Random test input generators (fuzzers) have become the prime detectors of vulnerabilities in software. While generic fuzzers easily adapt to arbitrary programs under test, they offer very little possibilities to control or shape the generated inputs. In this talk, I present FANDANGO, a novel language-based fuzzer that combines grammars with predicates over input elements to produce inputs that satisfy all the given predicates. Examples of what such predicates can express include

• input format constraints (“The <length> field should be equal to the length of the payload”)

• checksums (“The <signature> field should be a SHA-512 hash of the <document>”)

• statistical distributions (“Across all inputs, the <voltage> field must follow a Gaussian distribution, but never exceed 20 mV”)

• data collections (“The <credit-card-number> field should come from the Python faker library”)

and more – actually, any property that can be expressed in a Python expression.

In our experiments, FANDANGO efficiently solved complex file formats and satisfied demanding predicates. This opens the door towards personalized fuzzing, where testers can make use of their knowledge to very effectively fuzz systems. Includes live demos!

Andreas Zeller is faculty at the CISPA Helmholtz Center for Information Security, and professor for Software Engineering at Saarland University. His research on automated debugging, mining software archives, specification mining, and security testing has been highly influential. Andreas is one of the few researchers to have received two ERC Advanced Grants, most recently for his S3 project. He is an ACM Fellow and holds an ACM SIGSOFT Outstanding Research Award.

You can find Andreas

• on Bluesky as @andreaszeller.bsky.social,
• on Mastodon as @AndreasZeller@mastodon.social, and
• on LinkedIn as andreaszeller.