Abstract

Modern software often processes highly structured inputs such as programming languages, data formats, and configuration files. Testing these systems is challenging because effective inputs must be both diverse and structurally meaningful.

In this talk, I will present recent work on structured input fuzzing that combines grammar-aware techniques with mutation-based testing. I will first introduce Gmutator, a technique that mutates input grammars to generate edge-case inputs near the boundary of validity. I will then present RepairFuzz, a repair-driven greybox fuzzer that applies aggressive byte-level mutations and restores validity through grammar-based repair.

Together, these approaches improve input diversity while preserving structure, leading to the discovery of previously unknown bugs in widely used software systems.

Talk @ CISPA Helmholtz Center for Information Security (CISPA).