Consistency checking across independently developed implementations of the same industrial control protocol provides an effective signal for defect discovery because an implementation whose response deviates from the majority under identical inputs is more likely to contain faults or robustness issues. However, existing consistency checking methods remain difficult to apply to complex stateful protocols in practice, since sequence dependencies can cause error propagation, large test suites incur high execution cost across multiple implementations, and inconsistent outputs are costly to triage. This paper proposes ConDiffFuzz, a dependency-aware and dynamically adjusted hierarchical consistency checking method for industrial control protocol implementations. ConDiffFuzz analyzes dependencies among check sequences to optimize execution order and dynamically prunes and regenerates dependent sequences after failures to mitigate inconsistency error propagation. The checking process derives implementation-specific finite state machines and inconsistency records, which further support focused differential fuzzing, parallel execution across multiple implementations, and log-based anomaly triage. Experiments on five Modbus over Modbus/TCP implementations show that ConDiffFuzz achieves a test case acceptance rate of 86.00%, increases average path coverage to 74.46%, improves the average number of triggered anomalies by 12.28%, and reduces the false-positive rate by 20.94% compared with four representative baseline fuzzers (SPIKE, BooFuzz, PeachFuzzer, and Kitty).
Lan et al. (Sun,) studied this question.