This part introduces test generation techniques that take the semantics of the input into account, notably the behavior of the program that processes the input.
Grammar Mining shows how to extract an input grammar from a program by analyzing how individual parts of the input are processed. The resulting grammars can be directly used for fuzzing.
Symbolic Fuzzing analyzes program code to solve path constraints in the program to cover branches and behaviors that are hard to reach.
Tracking Information Flow shows how to track inputs throughout the program, in order to discover information leaks and further improve analysis techniques.