A form of fuzz testing that combines (usually coverage-guided) fuzzing using tools like AFL fuzzer with symbolic execution (usually concolic execution) to get through branches that are hard to fuzz.

Notes related to Hybrid testing

Fuzz testing, Mayhem

Papers related to Hybrid testing

• SAVIOR: Towards bug-driven hybrid testing [chen:sp:2020]
• Hybrid concolic testing [majumdar:icse:2007]
• Systematic comparison of symbolic execution systems: Intermediate representation and its generation [poeplau:acsac:2019]
• Symbolic execution with SymCC: Don't interpret, compile! [poeplau:usenix:2020]
• Driller: Augmenting fuzzing through selective symbolic execution [stephens:ndss:2016]
• QSYM: A practical concolic execution engine tailored for hybrid fuzzing [yun:usenix:2018]
• Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing [zhao:ndss:2019]