{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:UKB6FRUVB43OPDOPCLZCFAUXQD","short_pith_number":"pith:UKB6FRUV","schema_version":"1.0","canonical_sha256":"a283e2c6950f36e78dcf12f222829780c7bc918709194794a1c44927264e8847","source":{"kind":"arxiv","id":"2605.16798","version":1},"attestation_state":"computed","paper":{"title":"Stop Starving or Stuffing Me: Boosting Firmware Fuzzing Efficiency with On-demand Input Delivery","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"Firmware fuzzers gain coverage by delivering inputs precisely at availability check points recovered via static and dynamic analysis.","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Chung Hwan Kim, Keming Zhao, Le Guan, Peng Liu, Shandian Shen, Wei Zhou","submitted_at":"2026-05-16T04:00:17Z","abstract_excerpt":"Firmware fuzzing has gained attention for identifying firmware bugs. However, current approaches often directly integrate fuzzing tools for general software. General software receives input as it encounters I/O functions, but firmware input can be received asynchronously and independently of the firmware's execution, with uncertain timing and quantity. Without full awareness of firmware's exceptions, existing solutions often imprudently deliver fuzzer-generated input to the firmware in an ad-hoc way. This either overwhelms the processing function of the firmware (stuffing) or fails to deliver "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":true,"formal_links_present":true},"canonical_record":{"source":{"id":"2605.16798","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-16T04:00:17Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"b8eb6df18ec4cc5983a791d92c5cf3d04c8e5b072fe916cf9c063eb04e656c18","abstract_canon_sha256":"2248f8f2efec4f47dbfee1a288964f28f315c58b337a79daed5829f57fe2e190"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-20T00:03:22.756495Z","signature_b64":"OuWvY7SG7l/4o04Y8/hdjMgLP/0HS8mEchnhjpa5JJVyg1NnJoTO6zNQQdAd4gWWiFskeEbj4hSF0tnJMq60Bg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"a283e2c6950f36e78dcf12f222829780c7bc918709194794a1c44927264e8847","last_reissued_at":"2026-05-20T00:03:22.755586Z","signature_status":"signed_v1","first_computed_at":"2026-05-20T00:03:22.755586Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Stop Starving or Stuffing Me: Boosting Firmware Fuzzing Efficiency with On-demand Input Delivery","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"Firmware fuzzers gain coverage by delivering inputs precisely at availability check points recovered via static and dynamic analysis.","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Chung Hwan Kim, Keming Zhao, Le Guan, Peng Liu, Shandian Shen, Wei Zhou","submitted_at":"2026-05-16T04:00:17Z","abstract_excerpt":"Firmware fuzzing has gained attention for identifying firmware bugs. However, current approaches often directly integrate fuzzing tools for general software. General software receives input as it encounters I/O functions, but firmware input can be received asynchronously and independently of the firmware's execution, with uncertain timing and quantity. Without full awareness of firmware's exceptions, existing solutions often imprudently deliver fuzzer-generated input to the firmware in an ad-hoc way. This either overwhelms the processing function of the firmware (stuffing) or fails to deliver "},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"Compared to ad-hoc input delivery methods used in Fuzzware and MULTIFUZZ, FIDO increases their median code coverage by up to 115% and 54%, respectively. Compared to SEmu, which requires humans to manually specify input delivery points, FIDO still improves its coverage by up to 19%.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The static and dynamic analysis reliably recovers the three-stage input processing routes (retrieval, availability check, processing) across diverse firmware without missing asynchronous behaviors or requiring extensive manual tuning.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"FIDO maps firmware input processing routes via analysis to deliver fuzzer inputs at availability checks, raising median coverage by up to 115% over ad-hoc methods in Fuzzware and MULTIFUZZ.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Firmware fuzzers gain coverage by delivering inputs precisely at availability check points recovered via static and dynamic analysis.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"fb3474cc37bf068861b15fa26f0e022753ecd33c2634b676aef51f396f922d31"},"source":{"id":"2605.16798","kind":"arxiv","version":1},"verdict":{"id":"a34f9a60-efff-4683-a37f-085d2cf3993d","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-19T21:11:49.002470Z","strongest_claim":"Compared to ad-hoc input delivery methods used in Fuzzware and MULTIFUZZ, FIDO increases their median code coverage by up to 115% and 54%, respectively. Compared to SEmu, which requires humans to manually specify input delivery points, FIDO still improves its coverage by up to 19%.","one_line_summary":"FIDO maps firmware input processing routes via analysis to deliver fuzzer inputs at availability checks, raising median coverage by up to 115% over ad-hoc methods in Fuzzware and MULTIFUZZ.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The static and dynamic analysis reliably recovers the three-stage input processing routes (retrieval, availability check, processing) across diverse firmware without missing asynchronous behaviors or requiring extensive manual tuning.","pith_extraction_headline":"Firmware fuzzers gain coverage by delivering inputs precisely at availability check points recovered via static and dynamic analysis."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.16798/integrity.json","findings":[],"available":true,"detectors_run":[{"name":"doi_title_agreement","ran_at":"2026-05-19T21:31:19.302459Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_compliance","ran_at":"2026-05-19T21:21:18.869356Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"claim_evidence","ran_at":"2026-05-19T19:01:56.289436Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"ai_meta_artifact","ran_at":"2026-05-19T18:33:26.424973Z","status":"skipped","version":"1.0.0","findings_count":0}],"snapshot_sha256":"534000ee0bd92858db0d010eaa8a5107c1f997a3af9b21d4032ad0ca081b2159"},"references":{"count":64,"sample":[{"doi":"","year":2023,"title":"N. S. Agency, “Ghidra,” https://ghidra-sre.org/, 2023, last accessed: 2024-11-1","work_id":"0db9ef39-b94c-45e8-9cf4-925362e99fa6","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2025,"title":"Ghidra-Server.org provides a collaboration server on the in- ternet for the software reverse engineering,","work_id":"34ff833b-df95-4dd1-bc62-820b5220867e","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2022,"title":"Sfuzz: Slice-based fuzzing for real- time operating systems,","work_id":"25f4f995-779e-4741-bff0-55d0e1ff4860","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2021,"title":"Sharing more and checking less: Leveraging common input keywords to detect bugs in embedded systems,","work_id":"bfb2d211-a1cb-4a17-8bab-c6c331cd3dc5","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2023,"title":"Icicle: A re-designed emulator for grey-box firmware fuzzing,","work_id":"a022ad17-5f8f-4560-81de-61bbe4d80250","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":64,"snapshot_sha256":"19aed2203a2068af921482b34c8f850025f017055ec69fdc8003613da564974a","internal_anchors":0},"formal_canon":{"evidence_count":2,"snapshot_sha256":"4b3923bdae4eee28773b91f7f6b59a1d74e1bfd0d985d6818c41d7dcc0e7b716"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2605.16798","created_at":"2026-05-20T00:03:22.755730+00:00"},{"alias_kind":"arxiv_version","alias_value":"2605.16798v1","created_at":"2026-05-20T00:03:22.755730+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.16798","created_at":"2026-05-20T00:03:22.755730+00:00"},{"alias_kind":"pith_short_12","alias_value":"UKB6FRUVB43O","created_at":"2026-05-20T00:03:22.755730+00:00"},{"alias_kind":"pith_short_16","alias_value":"UKB6FRUVB43OPDOP","created_at":"2026-05-20T00:03:22.755730+00:00"},{"alias_kind":"pith_short_8","alias_value":"UKB6FRUV","created_at":"2026-05-20T00:03:22.755730+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":2,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/UKB6FRUVB43OPDOPCLZCFAUXQD","json":"https://pith.science/pith/UKB6FRUVB43OPDOPCLZCFAUXQD.json","graph_json":"https://pith.science/api/pith-number/UKB6FRUVB43OPDOPCLZCFAUXQD/graph.json","events_json":"https://pith.science/api/pith-number/UKB6FRUVB43OPDOPCLZCFAUXQD/events.json","paper":"https://pith.science/paper/UKB6FRUV"},"agent_actions":{"view_html":"https://pith.science/pith/UKB6FRUVB43OPDOPCLZCFAUXQD","download_json":"https://pith.science/pith/UKB6FRUVB43OPDOPCLZCFAUXQD.json","view_paper":"https://pith.science/paper/UKB6FRUV","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2605.16798&json=true","fetch_graph":"https://pith.science/api/pith-number/UKB6FRUVB43OPDOPCLZCFAUXQD/graph.json","fetch_events":"https://pith.science/api/pith-number/UKB6FRUVB43OPDOPCLZCFAUXQD/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/UKB6FRUVB43OPDOPCLZCFAUXQD/action/timestamp_anchor","attest_storage":"https://pith.science/pith/UKB6FRUVB43OPDOPCLZCFAUXQD/action/storage_attestation","attest_author":"https://pith.science/pith/UKB6FRUVB43OPDOPCLZCFAUXQD/action/author_attestation","sign_citation":"https://pith.science/pith/UKB6FRUVB43OPDOPCLZCFAUXQD/action/citation_signature","submit_replication":"https://pith.science/pith/UKB6FRUVB43OPDOPCLZCFAUXQD/action/replication_record"}},"created_at":"2026-05-20T00:03:22.755730+00:00","updated_at":"2026-05-20T00:03:22.755730+00:00"}