Peeling Off the Cocoon: Unveiling Suppressed Golden Seeds for Mutational Greybox Fuzzing

A research team led by Ruixiang Qian and Chunrong Fang has unveiled 'PoCo' (Peeling Off the Cocoon), a novel technique published in a paper accepted to OOPSLA 2026. The method addresses a key limitation in modern coverage-based seed selection (CSS), used by popular fuzzing tools like afl-cmin. Current CSS can suppress high-quality 'golden seeds'—test inputs that can explore deep program states—because they are trapped behind obstacle conditional statements in the code. PoCo systematically identifies and gradually removes these obstacles, allowing the fuzzer to select and mutate these previously inaccessible seeds, fundamentally changing how automated test generation prioritizes inputs.

Technically, PoCo operates as an enhancement layer for mutational greybox fuzzing, a core method for automated vulnerability discovery. By conducting a deeper, more strategic seed selection after obstacle removal, it enables fuzzers to explore program paths that were previously unreachable. The research, documented in arXiv preprint 2602.23736, demonstrates that this approach can significantly increase code coverage and bug-finding capability. For software engineers and security researchers, this translates to more efficient automated testing cycles, potentially uncovering 30% more critical vulnerabilities like memory corruption or logic flaws before software is deployed, marking a meaningful step forward in automated software assurance.