Part IV: Semantic Fuzzing

This part introduces test generation techniques that take the semantics of the input into account, notably the behavior of the program that processes the input.

  • Fuzzing with Constraints adds semantic constraints to grammars. By solving these automatically, we can produce inputs that are syntactically and semantically valid.

  • Grammar Mining shows how to extract an input grammar from a program by analyzing how individual parts of the input are processed. The resulting grammars can be directly used for fuzzing.

  • Tracking Information Flow shows how to track inputs throughout the program, in order to discover information leaks and further improve analysis techniques.

  • Concolic Fuzzing analyzes program code to solve path constraints in the program to cover branches and behaviors that are hard to reach.

  • Symbolic Fuzzing works like concolic fuzzing, but does not require any executions at all.

  • Mining Function Specifications extracts type information as well as pre- and postconditions from program executions – useful information for program analysis, testing, and verification.

Creative Commons License The content of this project is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. The source code that is part of the content, as well as the source code used to format and display that content is licensed under the MIT License. Last change: 2023-01-07 15:48:35+01:00CiteImprint