds that hit that target or cluster. A seed is kept if it flips any bit in any relevant virgin map, even when it adds no global coverage, thereby preserving executions that increase target-specific path diversity (Rong et al., 2023).
For call-path-aware fuzzing, the representation is an ordered sequence of functions, with file and line information, from main to the target. PILOT exposes these sequences directly to the LLM, along with source-level context, and then uses function coverage and CFG-edge coverage to measure whether generated commands are progressing along the intended chain (Shiraishi et al., 25 Nov 2025).
For path-space fuzzing in worst-case analysis, a path string encodes branch decisions. The optimization target becomes
and the transformed program symbolically interprets 0, checks satisfiability, and accumulates path cost (Chen et al., 14 Jul 2025). In the local-space formulation, the path object is a trace of atomic Boolean expressions, and the objective is to keep the same expressions in the same order with the same Boolean values except for the last one, which is forced to the opposite value (Jonáš et al., 29 Jan 2025).
3. Search mechanisms for steering into new paths
One prominent mechanism is surrogate-guided adversarial generation. The adversarial fuzzing system augments AFL with a neural network that maps fixed-length byte vectors to multi-label edge bitmaps, using binary cross-entropy and two fully connected hidden layers with 256 neurons each. It then applies a modified JSMA attack to maximize the predicted probability of a selected rare edge, with gradients 1, saliency-based byte selection, and up to 200 iterations, before reinserting the resulting inputs into AFL’s queue (Wang et al., 2023).
CONFF treats path constraints as the dominant search units. It tracks all path constraints encountered during execution, assigns each the distance of its containing basic block to the target, filters only a small number of high-priority constraints, and then focuses on one constraint at a time. The focused constraint is solved using dynamic condition-to-byte mapping, first by multi-byte probing and then by single-byte probing, followed by mutation strategies specialized for magic values and checksum-like relations. This stepwise process gradually approaches the target location through path selection rather than global coverage maximization (Li et al., 2023).
The local-space gray-box method defines a coverage problem 2, where 3 are black-box signed-distance functions for the path’s atomic Boolean expressions and 4 encode the desired Boolean outcomes. It constructs a sequence of orthonormal local bases 5 and associated half-space constraints 6, with each new local space designed to keep earlier expressions approximately stable while searching for a valuation that flips the last one. The actual search combines gradient descent, local-space bit mutations, and random sampling around both the current point and the predicted zero of the last signed distance (Jonáš et al., 29 Jan 2025).
Rare-path seed generation uses quantitative symbolic analysis before fuzzing begins. Branch selectivity is defined as
7
where 8 is the domain of assignments for a branch condition and 9 is the satisfying subset. Edge probabilities in a probabilistic CFG are derived from these selectivities, path probabilities are multiplied along II-paths, and the rarest bounded-length paths are then realized using path-guided concolic execution. The resulting seeds are passed to AFL++, FairFuzz, or DigFuzz-style fuzzers (Saha et al., 2022).
Truzz derives path signals from runtime transitions rather than symbolic models. For a seed path 0 and a mutated path 1, it defines a fitness
2
for mutating byte interval 3. High fitness indicates validation-related bytes that tend to trigger shorter, error-handling paths when mutated, so Truzz protects those bytes by reducing their mutation probability and prioritizes seeds whose initial path yielded many new edges (Zhang et al., 2022).
4. Scheduling, pruning, and diversity management
AFLRun turns path diversity into an explicit corpus-level scheduling signal. It maintains multiple virgin maps, including one target virgin map per target cluster, so that seeds are retained when they contribute new coverage relative to a target even if they add no ordinary coverage. To control cost, targets are clustered via association rule mining on co-updated virgin maps. On top of this, AFLRun computes critical blocks for each target, propagates uniform target weights through block and seed distribution matrices, and solves a corpus-level optimization so that total energy per target remains fair even when some targets have many more seeds than others (Rong et al., 2023).
ATTuzz uses a different scheduling abstraction: a DTMC over basic blocks built from observed execution traces. If 4 is the estimated transition probability from block 5 to block 6, the reward of block 7 is
8
The highest-reward uncovered blocks are selected, their predecessors become critical blocks, and attention-based models are trained to predict whether mutating a seed under a given mutator will still reach a critical block. The resulting heat maps identify “hot bytes” that should usually not be mutated, preserving path prefixes that lead into rewarding unexplored regions (Zhu et al., 2021).
GoExploreFuzz frames path management geometrically. Inputs are points in a space 9 with dissimilarity 0, paths are points in a space 1 with dissimilarity 2, and the CFG is endowed with a symmetric hitting probability metric derived from the empirical Markov chain induced by the campaign. Path space is discretized by selecting diverse landmark paths and assigning each observed path to a cell according to its ranked distances to those landmarks. The go distribution then balances exploration and exploitation over elites, while mutation bandwidth is tuned according to the geometry of an elite input in a cell (Huntsman, 2023).
TOPr operates at the static-analysis end of the design space. It builds an inverse call graph and inverse CFG from whole-program LLVM bitcode, augments indirect calls with function-signature matching, marks basic blocks that can reach the target, and rewrites the rest with exit(0) so that executions terminate immediately upon entering target-irrelevant code. The design goal is to preserve common-case indirect control flow without resorting to dynamic analysis, thereby combining speed and pruning precision in directed fuzzing (Niddodi et al., 2023).
5. Domains and applications
PathFuzzing has been applied first to conventional vulnerability discovery in compiled software. The adversarial AFL extension was evaluated on Fuzzgoat and on libxml2 v2.9.2, libpng 1.2.56, openssl_x509, and mupdf, where targeted rare-edge generation is used to improve path exploration and crash discovery (Wang et al., 2023). Wildfire applies a compositional variant of the same path-centric logic: it fuzzes isolated functions in C programs, records crashing argument tuples and stack traces, summarizes vulnerable functions with assertions over those tuples, and then uses targeted symbolic execution to determine whether the vulnerability is exploitable from higher-level callers. Its evaluation covers 23 open-source programs comprising nearly 1 million LOC, and it could reproduce all of the known vulnerabilities while also finding previously-unknown vulnerabilities in three open-source libraries (Ognawala et al., 2019).
In CLI programs, PILOT recasts path realization as a semantic orchestration problem. It computes call paths with libclang, chooses target functions using centrality over the call graph, prompts an LLM with candidate call chains, and generates shell scripts that both create valid input files and invoke the target application with appropriate options. Across 43 real-world C programs, PILOT reports 51 zero-day vulnerabilities, with 41 confirmed by maintainers, 33 fixed, and 3 assigned CVE identifiers (Shiraishi et al., 25 Nov 2025).
In PHP web applications, PHUZZ adapts path-guided fuzzing to HTTP-driven execution. Coverage is collected inside the PHP runtime with Xdebug or PCOV, vulnerability-sensitive PHP functions are hooked with UOPZ, and HTTP candidates are scored by the number of new paths and lines executed server-side. PHUZZ was evaluated on artificial and real-world applications and then fuzzed over 1,000 API endpoints of the 115 most popular WordPress plugins, resulting in over 20 security issues and 2 new CVE-IDs (Neef et al., 2024).
PathFuzzing has also been extended beyond vulnerability detection. In worst-case analysis, the transformed symbolic program 3 takes a path string 4, interprets bits as branch decisions, checks satisfiability, and accumulates path cost. Experiments on a benchmark suite of 20 programs show that this path-space formulation generally outperforms both a fuzzing baseline and a symbolic-execution baseline, particularly when the path space is small relative to the input space and many branches are deterministic or always satisfiable (Chen et al., 14 Jul 2025).
These applications span mutation-based binary fuzzing, compositional library analysis, CLI testing, web application fuzzing, and worst-case resource analysis. This suggests that PathFuzzing is better understood as a transferable search principle than as a domain-specific tooling category.
6. Empirical patterns, limitations, and open directions
Across the literature, path-centric guidance is repeatedly associated with better reachability of deep or target-relevant code under fixed budgets. On LAVA-1 and real-world vulnerabilities, CONFF reproduced crashes with significantly reduced time, averaging 5 the speed of Angora and 6 the speed of AFLGo (Li et al., 2023). Truzz increased the fraction of inputs that reach functional code by 7 on average, achieved 8 more new edges than vanilla fuzzers, and exposed 13 bugs in 8 target programs, 6 of which had not been identified by the vanilla fuzzers (Zhang et al., 2022). TOPr reports 9 and 0 higher test case throughput than SieveFuzz and AFLGo respectively, 1 and 2 more target-relevant coverage, faster bug discovery time, and 24 new bugs in 5 open source applications, with 18 confirmed by developers (Niddodi et al., 2023).
The main limitations are equally consistent. Path-space worst-case analysis remains dependent on SMT performance, manual path-length bounds 3, and partially manual identification of branches whose satisfiability checks can be skipped (Chen et al., 14 Jul 2025). PILOT depends strongly on LLM quality, incurs token and monetary cost, and inherits static-analysis limits from call graphs built with libclang, especially in the presence of function pointers or other dynamic behavior (Shiraishi et al., 25 Nov 2025). PHUZZ currently handles independent multi-step workflows but not dependent multi-step actions where a response value from one request must be propagated into a later request, and its sink-based oracles can still produce false positives in some settings such as JSON responses misclassified as XSS (Neef et al., 2024).
Open directions in the surveyed work remain strongly path-centric. The adversarial fuzzing paper explicitly proposes hybrids with symbolic or concolic execution, reinforcement learning over target edges, sequence- or path-level objectives beyond single edges, adversarial mutation operators in other fuzzers, and improved surrogate models such as CNNs or transformers (Wang et al., 2023). AFLRun points toward dynamic feedback for refining critical blocks, binary-only adaptation, and improved clustering beyond association rules (Rong et al., 2023). The resulting research trajectory is toward more explicit path objects, more principled path diversity metrics, and tighter integration between structural guidance, semantic input generation, and low-level mutation.