fuzzingbook icon indicating copy to clipboard operation
fuzzingbook copied to clipboard

Published 20 hours ago verified publisher icon uds-se

Mix of expansion strategies in GrammarCoverageFuzzer

Open michaelmera opened this issue 5 years ago • 0 comments

Describe the bug Because the GrammarCoverageFuzzer inherits from the GrammarFuzzer, it still uses the expansion strategy based on costs. This can result in the fuzzer avoiding completely parts of the grammar because it first selects expansions with maximum cost. For a fuzzer that pretends to cover the grammar that is pretty confusing.

To Reproduce For example, the following code will never produce an 'a':

from fuzzingbook.GrammarCoverageFuzzer import GrammarCoverageFuzzer

grammar = {
    '<start>': ['<A>', '<B>'],
    '<A>': ['a'],
    '<B>': ['b<C>', '<D>'],
    '<C>': ['c'],
    '<D>': ['d']
}

fuzzer = GrammarCoverageFuzzer(grammar, min_nonterminals=5, max_nonterminals=10)

for i in range(100):
    print(fuzzer.fuzz())
    print('-----------')

michaelmera avatar Nov 29 '19 20:11 michaelmera