Logo des Repositoriums

Auflistung nach Schlagwort "fuzzing"

1 - 2 von 2
  • Konferenzbeitrag
    Input Invariants
    (Software Engineering 2023, 2023) Steinhöfel, Dominic; Zeller, Andreas
    To exhaustively test a program, we need inputs that the program does not reject. Such valid inputs must satisfy syntactic and semantic constraints of the input language. Grammar-based fuzzers efficiently produce syntactically valid system inputs but miss context-sensitive semantic constraints. Example semantic properties are length fields or checksums in binary inputs or definition-use constraints for variables in programming languages. We introduce ISLa [SZ22a], a declarative specification language for context-sensitive properties of structured system inputs. An ISLa specification, or input invariant, consists of a context-free grammar and a potentially context-sensitive ISLa constraint. Our ISLa fuzzer produces streams of inputs from invariants. We show that a few ISLa constraints suffice to generate diverse and 100% semantically valid inputs. Additionally, the fuzzer can repair and—preserving semantics—mutate inputs. Provided sample inputs, a program property, or both, our ISLearn prototype mines precise invariants. In follow-up work, we used ISLearn for diagnosing failures: “The heartbleed vulnerability is triggered if length exceeds the length of payload.”
  • ConferencePaper
    Mining Input Grammars
    (Software Engineering 2021, 2021) Gopinath, Rahul; Mathis, Björn; Zeller, Andreas
    To assess the behavior of a program, one needs to understand its inputs---their sources, their structure, and how they lead to individual behavior. But as syntax and semantics of inputs are almost never completely specified, humans and computers constantly have to figure out how to produce a particular behavior. In this abstract, we show how to automatically extract accurate, well-structured input grammars from existing programs. Such input grammars are useful for software testing, as they can serve as producers of valid, high-quality inputs for software testing that easily pass through parsing and validation to reliably trigger the desired program behavior. Moreover, they allow testers to control which inputs are to be produced - in contrast to the majority of fuzzers, that operate as black boxes. Our Mimid prototype uses dynamic tainting to extract input grammars from given programs - grammars that are well-structured and highly readable, even for complex recursive input formats such as JavaScript or JSON. Specific parser-directed test generators systematically explore the input syntax, such that grammars can be mined even without any given inputs.