Specifications of modern complex systems can become so large that model cutting or abstraction is required to enable automatic analysis by model checkers. Moreover, relying solely on model simulators or scenario-based validation does not provide sufficient guarantees regarding the model’s compliance with requirements or its satisfaction of desired properties. Building on the idea of code fuzzing and leveraging the executability of models, this paper introduces a model fuzzing approach for Abstract State Machine specifications developed in ASMETA. The supporting tool, specified in ASMETA, enables randomized executions of models with the aim of triggering unexpected behaviors such as crashes, assertion failures, or security vulnerabilities. To evaluate our approach, we consider two well-known case studies from the literature, one from security protocols and one from concurrent systems, to demonstrate its analysis capabilities.

Fuzzing Executable ASMETA Models / G. Bellini, E.R. (LECTURE NOTES IN COMPUTER SCIENCE). - In: Rigorous State-Based Methods / [a cura di] F. Ishikawa, A. Cunha. - [s.l] : Springer, 2026. - ISBN 9783032267511. - pp. 22-42 (( 12. ABZ Proceedings International Conference : May, 18 – 20 Tokyo (Japan) 2026 [10.1007/978-3-032-26752-8_2].

Fuzzing Executable ASMETA Models

E. Riccobene
Ultimo
2026

Abstract

Specifications of modern complex systems can become so large that model cutting or abstraction is required to enable automatic analysis by model checkers. Moreover, relying solely on model simulators or scenario-based validation does not provide sufficient guarantees regarding the model’s compliance with requirements or its satisfaction of desired properties. Building on the idea of code fuzzing and leveraging the executability of models, this paper introduces a model fuzzing approach for Abstract State Machine specifications developed in ASMETA. The supporting tool, specified in ASMETA, enables randomized executions of models with the aim of triggering unexpected behaviors such as crashes, assertion failures, or security vulnerabilities. To evaluate our approach, we consider two well-known case studies from the literature, one from security protocols and one from concurrent systems, to demonstrate its analysis capabilities.
Settore INFO-01/A - Informatica
2026
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
Fuzzer-15.pdf

embargo fino al 22/05/2027

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Licenza: Publisher
Dimensione 569.06 kB
Formato Adobe PDF
569.06 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
978-3-032-26752-8_2.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Licenza: Nessuna licenza
Dimensione 718.63 kB
Formato Adobe PDF
718.63 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/1257476
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? 0
  • OpenAlex 0
social impact