Specifications of modern complex systems can become so large that model cutting or abstraction is required to enable automatic analysis by model checkers. Moreover, relying solely on model simulators or scenario-based validation does not provide sufficient guarantees regarding the model’s compliance with requirements or its satisfaction of desired properties. Building on the idea of code fuzzing and leveraging the executability of models, this paper introduces a model fuzzing approach for Abstract State Machine specifications developed in ASMETA. The supporting tool, specified in ASMETA, enables randomized executions of models with the aim of triggering unexpected behaviors such as crashes, assertion failures, or security vulnerabilities. To evaluate our approach, we consider two well-known case studies from the literature, one from security protocols and one from concurrent systems, to demonstrate its analysis capabilities.
Fuzzing Executable ASMETA Models / G. Bellini, E.R. (LECTURE NOTES IN COMPUTER SCIENCE). - In: Rigorous State-Based Methods / [a cura di] F. Ishikawa, A. Cunha. - [s.l] : Springer, 2026. - ISBN 9783032267511. - pp. 22-42 (( 12. ABZ Proceedings International Conference : May, 18 – 20 Tokyo (Japan) 2026 [10.1007/978-3-032-26752-8_2].
Fuzzing Executable ASMETA Models
E. RiccobeneUltimo
2026
Abstract
Specifications of modern complex systems can become so large that model cutting or abstraction is required to enable automatic analysis by model checkers. Moreover, relying solely on model simulators or scenario-based validation does not provide sufficient guarantees regarding the model’s compliance with requirements or its satisfaction of desired properties. Building on the idea of code fuzzing and leveraging the executability of models, this paper introduces a model fuzzing approach for Abstract State Machine specifications developed in ASMETA. The supporting tool, specified in ASMETA, enables randomized executions of models with the aim of triggering unexpected behaviors such as crashes, assertion failures, or security vulnerabilities. To evaluate our approach, we consider two well-known case studies from the literature, one from security protocols and one from concurrent systems, to demonstrate its analysis capabilities.| File | Dimensione | Formato | |
|---|---|---|---|
|
Fuzzer-15.pdf
embargo fino al 22/05/2027
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Licenza:
Publisher
Dimensione
569.06 kB
Formato
Adobe PDF
|
569.06 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
978-3-032-26752-8_2.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Licenza:
Nessuna licenza
Dimensione
718.63 kB
Formato
Adobe PDF
|
718.63 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.




