Grammarinator: A grammar-based open source fuzzer

Renáta Hodován, Ákos Kiss, T. Gyimóthy

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Fuzzing, or random testing, is an increasingly popular testing technique. The power of the approach lies in its ability to generate a large number of useful test cases without consuming expensive manpower. Furthermore, because of the randomness, it can often produce unusual cases that would be beyond the awareness of a human tester. In this paper, we present Grammarinator, a general purpose test generator tool that is able to utilize existing parser grammars as models. Since the model can act both as a parser and as a generator, the tool can provide the capabilities of both generation and mutation-based fuzzers. The presented tool is actively used to test various JavaScript engines and has found more than 100 unique issues.

Original languageEnglish
Title of host publicationA-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018
EditorsWishnu Prasetya, Tanja E.J. Vos, Tanja E.J. Vos, Getir Sinem
PublisherAssociation for Computing Machinery, Inc
Pages45-48
Number of pages4
ISBN (Electronic)9781450360531
DOIs
Publication statusPublished - Nov 5 2018
Event9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, A-TEST 2018, co-located the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018 - Lake Buena Vista, United States
Duration: Nov 5 2018 → …

Publication series

NameA-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018

Conference

Conference9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, A-TEST 2018, co-located the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018
CountryUnited States
CityLake Buena Vista
Period11/5/18 → …

Fingerprint

Testing
Engines

Keywords

  • Fuzzing
  • Grammars
  • Random testing
  • Security

ASJC Scopus subject areas

  • Software

Cite this

Hodován, R., Kiss, Á., & Gyimóthy, T. (2018). Grammarinator: A grammar-based open source fuzzer. In W. Prasetya, T. E. J. Vos, T. E. J. Vos, & G. Sinem (Eds.), A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018 (pp. 45-48). (A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018). Association for Computing Machinery, Inc. https://doi.org/10.1145/3278186.3278193

Grammarinator : A grammar-based open source fuzzer. / Hodován, Renáta; Kiss, Ákos; Gyimóthy, T.

A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018. ed. / Wishnu Prasetya; Tanja E.J. Vos; Tanja E.J. Vos; Getir Sinem. Association for Computing Machinery, Inc, 2018. p. 45-48 (A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hodován, R, Kiss, Á & Gyimóthy, T 2018, Grammarinator: A grammar-based open source fuzzer. in W Prasetya, TEJ Vos, TEJ Vos & G Sinem (eds), A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018. A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018, Association for Computing Machinery, Inc, pp. 45-48, 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, A-TEST 2018, co-located the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018, Lake Buena Vista, United States, 11/5/18. https://doi.org/10.1145/3278186.3278193
Hodován R, Kiss Á, Gyimóthy T. Grammarinator: A grammar-based open source fuzzer. In Prasetya W, Vos TEJ, Vos TEJ, Sinem G, editors, A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018. Association for Computing Machinery, Inc. 2018. p. 45-48. (A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018). https://doi.org/10.1145/3278186.3278193
Hodován, Renáta ; Kiss, Ákos ; Gyimóthy, T. / Grammarinator : A grammar-based open source fuzzer. A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018. editor / Wishnu Prasetya ; Tanja E.J. Vos ; Tanja E.J. Vos ; Getir Sinem. Association for Computing Machinery, Inc, 2018. pp. 45-48 (A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018).
@inproceedings{3a68ba0e63504b81b5ee8efe2104e985,
title = "Grammarinator: A grammar-based open source fuzzer",
abstract = "Fuzzing, or random testing, is an increasingly popular testing technique. The power of the approach lies in its ability to generate a large number of useful test cases without consuming expensive manpower. Furthermore, because of the randomness, it can often produce unusual cases that would be beyond the awareness of a human tester. In this paper, we present Grammarinator, a general purpose test generator tool that is able to utilize existing parser grammars as models. Since the model can act both as a parser and as a generator, the tool can provide the capabilities of both generation and mutation-based fuzzers. The presented tool is actively used to test various JavaScript engines and has found more than 100 unique issues.",
keywords = "Fuzzing, Grammars, Random testing, Security",
author = "Ren{\'a}ta Hodov{\'a}n and {\'A}kos Kiss and T. Gyim{\'o}thy",
year = "2018",
month = "11",
day = "5",
doi = "10.1145/3278186.3278193",
language = "English",
series = "A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018",
publisher = "Association for Computing Machinery, Inc",
pages = "45--48",
editor = "Wishnu Prasetya and Vos, {Tanja E.J.} and Vos, {Tanja E.J.} and Getir Sinem",
booktitle = "A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018",

}

TY - GEN

T1 - Grammarinator

T2 - A grammar-based open source fuzzer

AU - Hodován, Renáta

AU - Kiss, Ákos

AU - Gyimóthy, T.

PY - 2018/11/5

Y1 - 2018/11/5

N2 - Fuzzing, or random testing, is an increasingly popular testing technique. The power of the approach lies in its ability to generate a large number of useful test cases without consuming expensive manpower. Furthermore, because of the randomness, it can often produce unusual cases that would be beyond the awareness of a human tester. In this paper, we present Grammarinator, a general purpose test generator tool that is able to utilize existing parser grammars as models. Since the model can act both as a parser and as a generator, the tool can provide the capabilities of both generation and mutation-based fuzzers. The presented tool is actively used to test various JavaScript engines and has found more than 100 unique issues.

AB - Fuzzing, or random testing, is an increasingly popular testing technique. The power of the approach lies in its ability to generate a large number of useful test cases without consuming expensive manpower. Furthermore, because of the randomness, it can often produce unusual cases that would be beyond the awareness of a human tester. In this paper, we present Grammarinator, a general purpose test generator tool that is able to utilize existing parser grammars as models. Since the model can act both as a parser and as a generator, the tool can provide the capabilities of both generation and mutation-based fuzzers. The presented tool is actively used to test various JavaScript engines and has found more than 100 unique issues.

KW - Fuzzing

KW - Grammars

KW - Random testing

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85061790962&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061790962&partnerID=8YFLogxK

U2 - 10.1145/3278186.3278193

DO - 10.1145/3278186.3278193

M3 - Conference contribution

AN - SCOPUS:85061790962

T3 - A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018

SP - 45

EP - 48

BT - A-TEST 2018 - Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, Co-located with FSE 2018

A2 - Prasetya, Wishnu

A2 - Vos, Tanja E.J.

A2 - Vos, Tanja E.J.

A2 - Sinem, Getir

PB - Association for Computing Machinery, Inc

ER -