all InfoSec news
Token-Level Fuzzing. (arXiv:2304.02103v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Fuzzing has become a commonly used approach to identifying bugs in complex,
real-world programs. However, interpreters are notoriously difficult to fuzz
effectively, as they expect highly structured inputs, which are rarely produced
by most fuzzing mutations. For this class of programs, grammar-based fuzzing
has been shown to be effective. Tools based on this approach can find bugs in
the code that is executed after parsing the interpreter inputs, by following
language-specific rules when generating and mutating test cases. Unfortunately,
grammar-based …
bugs cases class code discover effectively expect find fuzz fuzzing handling inputs language parsing rules test token tools world