Skip to main content

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 12649)


We describe and evaluate a novel white-box fuzzer for C programs named FuSeBMC, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. FuSeBMC explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. FuSeBMC successfully participates in Test-Comp’21 and achieves first place in the Cover-Error category and second place in the Overall category.


  • Automated Test-Case Generation
  • Symbolic Execution
  • Bounded Model Checking
  • Fuzzing
  • Security.

K. M. Alshmrany—Jury Member.


  1. Clang documentation.

  2. Anand, S., Burke, E.K., Chen, T.Y., Clark, J.A., Cohen, M.B., Grieskamp, W., Harman, M., Harrold, M.J., McMinn, P.: An orchestrated survey of methodologies for automated software test-case generation. J. Syst. Softw. 86(8), 1978–2001, 2013

    Google Scholar 

  3. Beyer, D.: Second competition on software testing: Test-Comp 2020. In FASE, LNCS 12076, pp. 505–519, 2020

    Google Scholar 

  4. Gadelha, M.R., Monteiro, F.R., Morse, J., Cordeiro, L.C., Fischer, B., Nicole, D.A.: ESBMC 5.0: An industrial-strength C model checker. In ASE, pp. 888–891, 2018

    Google Scholar 

  5. Gadelha, M.R., Monteiro, F.R., Cordeiro, B., Nicole: ESBMC v6.0: Verifying C Programs Using k-Induction and Invariant Inference - (Competition Contribution). In TACAS, LNCS 11429, pp. 209–213, 2019

    Google Scholar 

  6. Gadelha, M.R., Menezes, R., Monteiro, F.R., Cordeiro, L.C., Nicole, D.A.: ESBMC: scalable and precise test generation based on the floating-point theory - (competition contribution). In FASE, LNCS 12076, pp. 525–529, 2020

    Google Scholar 

  7. Gadelha, M.R., Cordeiro, L.C., Nicole, D.A.: An Efficient Floating-Point Bit-Blasting API for Verifying C Programs. In VSTTE, LNCS 12549, pp. 178–195, 2020

    Google Scholar 

  8. Menezes, R., Rocha, H., Cordeiro, L., Barreto, R.: Map2check using LLVM and KLEE. In TACAS, LNCS 10806, pp. 437–441, 2018

    Google Scholar 

  9. Niemetz, A., Preiner, M., Biere, A.: Boolector 2.0 system description. Journal on Satisfiability, Boolean Modeling and Computation 9, 53–58 (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Kaled M. Alshmrany .

Editor information

Editors and Affiliations

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and Permissions

Copyright information

© 2021 The Author(s)

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Alshmrany, K.M., Menezes, R.S., Gadelha, M.R., Cordeiro, L.C. (2021). FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution). In: Guerra, E., Stoelinga, M. (eds) Fundamental Approaches to Software Engineering. FASE 2021. Lecture Notes in Computer Science(), vol 12649. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-71499-4

  • Online ISBN: 978-3-030-71500-7

  • eBook Packages: Computer ScienceComputer Science (R0)