Part IV: Semantical Fuzzing

This part introduces test generation techniques that take the semantics of the input into account, notably the behavior of the program that processes the input.

  • Grammar Mining shows how to extract an input grammar from a program by analyzing how individual parts of the input are processed. The resulting grammars can be directly used for fuzzing.

  • Symbolic Fuzzing analyzes program code to solve path constraints in the program to cover branches and behaviors that are hard to reach.

  • Tracking Information Flow shows how to track inputs throughout the program, in order to discover information leaks and further improve analysis techniques.