Generating test inputs (Fuzzing) for software gets much easier if one knows the input language of the software under test. In this talk, I present novel game-changing methods for (1) inferring complex input languages statically via symbolic analysis, enabling fuzzers to cover the full input space with 100% precision and recall; (2) specifying input languages, using novel combinations of grammars and constraints that cover syntax and semantics; (3) applying these techniques on highly complex input domains such as XML, allowing to exhaustively test business systems; and (4) automatically learning models from programs that fully replicate their input/output behavior, leveraging generated tests. Includes career tips!

Andreas Zeller is faculty at the CISPA Helmholtz Center for Information Security, and professor for Software Engineering at Saarland University. His research on automated debugging, mining software archives, specification mining, and security testing has been highly influential. Andreas is one of the few researchers to have received two ERC Advanced Grants, most recently for his S3 project. He is an ACM Fellow and holds an ACM SIGSOFT Outstanding Research Award.

You can find Andreas on Mastodon as @AndreasZeller@mastodon.social, on X as @AndreasZeller, and on LinkedIn as andreaszeller.