This document discusses techniques for effective fuzzing, including learning input tokens, handling complex input structures through syntactic fuzzing, surviving the parsing stage using tokenization, and looking into programs using dynamic tainting. It provides examples of a fuzzer testing a parser by feeding it increasingly complex valid and invalid inputs like "X + 0", "X @", and tagging tokens like numbers and variables to track their usage in the program.
72. LFUZZER - BOOSTING FUZZERS
9
0 .. 9
A .. Z
a .. z
+
-
TOKENS
0 + 5
a + 6
SAMPLE INPUTS
73. LFUZZER - BOOSTING FUZZERS
9
0 .. 9
A .. Z
a .. z
+
-
TOKENS
0 + 5
a + 6
SAMPLE INPUTS
AFL
MIMID*
LIBFUZZER
…
YOURFAVORITEFUZZER
FUZZER
* In: "Mining Input Grammars from Dynamic Control Flow" at FSE 2020
74. LFUZZER - BOOSTING FUZZERS
9
0 .. 9
A .. Z
a .. z
+
-
TOKENS
0 + 5
a + 6
SAMPLE INPUTS
AFL
MIMID*
LIBFUZZER
…
YOURFAVORITEFUZZER
FUZZER
A - K
8 - I + P - q
R + y - 6 + u
…
INPUTS
* In: "Mining Input Grammars from Dynamic Control Flow" at FSE 2020
75. LFUZZER - BOOSTING FUZZERS
9
0 .. 9
A .. Z
a .. z
+
-
TOKENS
0 + 5
a + 6
SAMPLE INPUTS
AFL
MIMID*
LIBFUZZER
…
YOURFAVORITEFUZZER
FUZZER
A - K
8 - I + P - q
R + y - 6 + u
…
INPUTS
PROGRAM UNDER TEST
* In: "Mining Input Grammars from Dynamic Control Flow" at FSE 2020
76. LFUZZER - BOOSTING FUZZERS
9
0 .. 9
A .. Z
a .. z
+
-
TOKENS
0 + 5
a + 6
SAMPLE INPUTS
AFL
MIMID*
LIBFUZZER
…
YOURFAVORITEFUZZER
FUZZER
A - K
8 - I + P - q
R + y - 6 + u
…
INPUTS
PROGRAM UNDER TEST
* In: "Mining Input Grammars from Dynamic Control Flow" at FSE 2020