To be effective, software test generation needs to well cover the space of possible inputs. Traditional fuzzing generates large numbers of random inputs, which however are unlikely to contain keywords and other specific inputs of non-trivial input languages. Constraint-based test generation solves conditions of paths leading to uncovered code, but fails on programs with complex input conditions because of path explosion. In this paper, we present a test generation technique specifically directed at input parsers. We systematically produce inputs for the parser and track comparisons made; after every rejection, we satisfy the comparisons leading to rejection. This approach effectively covers the input space: Evaluated on five subjects, from CSV files to JavaScript, our pFuzzer prototype covers more tokens than both random-based and constraint-based approaches, while requiring no symbolic analysis and far fewer tests than random fuzzers.
History
Preferred Citation
Björn Mathis, Rahul Gopinath, Michaël Mera, Alexander Kampmann, Matthias Höschele and Andreas Zeller. Parser-Directed Fuzzing. In: ACM-SIGPLAN Conference on Programming Language Design and Implementation (PLDI). 2019.
Primary Research Area
Secure Connected and Mobile Systems
Name of Conference
ACM-SIGPLAN Conference on Programming Language Design and Implementation (PLDI)
Legacy Posted Date
2019-04-18
Open Access Type
Unknown
BibTeX
@inproceedings{cispa_all_2823,
title = "Parser-Directed Fuzzing",
author = "Mathis, Björn and Gopinath, Rahul and Mera, Michaël and Kampmann, Alexander and Höschele, Matthias and Zeller, Andreas",
booktitle="{ACM-SIGPLAN Conference on Programming Language Design and Implementation (PLDI)}",
year="2019",
}