Fuzz testing often suffers from “fuzz blockers”—code constructs that stall coverage growth and impede deep vulnerability discovery; manually diagnosing their root causes is time-consuming and inefficient. This paper proposes FuzzFix, the first human-in-the-loop framework for fuzz blocker analysis. It builds a unified code database, introduces a parameterized query language, and synergistically integrates static and dynamic analysis to precisely localize and interactively diagnose blockers. A coverage-guided feedback mechanism enables structured querying of complex execution paths. Evaluated on 14 real-world libraries from FuzzBench, FuzzFix successfully resolves numerous blockers, achieving an average 13.90% improvement in code coverage and significantly enhancing deep vulnerability detection capability.

Fuzzing is a highly effective automated testing method for uncovering software vulnerabilities. Despite advances in fuzzing techniques, such as coverage-guided greybox fuzzing, many fuzzers struggle with coverage plateaus caused by fuzz blockers, limiting their ability to find deeper vulnerabilities. Human expertise can address these challenges, but analyzing fuzzing results to guide this support remains labor-intensive. To tackle this, we introduce InsightQL, the first human-assisting framework for fuzz blocker analysis. Powered by a unified database and an intuitive parameterized query interface, InsightQL aids developers in systematically extracting insights and efficiently unblocking fuzz blockers. Our experiments on 14 popular real-world libraries from the FuzzBench benchmark demonstrate the effectiveness of InsightQL, leading to the unblocking of many fuzz blockers and considerable improvements in code coverage (up to 13.90%).