• security vulnerability;
  • fuzz testing;
  • fault Injection;
  • grammar-based test generation


Fuzz testing, also known as fuzzing, has long been recognized as an effective technique to detect software vulnerabilities. Unfortunately, this approach is demonstrated noneffective when applied to test programs with highly structured inputs, such as interpreters and compilers. These programs usually process inputs in several stages as lexing and parsing, where the test input will be rejected if its structure does not obey the grammar. In this paper, we present a novel approach for fuzzing highly structured input programs. By disassembling the existing test cases into multiple grammatical fragments and inferring their grammar structures, we build a new series of test cases that can pass the validation and reach the previously unexplored places in the target program. We have implemented this approach in our general fuzzing framework BlendFuzz. Experiments have shown that BlendFuzz achieves higher code coverage compared with other blackbox fuzzing tools. BlendFuzz has also detected over two dozens of previously unreported vulnerabilities in real-world applications, with seven of them being considered high risky. Copyright © 2013 John Wiley & Sons, Ltd.