ADGFUZZ: Assignment Dependency-Guided Fuzzing for Robotic Vehicles
Yuncheng Wang
Network and Distributed System Security (NDSS) Symposium 2026 · Day 3 · Fuzzing
Robotic vehicles (RVs) -- UAVs, UGVs, and autonomous platforms -- are cyber-physical systems where software bugs don't just crash programs but can cause mission failure, loss of control, or physical crashes. This talk presents **ADGFUZZ**, a fuzzing framework that exploits a key observation: **28% of bugs** in ArduPilot's 10-year bug history are caused by incorrect assignment statements. By analyzing assignment dependencies to partition the massive input space into focused subspaces, ADGFUZZ discovered **87 unique bugs in ArduPilot** (78 previously unknown) and **35 bugs in PX4**, including logic errors in waypoint tracking where a copter falsely reports reaching waypoints while drifting in the opposite direction.
AI review
A productive fuzzing approach for robotic vehicle software that found 87 bugs in ArduPilot and 35 in PX4. The assignment dependency insight (28% of bugs are assignment errors) is data-driven and the waypoint tracking bug is a compelling example of safety-critical logic errors. However, these are primarily safety bugs rather than security vulnerabilities, and the developer response (only a few confirmed) suggests the practical impact may be overstated.