Common fuzzing techniques work by systematically mutating a set of given inputs, slowly covering more and more of the program code. But if your program has a complex input format, most of these mutations will be invalid, resulting in very few inputs reaching code beyond input processing. In this tutorial, we will explore techniques to generate input languages using grammars, generators, and constraint solvers and leverage these language specifications to create powerful test generators for complex input formats. On top, we can even use these language specifications to check outputs, addressing the oracle problem. Includes interactive coding!

Recommended reads. fuzzingbook.org, notably the chapters “Fuzzing with Grammars”, “Fuzzing with Generators”, and “Fuzzing with Constraints”

Andreas Zeller is faculty at the CISPA Helmholtz Center for Information Security, and professor for Software Engineering at Saarland University. His research on automated debugging, mining software archives, specification mining, and security testing has been highly influential. Andreas is one of the few researchers to have received two ERC Advanced Grants, most recently for his S3 project. He is an ACM Fellow and holds an ACM SIGSOFT Outstanding Research Award.

You can find Andreas on Mastodon as @AndreasZeller@mastodon.social and on Twitter as @AndreasZeller.