Part III: Syntactic Fuzzing

This part introduces test generation at the syntactical level, that is, composing inputs from language structures.

  • Grammars provide a specification of legal inputs to a program. Specifying inputs via a grammar allows for very systematic and efficient test generation, in particular for complex input formats.

  • Efficient Grammar Fuzzing introduces tree-based grammar fuzzing algorithms, which are much faster and allow for much more control over the production of fuzz inputs.

  • Grammar Coverage allows systematically covering elements of a grammar such that we maximize variety and do not miss out individual elements.

  • Parsing Inputs shows how to use grammars to parse and decompose a given set of valid seed inputs into their corresponding derivation trees.

  • Probabilistic Grammar Fuzzing gives grammars even more power by assigning probabilities to individual expansions.

  • Fuzzing with Generators shows how to extend grammars with functions – pieces of code that get executed during grammar expansion, and that can generate, check, or change elements produced.

  • Greybox Grammar Fuzzing makes use of the structural representation allows us to mutate, crossover, and recombine their parts in order to generate new valid, slightly changed inputs.

  • Reducing Failure-Inducing Inputs presents techniques that automatically reduce and simplify failure-inducing inputs to a minimum in order to ease debugging.

Creative Commons License The content of this project is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. The source code that is part of the content, as well as the source code used to format and display that content is licensed under the MIT License. Last change: 2023-10-16 19:18:09+02:00CiteImprint