A fuzzing approach for finding edge inputs by first mutating grammars and then using grammar-based fuzzing on the mutated grammars.

Overview

Gmutator is a tool that performs mutations on an input grammar and leverages the Grammarinator fuzzer to produce inputs conforming to the mutated grammars. Gmutator can be leveraged to find inputs that do not conform to the original grammar but are (wrongly) accepted by an SUT. Additionally, the inputs that Gmutator yields may achieve higher SUT code coverage compared with standard grammar-based fuzzing.

We are currently evaluation Gmutator over four different input formats—JSON, XML, URL and Lua—and 12 SUTs (3 per input format).

Availability

Gmutator is available here, where you will find all the instructions necessary to run the tool and replicate the experiments.

Artefact

The artefact is available as a Docker image in Zenodo.

Research Support

This work was supported by European Union’s Horizon 2020 research and innovation program (grant agreement 819141) and the UK Engineering and Physical Sciences Research Council (grant EP/R006865/1).

Publications

• Grammar Mutation for Testing Input Parsers

  Bachir Bendrissou, Cristian Cadar, Alastair Donaldson

  ACM Transactions on Software Engineering and Methodology (TOSEM 2025)

• Grammar Mutation for Testing Input Parsers (Registered Report)

  Bachir Bendrissou, Cristian Cadar, Alastair Donaldson

  International Fuzzing Workshop (FUZZING 2023)

Talks

• Structured Input Fuzzing: From Grammar Mutation to Input Repair

  Bachir Bendrissou

  Talk @ CISPA Helmholtz Center for Information Security

• Hybrid Fuzzing for Structured Inputs: Integrating Grammar-Aware and Mutation-Based Techniques

  Bachir Bendrissou

  Talk @ King’s College London

• Grammar Mutation for Testing Input Parsers

  Alastair Donaldson

  2nd International Fuzzing Workshop (FUZZING 2023)