A()
— Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (AssignmentTracker)A1_GRAMMAR
— Parsing Inputs (Excursion: Grammars and Derivation Trees), Parsing Inputs (Recursion), Parsing Inputs (Ambiguity), Parsing Inputs (Background), Parsing Inputs (Exercise 8: First Set of a Nonterminal), Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)A2_GRAMMAR
— Parsing Inputs (Excursion: Grammars and Derivation Trees), Parsing Inputs (Background)A3_GRAMMAR
— Parsing Inputs (Ambiguous Parsing)abs_max()
— Concolic Fuzzing (Example: Absolute Maximum), Symbolic Fuzzing (Get Names and Types of Variables Used)abs_value()
— Concolic Fuzzing (Example: Absolute Maximum), Symbolic Fuzzing (Function Summaries)ACTIONS
— Testing Graphical User Interfaces (Exploring Large Sites), Testing Graphical User Interfaces (Exploring Large Sites), Testing Graphical User Interfaces (Exploring Large Sites)add()
— Parsing Inputs (Columns)addDebug()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)addTo()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)add_call()
— Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls)add_calls()
— Control Flow Graph (CFGNode)add_child()
— Concolic Fuzzing (Representing Decisions), Control Flow Graph (CFGNode)add_coverage()
— Grammar Coverage (Tracking Expansions while Fuzzing), Probabilistic Grammar Fuzzing (Counting Expansions)add_element()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)add_fragment()
— Greybox Fuzzing with Grammars (Building the Fragment Pool)add_group()
— Testing Configurations (A Grammar Miner for Options and Arguments)add_int_rule()
— Testing Configurations (A Grammar Miner for Options and Arguments)add_metavar_rule()
— Testing Configurations (A Grammar Miner for Options and Arguments)add_new_airport()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)add_new_airport_2()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)add_parameter()
— Testing Configurations (A Grammar Miner for Options and Arguments)add_parent()
— Control Flow Graph (CFGNode)add_parents()
— Control Flow Graph (CFGNode)add_result()
— Carving Unit Tests (Part 1: Store function results)add_str_rule()
— Testing Configurations (A Grammar Miner for Options and Arguments)add_to_fragment_pool()
— Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Region-Based Mutation)add_trace()
— Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (The SimpleConcolicFuzzer class)add_transitive()
— Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)add_tree()
— Probabilistic Grammar Fuzzing (Counting Expansions), Mining Input Grammars (Recovering Grammars from Derivation Trees)add_tree_coverage()
— Fuzzing with Generators (Generators and Grammar Coverage)add_type_rule()
— Testing Configurations (A Grammar Miner for Options and Arguments)__add__()
— Tracking Information Flow (Concatenation), Concolic Fuzzing (Concatenation of Strings)advance()
— Parsing Inputs (Items), Parsing Inputs (States)AdvancedMutationFuzzer
class — Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing)AdvMutant
class — Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)AdvMutator
class — Mutation Analysis (Mutator for Modules and Test Suites)AdvPMIterator
class — Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)AdvStmtDeletionMutator
class — Mutation Analysis (Mutator for Modules and Test Suites)AFLFastSchedule
class — Greybox Fuzzing (Boosted Greybox Fuzzing)AFLGoSchedule
class — Greybox Fuzzing (Improved Directed Power Schedule)AFLSmartSchedule
class — Greybox Fuzzing with Grammars (Focusing on Valid Seeds)airport_codes_repOK()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)all_terminals()
— Efficient Grammar Fuzzing (End of Excursion)alternate_reductions()
— Reducing Failure-Inducing Inputs (Alternate Expansions)AlternatingSequence
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)annotate_arg()
— Mining Function Specifications (Annotating Functions with Given Types)annotate_edge()
— Efficient Grammar Fuzzing (Excursion: Source code and example for display_annotated_tree()
)annotate_function_ast_with_invariants()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)annotate_function_ast_with_types()
— Mining Function Specifications (Annotating Functions with Mined Types)annotate_function_with_invariants()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)annotate_function_with_types()
— Mining Function Specifications (Annotating Functions with Mined Types)annotate_invariants()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)annotate_node()
— Efficient Grammar Fuzzing (Excursion: Source code and example for display_annotated_tree()
)annotate_types()
— Mining Function Specifications (Annotating Functions with Mined Types)display_tree()
)ANYTHING_BUT_DOUBLE_QUOTES_AND_BACKSLASH
— Testing Compilers (Constants)ANYTHING_BUT_SINGLE_QUOTES_AND_BACKSLASH
— Testing Compilers (Constants)any_possible_expansions()
— Efficient Grammar Fuzzing (Expanding a Tree)any_sqrt()
— Mining Function Specifications (Specifications and Assertions)append_from_dictionary()
— Greybox Fuzzing (A First Attempt)apply_new_definition()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)apply_result()
— Fuzzing with Generators (Generating Elements before Expansion)apply_twice()
— Fuzzing with Generators (Functions Called Before Expansion)arc()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)ArcCoverage
class — Concolic Fuzzing (Tracking Constraints)arcs()
— Concolic Fuzzing (Tracking Constraints)arc_8()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)arguments()
— Carving Unit Tests (Recording Calls)ARGUMENTS_SYMBOL
— Testing Configurations (A Grammar Miner for Options and Arguments)arith_expr()
— Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)AR
— Railroad Diagrams (Excursion: Railroad diagrams implementation)ascii_chr()
— Fuzzing in the Large (Excursion: escapelines()
implementatipn)ASCII_STRING_GRAMMAR
— Fuzzing APIs (Synopsis), Fuzzing APIs (Strings), Fuzzing APIs (Synopsis)assertEquals()
— Introduction to Software Testing (Automating Test Execution)assignEnergy()
— Greybox Fuzzing (Seeds and Power Schedules), Greybox Fuzzing (Boosted Greybox Fuzzing), Greybox Fuzzing (Directed Power Schedule), Greybox Fuzzing (Improved Directed Power Schedule), Greybox Fuzzing with Grammars (Focusing on Valid Seeds)assignments()
— Mining Input Grammars (DefineTracker)AssignmentTracker
class — Mining Input Grammars (AssignmentTracker), Mining Input Grammars (AssignmentTracker), Mining Input Grammars (AssignmentTracker)AssignmentVars
class — Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars)ast_fitness()
— Testing Compilers (Fitness)at()
— Mining Input Grammars (CallStack)ATTR_GRAMMAR
— Fuzzing with Generators (Exercise 2: Attribute Grammars)at_dot()
— Parsing Inputs (Items)autopep8()
— Testing Configurations (Autopep8 Setup)average_length_until_full_coverage()
— Grammar Coverage (Putting Things Together)A_Class
class — Class Diagrams (Getting a Class Hierarchy), Class Diagrams (Getting a Class Hierarchy)B()
— Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (AssignmentTracker)back()
— Parsing Inputs (Exercise 5: Leo Parser)bad_fitness()
— Search-Based Fuzzing (Hillclimbing the Example)bar()
— Class Diagrams (Getting a Class Hierarchy)BetterHTTPRequestHandler
class — Testing Web Applications (Part 1: Silent Failures), Testing Web Applications (Part 2: Sanitized HTML), Testing Web Applications (Part 3: Sanitized SQL), Testing Web Applications (Part 4: A Robust Server)BETTER_HTML_INTERNAL_SERVER_ERROR
— Testing Web Applications (Part 1: Silent Failures)BinaryProgramRunner
class — Fuzzing: Breaking Things with Random Inputs (Runner Classes)binomial()
— Concolic Fuzzing (Example: Binomial Coefficient)BinOpMutator
class — Mutation Analysis (Exercise 1: Arithmetic Expression Mutators), Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)BIRD
— Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)bit()
— Concolic Fuzzing (Representing Decisions)BIT_OPS
— Concolic Fuzzing (Exercise 2: Bit Manipulation)BletchleyPark
class — When To Stop Fuzzing (Fuzzing the Enigma), When To Stop Fuzzing (Turing's Observations), When To Stop Fuzzing (Turing's Observations)BODY
— Code Coverage (A Coverage Class), Code Coverage (A Coverage Class), Code Coverage (A Coverage Class)__bool__()
— Concolic Fuzzing (Registering Predicates on Conditionals), Concolic Fuzzing (Using an Integer in a Boolean Context), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)BoostedBletchleyPark
class — When To Stop Fuzzing (Turing's Observations)BranchCoverage
class — Code Coverage (Part 1: Compute branch coverage)BranchTransformer
class — Search-Based Fuzzing (Instrumenting Source Code Automatically)branch_coverage()
— Code Coverage (Part 1: Compute branch coverage)break_max_attempts()
— When To Stop Fuzzing (Turing's Observations)break_message()
— When To Stop Fuzzing (Fuzzing the Enigma), When To Stop Fuzzing (Turing's Observations), When To Stop Fuzzing (Turing's Observations), When To Stop Fuzzing (Turing's Observations)break_n_messages()
— When To Stop Fuzzing (Turing's Observations)BROWSER
— Testing Graphical User Interfaces (Remote Control with Selenium)buggy_my_sqrt_with_postcondition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)B_Class
class — Class Diagrams (Getting a Class Hierarchy)C()
— Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (AssignmentTracker)CachingReducer
class — Reducing Failure-Inducing Inputs (Delta Debugging)calculate_distance()
— Search-Based Fuzzing (Defining a Search Landscape: Fitness functions)CallCarver
class — Carving Unit Tests (Recording Calls), Carving Unit Tests (Recording Calls)called_functions()
— Carving Unit Tests (Recording Calls)callers()
— Class Diagrams (Drawing Class Hierarchy with Method Names)CallGrammarMiner
class — Carving Unit Tests (A Grammar Miner for Calls), Carving Unit Tests (Initial Grammar), Carving Unit Tests (A Grammar from Arguments), Carving Unit Tests (A Grammar from Calls), Carving Unit Tests (A Grammar from all Calls)callgraph()
— Control Flow Graph (Call Graph Helpers)calls()
— Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls)CallStack
class — Mining Input Grammars (CallStack), Mining Input Grammars (CallStack)CallTracker
class — Mining Function Specifications (Tracking Calls), Mining Function Specifications (Tracking Calls), Mining Function Specifications (Tracking Calls), Mining Function Specifications (Tracking Calls), Mining Function Specifications (Tracking Calls)call_string()
— Carving Unit Tests (Serializing Objects)CALL_SYMBOL
— Carving Unit Tests (Initial Grammar)call_value()
— Carving Unit Tests (Serializing Objects)__call__()
— Concolic Fuzzing (Excursion: Implementing ConcolicTracer)cancel()
— Timeout (Variant 1: Unix (using signals, efficient)), Timeout (Variant 2: Generic / Windows (using trace, not very efficient))canonical()
— Parsing Inputs (Excursion: Canonical Grammars)can_be_satisfied()
— Symbolic Fuzzing (Exercise 2: Statically checking if a loop should be unrolled further)capitalize()
— Tracking Information Flow (String methods that do not change origin)Carver
class — Carving Unit Tests (Recording Calls)cc()
— Concolic Fuzzing (Representing Decisions)CFGNode
class — Control Flow Graph (CFGNode)EarleyParser
), Parsing Inputs (Background)CFLAGS
— Fuzzing in the Large (Collecting Code Coverage)cgi_decode()
— Code Coverage (A CGI Decoder), Search-Based Fuzzing (Testing a More Complex Program), Concolic Fuzzing (Example: Decoding CGI Strings), Control Flow Graph (cgi_decode)cgi_decode_instrumented()
— Search-Based Fuzzing (Instrumenting Source Code Automatically)cgi_decode_traced()
— Code Coverage (Tracing Executions)cgi_encode()
— Testing Web Applications (Excursion: Implementing cgi_decode())CGI_GRAMMAR
— Testing Web Applications (Mining Grammars for Web Pages)CG
— Greybox Fuzzing (Computing Function-Level Distance)CHARACTERS_WITHOUT_QUOTE
— Fuzzing with Grammars (Exercise 1: A JSON Grammar)CHARGE_GRAMMAR
— Fuzzing with Generators (Example: Numeric Ranges)chart_parse()
— Parsing Inputs (The Parsing Algorithm)CHAR_WIDTH
— Railroad Diagrams (Excursion: Railroad diagrams implementation)check()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)checkpoint()
— Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)check_grammar()
— Efficient Grammar Fuzzing (Excursion: check_grammar()
implementation), Probabilistic Grammar Fuzzing (Expanding by Probability)check_param()
— Mining Input Grammars (Exercise 1: Flattening complex objects)check_time()
— Timeout (Variant 2: Generic / Windows (using trace, not very efficient))check_triangle()
— Symbolic Fuzzing (Obtaining Path Conditions for Coverage), Control Flow Graph (check_triangle)CHILDREN
— Efficient Grammar Fuzzing (Representing Derivation Trees), Efficient Grammar Fuzzing (Representing Derivation Trees)ChoiceNode
class — Parsing Inputs (Tree Extractor)Choice
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)choose()
— Greybox Fuzzing (Seeds and Power Schedules)choose_a_node_to_explore()
— Parsing Inputs (Exercise 7: Iterative Earley Parser)choose_covered_node_expansion()
— Grammar Coverage (Covering Grammar Expansions), Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)choose_node_expansion()
— Efficient Grammar Fuzzing (Picking a Children Alternative to be Expanded), Grammar Coverage (Tracking Expansions while Fuzzing), Grammar Coverage (Covering Grammar Expansions), Grammar Coverage (Excursion: Implementing choose_node_expansion()
), Probabilistic Grammar Fuzzing (Expanding by Probability), Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)choose_path()
— Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor)choose_tree_expansion()
— Efficient Grammar Fuzzing (Excursion: expand_tree_once()
implementation), Fuzzing with Generators (Ordering Expansions)choose_uncovered_node_expansion()
— Grammar Coverage (Covering Grammar Expansions), Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)chosen()
— Parsing Inputs (Tree Extractor)CLASS_COLOR
— Class Diagrams (Drawing Class Hierarchy with Method Names), Class Diagrams (Drawing Class Hierarchy with Method Names)CLASS_FONT
— Class Diagrams (Drawing Class Hierarchy with Method Names), Class Diagrams (Drawing Class Hierarchy with Method Names)class_hierarchy()
— Class Diagrams (Getting a Class Hierarchy)class_items()
— Class Diagrams (Getting Methods and Variables)_class_items()
— Class Diagrams (Getting Methods and Variables)class_methods()
— Class Diagrams (Getting Methods and Variables)class_methods_string()
— Class Diagrams (Drawing Class Hierarchy with Method Names)class_set()
— Class Diagrams (Getting a Class Tree)class_tree()
— Class Diagrams (Getting a Class Tree)class_vars()
— Class Diagrams (Getting Methods and Variables)class_vars_string()
— Class Diagrams (Drawing Class Hierarchy with Method Names)clean_grammar()
— Mining Input Grammars (Grammar Mining)clear_httpd_messages()
— Testing Web Applications (Logging)clear_origin()
— Tracking Information Flow (A Class for Tracking Character Origins)clear_symbol_table()
— Fuzzing with Generators (Definitions and Uses)clear_taint()
— Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tracking Character Origins)click()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)clock()
— Timer (Measuring Time)coalesce()
— Parsing Inputs (A Parser Class), Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)code_repOK()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)collapse_if_too_large()
— Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)collect_conditions()
— Academic Prototyping (Static Analysis in Python: Still Easy), Prototyping with Python (Static Analysis in Python: Still Easy)collect_path_conditions()
— Academic Prototyping (A Symbolic Test Generator), Prototyping with Python (A Symbolic Test Generator)column()
— Tracking Information Flow (Representing Tables), Concolic Fuzzing (Example: Database)Column
class — Parsing Inputs (Columns), Parsing Inputs (Columns), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)combination()
— Concolic Fuzzing (Example: Binomial Coefficient)comma_split()
— Parsing Inputs (An Ad Hoc Parser)COMMENT_CHAR_WIDTH
— Railroad Diagrams (Excursion: Railroad diagrams implementation)Comment
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)complete()
— Parsing Inputs (Completing Processing), Parsing Inputs (Exercise 5: Leo Parser)compute_dominator()
— Control Flow Graph (Supporting Functions)compute_flow()
— Control Flow Graph (Supporting Functions)compute_gcd()
— Control Flow Graph (gcd)concolic()
— Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Generating Fresh Names)ConcolicDB
class — Concolic Fuzzing (Example: Database)ConcolicGrammarFuzzer
class — Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer), Concolic Fuzzing (Pruning and Updating), Concolic Fuzzing (Pruning and Updating)ConcolicTracer
class — Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Translating to the SMT Expression Format), Concolic Fuzzing (Generating Fresh Names), Concolic Fuzzing (Generating Fresh Names), Concolic Fuzzing (Evaluating the Concolic Expressions), Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer), Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer)condition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)CONDITION
— Code Coverage (Exercise 2: Branch Coverage), Code Coverage (Exercise 2: Branch Coverage), Code Coverage (Exercise 2: Branch Coverage)CONSTRAINED_VAR_GRAMMAR
— Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Ordering Expansions), Fuzzing with Generators (Ordering Expansions)CONSTRAINT
— Fuzzing with Constraints (Quantifiers)construct_callgraph()
— Control Flow Graph (Call Graph Helpers)CONTEXT
— Fuzzing with Constraints (Quantifiers)Context
class — Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (Exercise 1: Flattening complex objects)convert()
— Tracking Information Flow (Inserting Data)convert_ebnf_grammar()
— Fuzzing with Grammars (All Together)convert_ebnf_operators()
— Fuzzing with Grammars (Expanding Operators)convert_ebnf_parentheses()
— Fuzzing with Grammars (Expanding Parenthesized Expressions)copy()
— Parsing Inputs (States), Parsing Inputs (Exercise 5: Leo Parser), Symbolic Fuzzing (Tracking Assignments)COUNTER
— Concolic Fuzzing (Generating Fresh Names), Concolic Fuzzing (Generating Fresh Names)CountingGreyboxFuzzer
class — Greybox Fuzzing (Boosted Greybox Fuzzing)counts()
— Probabilistic Grammar Fuzzing (Counting Expansions)count_expansions()
— Probabilistic Grammar Fuzzing (Counting Expansions)count_nodes()
— Greybox Fuzzing with Grammars (Fragment-Based Mutation)coverage()
— Code Coverage (A Coverage Class), Code Coverage (Part 1: Compute branch coverage), Mutation-Based Fuzzing (Guiding by Coverage)Coverage
class — Code Coverage (A Coverage Class)cpp_identifiers()
— Testing Configurations (Part 1: Extract Preprocessor Variables)crange()
— Fuzzing with Grammars (Character Classes)crashme()
— Greybox Fuzzing (Runners and a Sample Program)crash_if_too_long()
— Fuzzing: Breaking Things with Random Inputs (Buffer Overflows)crawl()
— Testing Web Applications (Excursion: Implementing a Crawler)create()
— Tracking Information Flow (String Operators), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Create), Tracking Information Flow (Part 2: Arithmetic expressions), Concolic Fuzzing (A Proxy Class for Booleans), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)create_assignments()
— Mining Input Grammars (AssignmentTracker), Mining Input Grammars (Scope Tracker), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)create_call_stack()
— Mining Input Grammars (ScopedVars), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)create_candidate()
— Mutation-Based Fuzzing (Multiple Mutations), Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Greybox Fuzzing with Grammars (Fragment-Based Fuzzing), Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)create_context()
— Mining Input Grammars (Context)create_foo_py()
— Testing Configurations (Creating Autopep8 Options)create_instrumented_function()
— Search-Based Fuzzing (Instrumenting Source Code Automatically)create_population()
— Search-Based Fuzzing (Genetic Algorithms)create_table()
— Tracking Information Flow (Representing Tables)create_tracker()
— Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recover Grammar), Mining Input Grammars (Grammar Mining), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)create_tree_miner()
— Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recover Grammar), Mining Input Grammars (Grammar Mining), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)crossover()
— Search-Based Fuzzing (Genetic Algorithms)C_Class
class — Class Diagrams (Getting a Class Hierarchy)C_SAMPLE_GRAMMAR
— Parsing Inputs (Excursion: Implementing EarleyParser
)C
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)db_select()
— Concolic Fuzzing (Example: Database)DB
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Tracking Untrusted Input), Tracking Information Flow (TaintedDB), Concolic Fuzzing (Example: Database)DB
class — Tracking Information Flow (A Vulnerable Database), Tracking Information Flow (Representing Tables), Tracking Information Flow (Representing Tables), Tracking Information Flow (Representing Tables), Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Selecting Data), Tracking Information Flow (Selecting Data), Tracking Information Flow (Selecting Data), Tracking Information Flow (Inserting Data), Tracking Information Flow (Inserting Data), Tracking Information Flow (Updating Data), Tracking Information Flow (Deleting Data)DEBUG
— Railroad Diagrams (Excursion: Railroad diagrams implementation)declarations()
— Symbolic Fuzzing (Get Names and Types of Variables Used)decorator()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)decrange()
— Probabilistic Grammar Fuzzing (Probabilities in Context)default_edge_attr()
— Efficient Grammar Fuzzing (Excursion: Implementing display_tree()
)default_graph_attr()
— Efficient Grammar Fuzzing (Excursion: Implementing display_tree()
)default_node_attr()
— Efficient Grammar Fuzzing (Excursion: Implementing display_tree()
)DEFAULT_ORIGIN
— Tracking Information Flow (A Class for Tracking Character Origins)DEFAULT_STYLE
— Railroad Diagrams (Excursion: Railroad diagrams implementation)defined_in()
— Class Diagrams (Getting Methods and Variables)defined_vars()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)DefineTracker
class — Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker)define_expr()
— Fuzzing with Grammars (Part 1 (b): Alternative representations)define_ex_grammar()
— Fuzzing with Grammars (Part 1 (b): Alternative representations)define_grammar()
— Fuzzing with Grammars (Part 1 (a): One Single Function)define_id()
— Fuzzing with Generators (Definitions and Uses)define_name()
— Fuzzing with Grammars (Part 1 (b): Alternative representations)define_symbolic_vars()
— Symbolic Fuzzing (Get Names and Types of Variables Used)def_used_nonterminals()
— Fuzzing with Grammars (Excursion: Implementing is_valid_grammar()
)degree_of_validity()
— Greybox Fuzzing with Grammars (Focusing on Valid Seeds)DELAY_AFTER_CHECK
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)DELAY_AFTER_CLICK
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Fuzzing in the Large (Excursion: Starting the Server)DELAY_AFTER_FILL
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)DELAY_AFTER_START
— Fuzzing in the Large (Excursion: Starting the Server)DELAY_AFTER_SUBMIT
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)delete_element()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)delete_fragment()
— Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Region-Based Mutation)delete_last_character()
— Greybox Fuzzing (A First Attempt)delete_random_character()
— Mutation-Based Fuzzing (Mutating Inputs), Greybox Fuzzing (Mutators)DELETE
— Testing Web Applications (SQL Injection Attacks)DeltaDebuggingReducer
class — Reducing Failure-Inducing Inputs (Delta Debugging)determineGaps()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)deterministic_reduction()
— Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)DiagramItem
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)DIAGRAM_CLASS
— Railroad Diagrams (Excursion: Railroad diagrams implementation)Diagram
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)DictMutator
class — Greybox Fuzzing (A First Attempt), Greybox Fuzzing with Grammars (Fuzzing with Dictionaries)diff()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites)DIGIT_GRAMMAR
— Fuzzing with Grammars (Representing Grammars in Python)DirectedSchedule
class — Greybox Fuzzing (Directed Power Schedule)display_annotated_tree()
— Efficient Grammar Fuzzing (Excursion: Source code and example for display_annotated_tree()
)display_class_hierarchy()
— Class Diagrams (Drawing Class Hierarchy with Method Names)display_class_node()
— Class Diagrams (Drawing Class Hierarchy with Method Names)display_class_trees()
— Class Diagrams (Drawing Class Hierarchy with Method Names)display_httpd_message()
— Testing Web Applications (Logging)display_legend()
— Class Diagrams (Drawing Class Hierarchy with Method Names)display_stack()
— Mining Input Grammars (CallStack)display_trace_tree()
— Concolic Fuzzing (The SimpleConcolicFuzzer class)display_tree()
— Efficient Grammar Fuzzing (Excursion: Implementing display_tree()
)distance_character()
— Search-Based Fuzzing (Branch Distances)docstring()
— Class Diagrams (Getting Docs)doc_class_methods()
— Class Diagrams (Getting Methods and Variables)DOC_INDENT
— Class Diagrams (Getting Docs)dot_escape()
— Efficient Grammar Fuzzing (Excursion: Implementing display_tree()
)doubleenumerate()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)down()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)do_call()
— Fuzzing APIs (Synthesizing Code)do_check()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)do_click()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)do_delete()
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Deleting Data)do_fill()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)do_GET()
— Testing Web Applications (Handling HTTP Requests)do_HEAD()
— Testing Web Applications (Other HTTP commands)do_insert()
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Inserting Data)do_select()
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Selecting Data)do_submit()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)do_update()
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Updating Data)duplicate_context()
— Grammar Coverage (Extending Grammars for Context Coverage Programmatically)_duplicate_context()
— Grammar Coverage (Excursion: Implementing _duplicate_context()
)D_Class
class — Class Diagrams (Getting a Class Hierarchy), Class Diagrams (Getting a Class Hierarchy)e()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)EarleyParser
class — Parsing Inputs (The Parsing Algorithm), Parsing Inputs (Predicting States), Parsing Inputs (Scanning Tokens), Parsing Inputs (Completing Processing), Parsing Inputs (Filling the Chart), Parsing Inputs (The Parse Method), Parsing Inputs (The Parse Method), Parsing Inputs (Parsing Paths), Parsing Inputs (Parsing Forests), Parsing Inputs (Extracting Trees), Parsing Inputs (Ambiguous Parsing), Parsing Inputs (Nullable)earley_complete()
— Parsing Inputs (Completing Processing)ebnf_grammar()
— Testing Configurations (Classes for Fuzzing Configuration Options)elapsed_time()
— Timer (Measuring Time)EmbeddedInvariantAnnotator
class — Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)EmbeddedInvariantTransformer
class — Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)End
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)EnhancedExtractor
class — Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor)EnigmaMachine
class — When To Stop Fuzzing (Fuzzing the Enigma), When To Stop Fuzzing (Fuzzing the Enigma)enter()
— Mining Input Grammars (CallStack), Mining Input Grammars (Input Stack)__enter__()
— Code Coverage (A Coverage Class), Mutation Analysis (Evaluating Mutations), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Generating Fresh Names), Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls), Error Handling (Catching Errors), Timer (Measuring Time), Timeout (Variant 1: Unix (using signals, efficient)), Timeout (Variant 2: Generic / Windows (using trace, not very efficient))EOF
— Fuzzing: Breaking Things with Random Inputs (Missing Error Checks), Fuzzing: Breaking Things with Random Inputs (Missing Error Checks), Fuzzing: Breaking Things with Random Inputs (Missing Error Checks), Parsing Inputs (Exercise 9: Follow Set of a Nonterminal), Parsing Inputs (Exercise 9: Follow Set of a Nonterminal), Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)convert_ebnf_grammar()
), Efficient Grammar Fuzzing (End of Excursion)EPSILON
— Introduction to Software Testing (Automating Test Execution), Parsing Inputs (The Aycock Epsilon Fix), Parsing Inputs (Exercise 8: First Set of a Nonterminal), Mining Function Specifications (Annotating Functions with Pre- and Postconditions)__eq__()
— Parsing Inputs (States), Concolic Fuzzing (Equality between Integers), Concolic Fuzzing (Equality between Strings), Railroad Diagrams (Excursion: Railroad diagrams implementation), Control Flow Graph (CFGNode)escape()
— Class Diagrams (Getting Docs)escapelines()
— Fuzzing in the Large (Excursion: escapelines()
implementatipn)escape_doc()
— Class Diagrams (Getting Docs)EvalMysteryRunner
class — Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules)evaluate_condition()
— Search-Based Fuzzing (Instrumentation for Atomic Conditions), Search-Based Fuzzing (Instrumentation for Atomic Conditions)evaluate_population()
— Search-Based Fuzzing (Genetic Algorithms)eval_function()
— Fuzzing with Generators (Checking and Repairing Elements after Expansion)eval_with_exception()
— Fuzzing with Generators (Example: Negative Expressions)EvenFasterGrammarFuzzer
class — Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)evolve()
— Testing Compilers (Evolving Inputs)executable()
— Testing Configurations (Classes for Fuzzing Configuration Options)ExerciseGrammarFuzzer
class — Efficient Grammar Fuzzing (Exercise 4: Alternate Random Expansions)__exit__()
— Code Coverage (A Coverage Class), Mutation Analysis (Evaluating Mutations), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Generating Fresh Names), Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls), Error Handling (Catching Errors), Error Handling (Catching Timeouts), Timer (Measuring Time), Timeout (Variant 1: Unix (using signals, efficient)), Timeout (Variant 2: Generic / Windows (using trace, not very efficient))expandtabs()
— Tracking Information Flow (Expand Tabs)expand_node()
— Efficient Grammar Fuzzing (Excursion: expand_node_randomly()
implementation), Efficient Grammar Fuzzing (End of Excursion), Efficient Grammar Fuzzing (Node Inflation)expand_node_by_cost()
— Efficient Grammar Fuzzing (Excursion: expand_node_by_cost()
implementation)expand_node_max_cost()
— Efficient Grammar Fuzzing (Node Inflation)expand_node_min_cost()
— Efficient Grammar Fuzzing (End of Excursion)expand_node_randomly()
— Efficient Grammar Fuzzing (Excursion: expand_node_randomly()
implementation), Efficient Grammar Fuzzing (Exercise 4: Alternate Random Expansions), Parsing Inputs (Why Parsing for Fuzzing?)expand_tree()
— Efficient Grammar Fuzzing (Excursion: Implementation of three-phase expand_tree()
)expand_tree_once()
— Efficient Grammar Fuzzing (Excursion: expand_tree_once()
implementation), Fuzzing with Generators (Local Checking and Repairing)expand_tree_with_strategy()
— Efficient Grammar Fuzzing (Excursion: Implementation of three-phase expand_tree()
)expand_tstate()
— Parsing Inputs (Exercise 5: Leo Parser)ExpansionCountMiner
class — Probabilistic Grammar Fuzzing (Counting Expansions), Probabilistic Grammar Fuzzing (Counting Expansions), Probabilistic Grammar Fuzzing (Counting Expansions)ExpansionError
class — Fuzzing with Grammars (A Simple Grammar Fuzzer)expansion_cost()
— Efficient Grammar Fuzzing (Excursion: Implementing Cost Functions), Tracking Information Flow (TaintedGrammarFuzzer)expansion_coverage()
— Grammar Coverage (Keeping Track of Expansions)expansion_key()
— Grammar Coverage (Keeping Track of Expansions)expansion_to_children()
— Efficient Grammar Fuzzing (Excursion: Implementing expansion_to_children()
), Efficient Grammar Fuzzing (End of Excursion), Efficient Grammar Fuzzing (Exercise 1: Caching Method Results)ExpectError
class — Error Handling (Catching Errors)ExpectTimeout
class — Error Handling (Catching Timeouts)explore()
— Symbolic Fuzzing (Stepwise Exploration of Paths)explore_all()
— Testing Graphical User Interfaces (Covering States)expression_clause()
— Tracking Information Flow (Selecting Data)expression_grammar_fn()
— Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced))EXPR_GRAMMAR_BNF
— Efficient Grammar Fuzzing (An Insufficient Algorithm)EXPR_GRAMMAR
— Grammar Coverage (Covering Grammar Elements), Grammar Coverage (Covering Grammar Expansions), Grammar Coverage (End of Excursion), Parsing Inputs (Excursion: Canonical Grammars), Fuzzing with Generators (Example: More Numeric Ranges)exp_opt()
— Fuzzing with Grammars (Excursion: Implementing opts()
)exp_opts()
— Fuzzing with Grammars (Excursion: Implementing opts()
)exp_order()
— Fuzzing with Generators (Ordering Expansions)exp_post_expansion_function()
— Fuzzing with Generators (A Class for Integrating Constraints)exp_pre_expansion_function()
— Fuzzing with Generators (A Class for Integrating Constraints)exp_prob()
— Probabilistic Grammar Fuzzing (Specifying Probabilities)exp_probabilities()
— Probabilistic Grammar Fuzzing (Distributing Probabilities)exp_string()
— Fuzzing with Grammars (Excursion: Implementing opts()
)extended_nonterminals()
— Fuzzing with Grammars (Expanding Operators)extend_grammar()
— Fuzzing with Grammars (Extending Grammars)extract_a_node()
— Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor)extract_a_tree()
— Parsing Inputs (Extracting Trees), Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor), Parsing Inputs (Exercise 7: Iterative Earley Parser)extract_constraints()
— Symbolic Fuzzing (Extracting All Constraints), Symbolic Fuzzing (Check Before You Loop)extract_node()
— Efficient Grammar Fuzzing (Excursion: Implementing display_tree()
)extract_trees()
— Parsing Inputs (Extracting Trees), Parsing Inputs (Ambiguous Parsing), Parsing Inputs (Exercise 7: Iterative Earley Parser)extract_vars()
— Mining Input Grammars (Context), Mining Input Grammars (Exercise 1: Flattening complex objects)E_GRAMMAR_1
— Parsing Inputs (The Aycock Epsilon Fix)f()
— Testing Compilers (Excursion: Function Definitions)factorial()
— Concolic Fuzzing (Tracking Constraints), Concolic Fuzzing (Example: Binomial Coefficient)fail_test()
— Error Handling (Catching Errors)FAIL
— Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runners), Fuzzing: Breaking Things with Random Inputs (Runners), Reducing Failure-Inducing Inputs (Synopsis), Reducing Failure-Inducing Inputs (Synopsis), Reducing Failure-Inducing Inputs (Synopsis), Reducing Failure-Inducing Inputs (Synopsis), Reducing Failure-Inducing Inputs (Synopsis), Reducing Failure-Inducing Inputs (Synopsis)FasterGrammarFuzzer
class — Efficient Grammar Fuzzing (Exercise 1: Caching Method Results)fib()
— Control Flow Graph (fib)FILE
— Fuzzing: Breaking Things with Random Inputs (Creating Input Files)fill()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)fill_chart()
— Parsing Inputs (Filling the Chart)FilteredLeoParser
class — Parsing Inputs (Exercise 6: Filtered Earley Parser)FINAL_STATE
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)find()
— Concolic Fuzzing (Finding Substrings)find_alternatives()
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)find_comma()
— Parsing Inputs (An Ad Hoc Parser)find_contents()
— Testing Configurations (Classes for Fuzzing Configuration Options)find_element()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)find_executable()
— Testing Configurations (Autopep8 Setup)find_expansion()
— Fuzzing with Generators (Checking and Repairing Elements after Expansion)find_grammar()
— Testing Configurations (Classes for Fuzzing Configuration Options)_find_reachable_nonterminals()
— Fuzzing with Grammars (Excursion: Implementing is_valid_grammar()
)finish()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Evaluating Mutations)finished()
— Parsing Inputs (Items), Parsing Inputs (Tree Extractor)firstset()
— Parsing Inputs (Exercise 8: First Set of a Nonterminal)firstset_()
— Parsing Inputs (Exercise 8: First Set of a Nonterminal)first_digit_via_log()
— Probabilistic Grammar Fuzzing (The Law of Leading Digits)first_digit_via_string()
— Probabilistic Grammar Fuzzing (The Law of Leading Digits)first_expr()
— Parsing Inputs (Exercise 8: First Set of a Nonterminal)first
and follow
— Parsing Inputs (Exercise 8: First Set of a Nonterminal)fixed_cgi_decode()
— Code Coverage (Exercise 1: Fixing cgi_decode()
)FIXME
— Testing Compilers (End of Excursion)fixpoint()
— Parsing Inputs (Fixpoint)fix_luhn_checksum()
— Fuzzing with Generators (Functions Called After Expansion)flatten()
— Mining Input Grammars (Exercise 1: Flattening complex objects)flip_random_character()
— Mutation-Based Fuzzing (Mutating Inputs), Greybox Fuzzing (Mutators), Search-Based Fuzzing (Global Search)FLOAT_BINARY_OPS
— Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)FLOAT_BOOL_OPS
— Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)float_grammar_with_range()
— Fuzzing APIs (Floats)FLOAT_GRAMMAR
— Fuzzing APIs (Synopsis), Fuzzing APIs (Floats), Fuzzing APIs (Synopsis)fmt()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars)followset()
— Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)followset_()
— Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)follow_link()
— Testing Graphical User Interfaces (Link Element Actions)foo()
— Class Diagrams (Getting a Class Hierarchy), Class Diagrams (Getting a Class Hierarchy), Class Diagrams (Getting a Class Hierarchy)forest()
— Parsing Inputs (Parsing Forests), Parsing Inputs (Exercise 6: Filtered Earley Parser)format()
— Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation)FormHTMLParser
class — Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (Searching HTML for Input Fields)FragmentMutator
class — Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation)fragments()
— Mining Input Grammars (DefineTracker)FRAGMENT_LEN
— Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)frame_module()
— Class Diagrams (Drawing Class Hierarchy with Method Names)fresh_name()
— Concolic Fuzzing (Generating Fresh Names)fsm_diagram()
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)fsm_last_state_symbol()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)fsm_path()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)FunctionCoverageRunner
class — Mutation-Based Fuzzing (Guiding by Coverage)FunctionRunner
class — Mutation-Based Fuzzing (Guiding by Coverage)functions_with_invariants()
— Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)functions_with_invariants_ast()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)function_names()
— Code Coverage (A Coverage Class)function_symbol()
— Carving Unit Tests (A Grammar from Calls)function_with_invariants()
— Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)function_with_invariants_ast()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)funct_parser()
— Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced))fuzz()
— Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes), Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes), Mutation-Based Fuzzing (Multiple Mutations), Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Efficient Grammar Fuzzing (Putting it all Together), Tracking Information Flow (TaintedGrammarFuzzer), Concolic Fuzzing (The fuzzing method), Concolic Fuzzing (Pruning and Updating), Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer), Testing Compilers (A Class for Fuzzing Python)fuzzed_url_element()
— Fuzzing APIs (Synthesizing Oracles)fuzzer()
— Fuzzing: Breaking Things with Random Inputs (A Simple Fuzzer)Fuzzer
class — Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)FUZZINGBOOK_SWAG
— Testing Web Applications (Taking Orders), Testing Web Applications (Taking Orders), Testing Web Applications (Taking Orders)fuzz_tree()
— Efficient Grammar Fuzzing (Putting it all Together), Fuzzing with Generators (Support for Python Generators), Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Generators and Grammar Coverage), Tracking Information Flow (TaintedGrammarFuzzer)gcd()
— Mutation Analysis (Evaluating Mutations), Symbolic Fuzzing (Problems with the Simple Fuzzer), Control Flow Graph (gcd)generate_good_tile()
— Control Flow Graph (Example: Maze)generate_maze_code()
— Control Flow Graph (Example: Maze)generate_mutant()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites)generate_print_maze()
— Control Flow Graph (Example: Maze)generate_target_tile()
— Control Flow Graph (Example: Maze)generate_trap_tile()
— Control Flow Graph (Example: Maze)GENERATIONS
— Testing Compilers (Evolution), Testing Compilers (Evolution)GeneratorGrammarFuzzer
class — Fuzzing with Generators (A Class for Integrating Constraints), Fuzzing with Generators (Generating Elements before Expansion), Fuzzing with Generators (Generating Elements before Expansion), Fuzzing with Generators (Support for Python Generators), Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Ordering Expansions)GenericTimeout
class — Timeout (Variant 2: Generic / Windows (using trace, not very efficient))genetic_algorithm()
— Search-Based Fuzzing (Genetic Algorithms)gen_cfg()
— Control Flow Graph (PyCFG), Control Flow Graph (Supporting Functions)gen_fn_summary()
— Symbolic Fuzzing (Get Names and Types of Variables Used)__getFunctions__()
— Greybox Fuzzing (Directed Power Schedule)__getitem__()
— Mutation Analysis (Mutator for Modules and Test Suites), Tracking Information Flow (Index), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Producing Substrings), Testing Configurations (Part 3: Mine a Configuration Grammar)getPathID()
— Greybox Fuzzing (Boosted Greybox Fuzzing)getTraceHash()
— When To Stop Fuzzing (Trace Coverage)get_all_paths()
— Symbolic Fuzzing (Generating All Possible Paths), Symbolic Fuzzing (Generating All Paths), Symbolic Fuzzing (Exercise 2: Statically checking if a loop should be unrolled further), Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer)get_all_vars()
— Concolic Fuzzing (Hack to use the ASCII value of a character.)get_alternatives()
— Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced))get_annotations()
— Symbolic Fuzzing (The Control Flow Graph)get_arguments()
— Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls)get_callgraph()
— Control Flow Graph (Call Graph Helpers)get_cfg()
— Control Flow Graph (Supporting Functions)get_children()
— Concolic Fuzzing (Representing Decisions)get_defining_function()
— Control Flow Graph (PyCFG)get_derivation_tree()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)get_expression()
— Symbolic Fuzzing (Function Summaries)get_field_values()
— Testing Web Applications (Processing Orders)get_fitness()
— Search-Based Fuzzing (Instrumentation), Testing Compilers (Survival of the Fittest)get_fitness_cgi()
— Search-Based Fuzzing (Fitness Function to Create Valid Hexadecimal Inputs)get_func()
— Control Flow Graph (PyCFG)get_grammar()
— Testing Web Applications (A Fuzzer for Web Forms), Testing Web Applications (Fully Automatic Web Attacks)get_html()
— Testing Web Applications (A Fuzzer for Web Forms)get_mutation_count()
— Mutation Analysis (A Simple Mutator for Functions)get_newpath()
— Concolic Fuzzing (The SimpleConcolicFuzzer class)get_next_path()
— Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer), Symbolic Fuzzing (Generating All Paths)get_path_to_root()
— Concolic Fuzzing (Representing Decisions), Symbolic Fuzzing (Stepwise Exploration of Paths)get_qualified_name()
— Carving Unit Tests (Recording Calls)get_registry()
— Control Flow Graph (Registry)get_registry_idx()
— Control Flow Graph (Registry)get_replacements()
— Mining Input Grammars (Grammar Mining)get_symbolicparams()
— Symbolic Fuzzing (The Control Flow Graph)get_top()
— Parsing Inputs (Exercise 5: Leo Parser)GET
— Testing Web Applications (Handling HTTP Requests), Testing Web Applications (Other HTTP commands), Testing Web Applications (A Fuzzer for Web Forms)__ge__()
— Concolic Fuzzing (Comparisons between Integers)grammar()
— Parsing Inputs (A Parser Class), Testing Configurations (Classes for Fuzzing Configuration Options)GrammarCoverageFuzzer
class — Grammar Coverage (Determining yet Uncovered Children), Grammar Coverage (Excursion: Implementing new_coverage()
), Grammar Coverage (Excursion: Implementing choose_node_expansion()
)GrammarFuzzer
class — Efficient Grammar Fuzzing (Expanding a Node), Efficient Grammar Fuzzing (Excursion: check_grammar()
implementation), Efficient Grammar Fuzzing (End of Excursion), Efficient Grammar Fuzzing (Picking a Children Alternative to be Expanded), Efficient Grammar Fuzzing (End of Excursion), Efficient Grammar Fuzzing (Excursion: expand_node_randomly()
implementation), Efficient Grammar Fuzzing (Excursion: expand_node_randomly()
implementation), Efficient Grammar Fuzzing (Excursion: expand_node_randomly()
implementation), Efficient Grammar Fuzzing (Expanding a Tree), Efficient Grammar Fuzzing (Expanding a Tree), Efficient Grammar Fuzzing (Excursion: expand_tree_once()
implementation), Efficient Grammar Fuzzing (Excursion: Implementing Cost Functions), Efficient Grammar Fuzzing (Excursion: expand_node_by_cost()
implementation), Efficient Grammar Fuzzing (End of Excursion), Efficient Grammar Fuzzing (End of Excursion), Efficient Grammar Fuzzing (Node Inflation), Efficient Grammar Fuzzing (Node Inflation), Efficient Grammar Fuzzing (Excursion: Implementation of three-phase expand_tree()
), Efficient Grammar Fuzzing (Putting it all Together)GrammarMiner
class — Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recover Grammar)GrammarReducer
class — Reducing Failure-Inducing Inputs (Excursion: A Class for Reducing with Grammars), Reducing Failure-Inducing Inputs (Finding Subtrees), Reducing Failure-Inducing Inputs (Alternate Expansions), Reducing Failure-Inducing Inputs (Both Strategies Together), Reducing Failure-Inducing Inputs (The Reduction Strategy), Reducing Failure-Inducing Inputs (The Reduction Strategy), Reducing Failure-Inducing Inputs (The Reduction Strategy), Reducing Failure-Inducing Inputs (The Reduction Strategy), Reducing Failure-Inducing Inputs (A Depth-Oriented Strategy)graph_attr()
— Efficient Grammar Fuzzing (Excursion: Source code and example for display_annotated_tree()
)GreyboxFuzzer
class — Greybox Fuzzing (Greybox Mutation-based Fuzzing)GreyboxGrammarFuzzer
class — Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)__gt__()
— Concolic Fuzzing (Comparisons between Integers)GUICoverageFuzzer
class — Testing Graphical User Interfaces (Covering States), Testing Graphical User Interfaces (Covering States)GUIFuzzer
class — Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)GUIGrammarMiner
class — Testing Graphical User Interfaces (Retrieving Actions), Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions), Testing Graphical User Interfaces (Input Element Actions), Testing Graphical User Interfaces (Button Element Actions), Testing Graphical User Interfaces (Link Element Actions), Testing Graphical User Interfaces (Link Element Actions), Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars), Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)GUIRunner
class — Testing Graphical User Interfaces (Executing User Interface Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)GUI_GRAMMAR
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)h()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)handle_endtag()
— Testing Web Applications (Searching HTML for Input Fields)handle_order()
— Testing Web Applications (Processing Orders), Testing Web Applications (Part 4: A Robust Server)handle_starttag()
— Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (Crawling User Interfaces)hang_if_no_space()
— Fuzzing: Breaking Things with Random Inputs (Missing Error Checks), Concolic Fuzzing (Excursion: Implementing SimpleConcolicFuzzer)__hash__()
— Parsing Inputs (States)has_distributive_law()
— Testing Compilers (How Effective is Mutation?)has_origin()
— Tracking Information Flow (A Class for Tracking Character Origins)has_taint()
— Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tracking Character Origins)HEADLESS
— Testing Graphical User Interfaces (Running a Headless Browser), Testing Graphical User Interfaces (Running a Headless Browser)HEAD
— Testing Web Applications (Other HTTP commands)heartbeat()
— Fuzzing: Breaking Things with Random Inputs (Information Leaks)hello()
— Mining Function Specifications (Tracking Calls)helper()
— Parsing Inputs (Fixpoint)highlight_node()
— Parsing Inputs (An Ad Hoc Parser)high_charge()
— Fuzzing with Generators (Functions Called Before Expansion)hillclimber()
— Search-Based Fuzzing (Hillclimbing the Example)hillclimb_cgi()
— Search-Based Fuzzing (Hillclimbing Valid Hexadecimal Inputs)hillclimb_cgi_limited()
— Search-Based Fuzzing (Evolutionary Search)hl_node()
— Parsing Inputs (An Ad Hoc Parser)hl_predicate()
— Parsing Inputs (An Ad Hoc Parser)__new__()
— Tracking Information Flow (A Class for Tainted Strings)HorizontalChoice
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)how_many_mutations()
— Testing Compilers (How Effective is Mutation?)HTMLGrammarMiner
class — Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (Mining Grammars for Web Pages), Testing Web Applications (Mining Grammars for Web Pages)HTML_INTERNAL_SERVER_ERROR
— Testing Web Applications (Internal Errors)HTML_NOT_FOUND
— Testing Web Applications (Page Not Found)HTML_ORDER_FORM
— Testing Web Applications (Taking Orders)HTML_ORDER_RECEIVED
— Testing Web Applications (Order Confirmation)html_parser()
— When To Stop Fuzzing (Part 2: Population)HTML_TERMS_AND_CONDITIONS
— Testing Web Applications (Terms and Conditions)HTTPD_MESSAGE_QUEUE
— Testing Web Applications (Logging)http_program()
— Mutation-Based Fuzzing (Fuzzing a URL Parser)hundred_inputs()
— Code Coverage ( Coverage of Basic Fuzzing)i()
— Control Flow Graph (CFGNode)identifiers_with_types()
— Symbolic Fuzzing (Check Before You Loop)identifier_grammar_fn()
— Fuzzing with Grammars (Part 2: Extended Grammars)idx()
— Parsing Inputs (States)ID_CONTINUE
— Testing Compilers (Excursion: Names and Function Calls)ID_START
— Testing Compilers (Excursion: Names and Function Calls)ID
— Fuzzing with Constraints (Matching Expansion Elements)ignored()
— Mining Input Grammars (Input Stack), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)import_code()
— Mutation Analysis (Mutator for Modules and Test Suites)increment()
— Parsing Inputs (Tree Extractor)indent()
— Mining Input Grammars (CallStack)ineffective_test_1()
— Mutation Analysis (Why Structural Coverage is Not Enough)ineffective_test_2()
— Mutation Analysis (Why Structural Coverage is Not Enough)informationflow_init_1()
— Tracking Information Flow (String Operators)informationflow_init_2()
— Tracking Information Flow (General wrappers)informationflow_init_3()
— Tracking Information Flow (Methods yet to be translated)initialize()
— Tracking Information Flow (String Operators), Concolic Fuzzing (Binary Operators for Integers)INITIALIZER_LIST
— Tracking Information Flow (String Operators)initial_grammar()
— Carving Unit Tests (Initial Grammar)initial_population()
— Testing Compilers (Evolving Inputs)init_concolic_1()
— Concolic Fuzzing (Binary Operators for Integers)init_concolic_2()
— Concolic Fuzzing (Integer Unary Operators)init_concolic_3()
— Concolic Fuzzing (Trip Wire)init_concolic_4()
— Concolic Fuzzing (Exercise 2: Bit Manipulation)init_db()
— Testing Web Applications (Storing Orders)init_tainted_grammar()
— Tracking Information Flow (TaintedGrammarFuzzer)init_tree()
— Efficient Grammar Fuzzing (End of Excursion)__init__()
— Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes), Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes), Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff), Code Coverage (A Coverage Class), Mutation-Based Fuzzing (Multiple Mutations), Mutation-Based Fuzzing (Guiding by Coverage), Greybox Fuzzing (Mutators), Greybox Fuzzing (Seeds and Power Schedules), Greybox Fuzzing (Seeds and Power Schedules), Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Greybox Fuzzing (Boosted Greybox Fuzzing), Greybox Fuzzing (A First Attempt), Greybox Fuzzing (A First Attempt), Greybox Fuzzing (Directed Power Schedule), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Efficient Grammar Fuzzing (Expanding a Node), Efficient Grammar Fuzzing (Exercise 1: Caching Method Results), Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation), Grammar Coverage (Tracking Grammar Coverage), Parsing Inputs (Why Parsing for Fuzzing?), Parsing Inputs (A Parser Class), Parsing Inputs (Excursion: Canonical Grammars), Parsing Inputs (Columns), Parsing Inputs (Items), Parsing Inputs (States), Parsing Inputs (The Parsing Algorithm), Parsing Inputs (Nullable), Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Probabilistic Grammar Fuzzing (Counting Expansions), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Generators and Probabilistic Fuzzing), Fuzzing with Generators (Generators and Grammar Coverage), Greybox Fuzzing with Grammars (Fuzzing with Dictionaries), Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing), Greybox Fuzzing with Grammars (Region-Based Mutation), Greybox Fuzzing with Grammars (Focusing on Valid Seeds), Reducing Failure-Inducing Inputs (Delta Debugging), Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules), Reducing Failure-Inducing Inputs (Excursion: A Class for Reducing with Grammars), Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (DefineTracker), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (CallStack), Mining Input Grammars (Vars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentTracker), Mining Input Grammars (Input Stack), Mining Input Grammars (Scope Tracker), Mining Input Grammars (Exercise 1: Flattening complex objects), Tracking Information Flow (A Vulnerable Database), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (Taint Aware Fuzzing), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Slices), Tracking Information Flow (TaintedGrammarFuzzer), Tracking Information Flow (Part 1: Creation), Tracking Information Flow (Part 4: Passing taints from strings to integers), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (A Proxy Class for Booleans), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (An Iterator Class for Strings), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (The SimpleConcolicFuzzer class), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Tracking Assignments), Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer), Mining Function Specifications (Tracking Calls), Mining Function Specifications (Annotating Functions with Given Types), Mining Function Specifications (Extracting Invariants), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (Classes for Fuzzing Configuration Options), Testing Configurations (Classes for Fuzzing Configuration Options), Carving Unit Tests (Recording Calls), Carving Unit Tests (A Grammar Miner for Calls), Testing Compilers (A Class for Fuzzing Python), Testing Web Applications (Fuzzing with Unexpected Values), Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (A Fuzzer for Web Forms), Testing Web Applications (Fully Automatic Web Attacks), Testing Web Applications (Fully Automatic Web Attacks), Testing Graphical User Interfaces (Retrieving Actions), Testing Graphical User Interfaces (Executing User Interface Actions), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Covering States), When To Stop Fuzzing (Fuzzing the Enigma), When To Stop Fuzzing (Fuzzing the Enigma), When To Stop Fuzzing (Turing's Observations), When To Stop Fuzzing (Turing's Observations), Error Handling (Catching Errors), Error Handling (Catching Timeouts), Timer (Measuring Time), Timeout (Variant 1: Unix (using signals, efficient)), Timeout (Variant 2: Generic / Windows (using trace, not very efficient)), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Control Flow Graph (CFGNode), Control Flow Graph (PyCFG)InputStack
class — Mining Input Grammars (Input Stack), Mining Input Grammars (Input Stack), Mining Input Grammars (Input Stack), Mining Input Grammars (Input Stack), Mining Input Grammars (Input Stack), Mining Input Grammars (Input Stack)insert_assertions()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)insert_from_dictionary()
— Greybox Fuzzing (A First Attempt), Greybox Fuzzing with Grammars (Fuzzing with Dictionaries)insert_into_tree()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)insert_random_character()
— Mutation-Based Fuzzing (Mutating Inputs), Greybox Fuzzing (Mutators)INSERT
— Testing Web Applications (Storing Orders), Testing Web Applications (SQL Injection Attacks)instantiate_prop()
— Mining Function Specifications (Instantiating Properties)instantiate_prop_ast()
— Mining Function Specifications (Instantiating Properties)INTERNAL_ALIGNMENT
— Railroad Diagrams (Excursion: Railroad diagrams implementation)internal_msg2key()
— When To Stop Fuzzing (Fuzzing the Enigma)internal_server_error()
— Testing Web Applications (Internal Errors), Testing Web Applications (Part 1: Silent Failures)INT_BINARY_OPS
— Concolic Fuzzing (Binary Operators for Integers)int_grammar_with_range()
— Fuzzing APIs (Integers)INT_GRAMMAR
— Fuzzing APIs (Synopsis), Fuzzing APIs (Integers), Fuzzing APIs (Synopsis)INT_UNARY_OPS
— Concolic Fuzzing (Integer Unary Operators)__int__()
— Concolic Fuzzing (A Proxy Class for Integers)InvariantAnnotator
class — Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)invariants()
— Mining Function Specifications (Extracting Invariants)InvariantTracker
class — Mining Function Specifications (Extracting Invariants), Mining Function Specifications (Extracting Invariants)INVARIANT_PROPERTIES
— Mining Function Specifications (Defining Properties)INVENTORY_GRAMMAR_F
— Tracking Information Flow (Excursion: Defining a SQL grammar)INVENTORY_GRAMMAR_NEW
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)INVENTORY_GRAMMAR
— Tracking Information Flow (Excursion: Defining a SQL grammar)INVENTORY_METHODS
— Mining Input Grammars (A Simple Grammar Miner)INVENTORY
— Mining Input Grammars (A Grammar Challenge), Tracking Information Flow (A Vulnerable Database), Tracking Information Flow (End of Excursion)invert_expansion()
— Probabilistic Grammar Fuzzing (Testing Uncommon Features)invert_probs()
— Probabilistic Grammar Fuzzing (Testing Uncommon Features)__invert__()
— Concolic Fuzzing (Exercise 2: Bit Manipulation)invoker()
— Testing Configurations (Classes for Fuzzing Configuration Options)in_current_record()
— Mining Input Grammars (Input Stack), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)in_scope()
— Mining Input Grammars (Input Stack)IP_ADDRESS_TOKENS
— Probabilistic Grammar Fuzzing (Counting Expansions)isascii()
— Fuzzing in the Large (Excursion: escapelines()
implementatipn)is_abstract()
— Class Diagrams (Drawing Class Hierarchy with Method Names)is_excluded()
— Greybox Fuzzing with Grammars (Building the Fragment Pool)is_fragment()
— Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)is_input_fragment()
— Mining Input Grammars (DefineTracker), Mining Input Grammars (Scope Tracker)is_local_class()
— Class Diagrams (Drawing Class Hierarchy with Method Names)is_nonterminal()
— Fuzzing with Grammars (Some Definitions)is_overloaded()
— Class Diagrams (Drawing Class Hierarchy with Method Names)is_permutation()
— Introduction to Software Testing (Part 2: Random Inputs)is_public()
— Class Diagrams (Drawing Class Hierarchy with Method Names)is_sorted()
— Introduction to Software Testing (Part 2: Random Inputs)is_valid_grammar()
— Fuzzing with Grammars (Excursion: Implementing is_valid_grammar()
)is_valid_probabilistic_grammar()
— Probabilistic Grammar Fuzzing (Checking Probabilities)is_valid_url()
— Mutation-Based Fuzzing (Mutating URLs)is_var()
— Class Diagrams (Getting Methods and Variables)is_z3_var()
— Concolic Fuzzing (Hack to use the ASCII value of a character.)Item
class — Parsing Inputs (Items), Parsing Inputs (Items)iterate()
— Fuzzing with Generators (Support for Python Generators)IterativeEarleyParser
class — Parsing Inputs (Exercise 7: Iterative Earley Parser), Parsing Inputs (Exercise 7: Iterative Earley Parser), Parsing Inputs (Exercise 7: Iterative Earley Parser)iter_paths()
— Parsing Inputs (Exercise 7: Iterative Earley Parser)__iter__()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites), Tracking Information Flow (Slices), Concolic Fuzzing (Producing Substrings)join()
— Tracking Information Flow (Expand Tabs)js-vuln-db
— Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs)JSON_GRAMMAR
— Fuzzing with Grammars (Exercise 1: A JSON Grammar)LangFuzzer
class — Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)LD_LIBRARY_PATH
— Testing Configurations (Part 1: Getopt Fuzzing)leave()
— Mining Input Grammars (CallStack), Mining Input Grammars (Input Stack)left()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)left_align()
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)length()
— Concolic Fuzzing (Length of Strings)__len__()
— Mining Input Grammars (CallStack), Concolic Fuzzing (Length of Strings), Concolic Fuzzing (An Iterator Class for Strings)LeoParser
class — Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)leo_complete()
— Parsing Inputs (Exercise 5: Leo Parser)__le__()
— Concolic Fuzzing (Comparisons between Integers)linear_to_tree()
— Parsing Inputs (Part 2: The Parser)lineno()
— Control Flow Graph (CFGNode)LinkHTMLParser
class — Testing Web Applications (Crawling User Interfaces)link_functions()
— Control Flow Graph (PyCFG)list_grammar()
— Fuzzing APIs (Lists)LIST_GRAMMAR
— Fuzzing APIs (Lists)list_length()
— Mining Function Specifications (Some Examples)ljust()
— Tracking Information Flow (Justify)ll()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)LL1Parser
class — Parsing Inputs (Part 1: A LL(1) Parsing Table), Parsing Inputs (Part 1: A LL(1) Parsing Table), Parsing Inputs (Part 2: The Parser)loc()
— Mining Input Grammars (AssignmentVars)log_call()
— Mining Input Grammars (Assembling a Derivation Tree)log_event()
— Mining Input Grammars (Context)log_message()
— Testing Web Applications (Logging)log_tree()
— Efficient Grammar Fuzzing (Excursion: Implementation of three-phase expand_tree()
)LOG_VALUES
— Search-Based Fuzzing (Hillclimbing the Example)LONG_FOO
— Testing Configurations (Exercise 1: #ifdef Configuration Fuzzing)long_running_test()
— Error Handling (Catching Timeouts)lower()
— Tracking Information Flow (String methods that do not change origin), Concolic Fuzzing (Translating to Upper and Lower Equivalents)LOW
— Tracking Information Flow (String Operators)LR0
— Parsing Inputs (Items)LR_GRAMMAR
— Parsing Inputs (Recursion), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)lr_graph()
— Parsing Inputs (An Ad Hoc Parser)lstrip()
— Tracking Information Flow (Strip), Concolic Fuzzing (Remove Space from Ends)__lt__()
— Concolic Fuzzing (Comparisons between Integers)luhn_checksum()
— Fuzzing with Generators (Functions Called After Expansion)LUHN_ODD_LOOKUP
— Fuzzing with Generators (Functions Called After Expansion)m()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)main()
— Testing Compilers (Abstract Syntax Trees)make_basic_str_wrapper()
— Tracking Information Flow (General wrappers)make_float_binary_wrapper()
— Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)make_float_bool_wrapper()
— Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)make_grammar()
— Parsing Inputs (Excursion: Testing the Parsers)make_int_binary_wrapper()
— Concolic Fuzzing (Binary Operators for Integers), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)make_int_bit_wrapper()
— Concolic Fuzzing (Exercise 2: Bit Manipulation)make_int_unary_wrapper()
— Concolic Fuzzing (Integer Unary Operators)make_int_wrapper()
— Tracking Information Flow (Part 2: Arithmetic expressions)make_rule()
— Parsing Inputs (Excursion: Testing the Parsers)make_split_wrapper()
— Tracking Information Flow (Splits)make_str_abort_wrapper()
— Tracking Information Flow (Methods yet to be translated), Concolic Fuzzing (Trip Wire)make_str_wrapper()
— Tracking Information Flow (String Operators)math.isclose()
— Introduction to Software Testing (Automating Test Execution)MAX_DEPTH
— Mining Input Grammars (Exercise 1: Flattening complex objects), Mining Input Grammars (Exercise 1: Flattening complex objects), Mining Input Grammars (Exercise 1: Flattening complex objects), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Check Before You Loop), Symbolic Fuzzing (Check Before You Loop)_max_expansion_coverage()
— Grammar Coverage (Computing Possible Expansions)max_expansion_coverage()
— Grammar Coverage (Computing Possible Expansions)max_height()
— Reducing Failure-Inducing Inputs (A Few Helpers)MAX_ITER
— Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Simple Symbolic Fuzzing)MAX_TRIES
— Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Simple Symbolic Fuzzing)MAX
— Search-Based Fuzzing (Representing Program Inputs as a Search Problem), Search-Based Fuzzing (Representing Program Inputs as a Search Problem), Search-Based Fuzzing (Hillclimbing the Example), Search-Based Fuzzing (Hillclimbing the Example), Search-Based Fuzzing (Hillclimbing the Example)maze()
— Greybox Fuzzing (Solving the Maze), Control Flow Graph (Example: Maze), Control Flow Graph (Example: Maze)MazeMutator
class — Greybox Fuzzing (A First Attempt)metavars()
— Mining Function Specifications (Extracting Meta-Variables)METHOD_COLOR
— Class Diagrams (Drawing Class Hierarchy with Method Names)method_enter()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)method_exit()
— Mining Input Grammars (AssignmentVars)METHOD_FONT
— Class Diagrams (Drawing Class Hierarchy with Method Names)method_init()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)method_statement()
— Mining Input Grammars (AssignmentVars)method_string()
— Class Diagrams (Drawing Class Hierarchy with Method Names)mine_arguments_grammar()
— Carving Unit Tests (A Grammar from Arguments)mine_a_element_actions()
— Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions), Testing Graphical User Interfaces (Link Element Actions)mine_button_element_actions()
— Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions), Testing Graphical User Interfaces (Button Element Actions)mine_call_grammar()
— Carving Unit Tests (A Grammar from all Calls)mine_ebnf_grammar()
— Testing Configurations (A Grammar Miner for Options and Arguments)mine_function_grammar()
— Carving Unit Tests (A Grammar from Calls)mine_grammar()
— Testing Configurations (A Grammar Miner for Options and Arguments), Testing Web Applications (Mining Grammars for Web Pages)mine_input_element_actions()
— Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions), Testing Graphical User Interfaces (Input Element Actions)mine_probabilistic_grammar()
— Probabilistic Grammar Fuzzing (Assigning Probabilities)mine_state_actions()
— Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions)mine_state_grammar()
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)MIN
— Search-Based Fuzzing (Representing Program Inputs as a Search Problem), Search-Based Fuzzing (Representing Program Inputs as a Search Problem), Search-Based Fuzzing (Hillclimbing the Example), Search-Based Fuzzing (Hillclimbing the Example), Search-Based Fuzzing (Hillclimbing the Example)missing_expansion_coverage()
— Grammar Coverage (Tracking Expansions while Fuzzing)__mod__()
— Tracking Information Flow (mod)grcov
tool — Fuzzing in the Large (Collecting Code Coverage)mseq()
— Mining Input Grammars (Recovering a Derivation Tree)MuBinOpAnalyzer
class — Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)MuFunctionAnalyzer
class — Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Evaluating Mutations), Mutation Analysis (Evaluating Mutations)MultipleChoice
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)MuProgramAnalyzer
class — Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)mutable_visit()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites)MutantTestRunner
class — Mutation Analysis (Mutator for Modules and Test Suites)Mutant
class — Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Evaluating Mutations), Mutation Analysis (Evaluating Mutations)mutate()
— Mutation-Based Fuzzing (Mutating Inputs), Mutation-Based Fuzzing (Multiple Mutations), Greybox Fuzzing (Mutators), Search-Based Fuzzing (Genetic Algorithms), Greybox Fuzzing with Grammars (Fragment-Based Mutation)mutated_gcd()
— Mutation Analysis (The Problem of Equivalent Mutants)MutationCoverageFuzzer
class — Mutation-Based Fuzzing (Guiding by Coverage)MutationFuzzer
class — Mutation-Based Fuzzing (Multiple Mutations), Mutation-Based Fuzzing (Multiple Mutations), Mutation-Based Fuzzing (Multiple Mutations), Mutation-Based Fuzzing (Multiple Mutations), Greybox Fuzzing (Compatibility)mutation_visit()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)mutator_object()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)Mutator
class — Greybox Fuzzing (Mutators), Greybox Fuzzing (Mutators), Greybox Fuzzing (Mutators), Greybox Fuzzing (Mutators), Greybox Fuzzing (Mutators), Mutation Analysis (A Simple Mutator for Functions)MysteryRunner
class — Reducing Failure-Inducing Inputs (Why Reducing?)my_edge_attr()
— Concolic Fuzzing (The SimpleConcolicFuzzer class)my_eval()
— Tracking Information Flow (Selecting Data), Tracking Information Flow (TaintedDB), Tracking Information Flow (TrackingDB)my_extract_node()
— Concolic Fuzzing (The SimpleConcolicFuzzer class)my_fn()
— Concolic Fuzzing (Exercise 2: Bit Manipulation)my_parser()
— Greybox Fuzzing (A Complex Example: HTMLParser), Greybox Fuzzing with Grammars (Background), When To Stop Fuzzing (Measuring Trace Coverage over Time)my_sqrt()
— Introduction to Software Testing (Simple Testing), Parsing Inputs (Fixpoint), Mining Function Specifications (Why Generic Error Checking is Not Enough)_my_sqrt()
— Parsing Inputs (Fixpoint)my_sqrt_annotated()
— Mining Function Specifications (Getting Types)my_sqrt_checked()
— Introduction to Software Testing (Run-Time Verification)my_sqrt_fixed()
— Introduction to Software Testing (The Limits of Testing), Introduction to Software Testing (Exercise 4: To Infinity and Beyond)my_sqrt_with_invariants()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)my_sqrt_with_local_types()
— Mining Function Specifications (Exercise 2: Types for Local Variables)my_sqrt_with_log()
— Introduction to Software Testing (Debugging a Function)my_sqrt_with_postcondition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)my_sqrt_with_precondition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)my_sqrt_with_type_annotations()
— Mining Function Specifications (Specifying and Checking Data Types)my_sqrt_with_union_type()
— Mining Function Specifications (Exercise 1: Union Types)syntax to access the $n$-th child of type
`. To access the first child, $n$ is equal to one, not zero, as in the [XPath abbreviated syntax — Fuzzing with Constraints (Accessing Elements)names()
— Symbolic Fuzzing (Get Names and Types of Variables Used)naval_enigma()
— When To Stop Fuzzing (Fuzzing the Enigma)neighbors()
— Search-Based Fuzzing (Representing Program Inputs as a Search Problem)neighbor_strings()
— Search-Based Fuzzing (CGI Decoder as a Search Problem)__neq__()
— Control Flow Graph (CFGNode)new_child_coverage()
— Grammar Coverage (Determining yet Uncovered Children)_new_child_coverage()
— Grammar Coverage (Determining yet Uncovered Children)new_coverages()
— Grammar Coverage (Excursion: Implementing new_coverage()
)new_expansion_cost()
— Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)new_gcd()
— Mutation Analysis (The Problem of Equivalent Mutants)new_state_symbol()
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)new_symbol()
— Fuzzing with Grammars (Creating New Symbols)new_symbol_cost()
— Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)__new__()
— Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Part 1: Creation), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation)next_choice()
— Concolic Fuzzing (The SimpleConcolicFuzzer class)__next__()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites), Tracking Information Flow (Slices), Concolic Fuzzing (An Iterator Class for Strings)__ne__()
— Concolic Fuzzing (Equality between Integers), Railroad Diagrams (Excursion: Railroad diagrams implementation)no()
— Concolic Fuzzing (Representing Decisions)nonterminals()
— Fuzzing with Grammars (Some Definitions)NonTerminal
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)non_canonical()
— Parsing Inputs (Excursion: Canonical Grammars)normalize()
— Search-Based Fuzzing (Fitness Function to Create Valid Hexadecimal Inputs)normalizedEnergy()
— Greybox Fuzzing (Seeds and Power Schedules)not_found()
— Testing Web Applications (Page Not Found)__not__()
— Concolic Fuzzing (Negation of Encoded formula)no_8bit()
— Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)no_backslash_d()
— Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)no_dot()
— Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)nt_var()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)nullable()
— Parsing Inputs (Nullable)nullable_()
— Parsing Inputs (Nullable)nullable_expr()
— Parsing Inputs (Nullable)number_of_nodes()
— Reducing Failure-Inducing Inputs (A Few Helpers)OBJECT
— Code Coverage (A Coverage Class)offsets_from_entry()
— Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer)OFFSPRING
— Testing Compilers (Evolving Inputs)OneOrMore
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)on_annassign()
— Control Flow Graph (PyCFG)on_assign()
— Control Flow Graph (PyCFG)on_augassign()
— Control Flow Graph (PyCFG)on_binop()
— Control Flow Graph (PyCFG)on_break()
— Control Flow Graph (PyCFG)on_call()
— Mining Input Grammars (AssignmentTracker), Control Flow Graph (PyCFG)on_compare()
— Control Flow Graph (PyCFG)on_continue()
— Control Flow Graph (PyCFG)on_event()
— Mining Input Grammars (Context)on_exception()
— Mining Input Grammars (AssignmentTracker)on_expr()
— Control Flow Graph (PyCFG)on_for()
— Control Flow Graph (PyCFG)on_functiondef()
— Control Flow Graph (PyCFG)on_if()
— Control Flow Graph (PyCFG)on_line()
— Mining Input Grammars (AssignmentTracker)on_module()
— Control Flow Graph (PyCFG)on_pass()
— Control Flow Graph (PyCFG)on_return()
— Mining Input Grammars (AssignmentTracker), Control Flow Graph (PyCFG)on_unaryop()
— Control Flow Graph (PyCFG)on_while()
— Control Flow Graph (PyCFG)Optional()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)OptionalSequence
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)OptionFuzzer
class — Testing Configurations (Classes for Fuzzing Configuration Options), Testing Configurations (Classes for Fuzzing Configuration Options)OptionGrammarMiner
class — Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments)OptionRunner
class — Testing Configurations (Classes for Fuzzing Configuration Options), Testing Configurations (Classes for Fuzzing Configuration Options), Testing Configurations (Classes for Fuzzing Configuration Options), Testing Configurations (Classes for Fuzzing Configuration Options)options()
— Mining Input Grammars (Context), Mining Input Grammars (DefineTracker), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (CallStack), Mining Input Grammars (AssignmentTracker), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Advanced Symbolic Fuzzing)OPTION_SYMBOL
— Testing Configurations (A Grammar Miner for Options and Arguments)opts()
— Fuzzing with Grammars (Excursion: Implementing opts()
)opts_used()
— Fuzzing with Grammars (Excursion: Implementing is_valid_grammar()
)oracle()
— Mutation Analysis (Evaluating Mutations)orders_db_is_empty()
— Testing Web Applications (Fully Automatic Web Attacks)ORDERS_DB
— Testing Web Applications (Storing Orders)ORDER_GRAMMAR_WITH_SQL_INJECTION
— Testing Web Applications (SQL Injection Attacks)ORDER_GRAMMAR
— Testing Web Applications (Fuzzing with Expected Values)ostr_iterator
class — Tracking Information Flow (Slices)ostr
class — Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Create), Tracking Information Flow (Index), Tracking Information Flow (Slices), Tracking Information Flow (Concatenation), Tracking Information Flow (Concatenation), Tracking Information Flow (Extract Origin String), Tracking Information Flow (Replace), Tracking Information Flow (Split), Tracking Information Flow (Strip), Tracking Information Flow (Expand Tabs), Tracking Information Flow (Expand Tabs), Tracking Information Flow (Partitions), Tracking Information Flow (Justify), Tracking Information Flow (Justify), Tracking Information Flow (mod), Tracking Information Flow (mod), Tracking Information Flow (String methods that do not change origin)overloaded_class_methods()
— Class Diagrams (Getting Methods and Variables)P1
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree)PackratParser
class — Parsing Inputs (Exercise 1: An Alternative Packrat)pairwise()
— Testing Configurations (Combinatorial Testing)parameters()
— Mining Input Grammars (Context), Mining Input Grammars (Exercise 1: Flattening complex objects)params()
— Mining Function Specifications (Converting Mined Invariants to Annotations)parenthesized_expressions()
— Fuzzing with Grammars (Expanding Parenthesized Expressions)parsable()
— Greybox Fuzzing with Grammars (Focusing on Valid Seeds)parse()
— Parsing Inputs (A Parser Class), Parsing Inputs (The Parse Method), Parsing Inputs (Exercise 1: An Alternative Packrat), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Part 2: The Parser), Reducing Failure-Inducing Inputs (The Reduction Strategy), Control Flow Graph (PyCFG)parseCSSGrammar()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)ParseInterrupt
class — Testing Configurations (A Grammar Miner for Options and Arguments)Parser
class — Parsing Inputs (A Parser Class), Parsing Inputs (Excursion: Canonical Grammars), Parsing Inputs (Excursion: Canonical Grammars)parse_csv()
— Parsing Inputs (An Ad Hoc Parser)parse_forest()
— Parsing Inputs (Parsing Forests), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 6: Filtered Earley Parser)parse_helper()
— Parsing Inputs (Part 2: The Parser)parse_on()
— Parsing Inputs (A Parser Class)parse_paths()
— Parsing Inputs (Parsing Paths), Parsing Inputs (Exercise 7: Iterative Earley Parser)parse_prefix()
— Parsing Inputs (A Parser Class), Parsing Inputs (The Packrat Parser for Predicate Expression Grammars), Parsing Inputs (The Parse Method), Parsing Inputs (Exercise 1: An Alternative Packrat)parse_quote()
— Parsing Inputs (An Ad Hoc Parser)parse_sexp()
— Concolic Fuzzing (Using the Command Line)parse_table()
— Parsing Inputs (Part 1: A LL(1) Parsing Table), Parsing Inputs (Part 1: A LL(1) Parsing Table)parse_type()
— Mining Function Specifications (Annotating Functions with Given Types)partition()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow), Tracking Information Flow (Partitions)partition_by_part()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)PASS
— Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runners), Fuzzing: Breaking Things with Random Inputs (Runners), Fuzzing: Breaking Things with Random Inputs (Runners)paths()
— Parsing Inputs (Parsing Paths)path_expression()
— Concolic Fuzzing (Representing Decisions)Path
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)pattern()
— Concolic Fuzzing (Representing Decisions)PEG1
— Parsing Inputs (Parsing Expression Grammars)PEG2
— Parsing Inputs (Parsing Expression Grammars)PEGParser
class — Parsing Inputs (The Packrat Parser for Predicate Expression Grammars), Parsing Inputs (Unify Key), Parsing Inputs (Unify Rule), Parsing Inputs (Unify Rule)permutation()
— Concolic Fuzzing (Example: Binomial Coefficient)PGGCFuzzer
class — Fuzzing with Generators (Generators and Grammar Coverage)PICKED_US_PHONE_GRAMMAR
— Fuzzing with Generators (Synopsis)pick_area_code()
— Fuzzing with Generators (Synopsis)PlausibleChild
class — Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions)plotting_hillclimber()
— Search-Based Fuzzing (Hillclimbing the Example)PMIterator
class — Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions)PNode
class — Symbolic Fuzzing (Tracking Assignments), Symbolic Fuzzing (Tracking Assignments), Symbolic Fuzzing (Stepwise Exploration of Paths), Symbolic Fuzzing (Stepwise Exploration of Paths), Symbolic Fuzzing (Stepwise Exploration of Paths)PooledGrammarFuzzer
class — Parsing Inputs (Why Parsing for Fuzzing?)population_branch_coverage()
— Code Coverage (Part 2: Comparing statement coverage and branch coverage)population_coverage()
— Code Coverage ( Coverage of Basic Fuzzing)POPULATION_SIZE
— Testing Compilers (Survival of the Fittest), Testing Compilers (Survival of the Fittest), Testing Compilers (Survival of the Fittest)population_stmt_coverage()
— When To Stop Fuzzing (Part 1: Population Coverage)population_trace_coverage()
— When To Stop Fuzzing (Measuring Trace Coverage over Time)possible_combinations()
— Reducing Failure-Inducing Inputs (A Few Helpers)possible_expansions()
— Efficient Grammar Fuzzing (Expanding a Tree)postcondition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)postconditions()
— Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)POST
— Testing Web Applications (A Fuzzer for Web Forms)__pos__()
— Concolic Fuzzing (A Proxy Class for Integers)power()
— Carving Unit Tests (From Calls to Grammars)PowerSchedule
class — Greybox Fuzzing (Seeds and Power Schedules)POWER_GRAMMAR
— Carving Unit Tests (From Calls to Grammars)precompute_costs()
— Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)precondition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)preconditions()
— Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)PreconditionTransformer
class — Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)predict()
— Parsing Inputs (Predicting States), Parsing Inputs (Nullable), Parsing Inputs (Part 1: A LL(1) Parsing Table)prefix_vars()
— Symbolic Fuzzing (Function Summaries)pretty_invariants()
— Mining Function Specifications (Extracting Invariants)PrintRunner
class — Fuzzing: Breaking Things with Random Inputs (Runner Classes)print_httpd_messages()
— Testing Web Applications (Logging)print_maze()
— Control Flow Graph (Example: Maze)print_more_stats()
— Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)print_stats()
— Greybox Fuzzing (A First Attempt), Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)print_sum()
— Mining Function Specifications (Some Examples)print_url()
— Testing Web Applications (Direct Browser Access)ProbabilisticGeneratorGrammarCoverageFuzzer
class — Fuzzing with Generators (Generators and Grammar Coverage), Fuzzing with Generators (Generators and Grammar Coverage), Fuzzing with Generators (Generators and Grammar Coverage)ProbabilisticGeneratorGrammarFuzzer
class — Fuzzing with Generators (Generators and Probabilistic Fuzzing)ProbabilisticGrammarCoverageFuzzer
class — Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)ProbabilisticGrammarFuzzer
class — Probabilistic Grammar Fuzzing (Expanding by Probability), Probabilistic Grammar Fuzzing (Expanding by Probability)ProbabilisticGrammarMiner
class — Probabilistic Grammar Fuzzing (Assigning Probabilities), Probabilistic Grammar Fuzzing (Assigning Probabilities)prob_distribution()
— Probabilistic Grammar Fuzzing (Distributing Probabilities)prob_leading_digit()
— Probabilistic Grammar Fuzzing (The Law of Leading Digits)process()
— Mining Input Grammars (DefineTracker), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Generating All Possible Paths)process_arg()
— Testing Configurations (A Grammar Miner for Options and Arguments)process_argument()
— Testing Configurations (A Grammar Miner for Options and Arguments)process_car()
— Parsing Inputs (Why Parsing for Fuzzing?)process_car_with_obj()
— Mining Input Grammars (Exercise 1: Flattening complex objects)process_chosen_children()
— Efficient Grammar Fuzzing (Excursion: expand_node_randomly()
implementation), Fuzzing with Generators (Generating Elements before Expansion)process_inventory()
— Parsing Inputs (Why Parsing for Fuzzing?)process_inventory_with_obj()
— Mining Input Grammars (Exercise 1: Flattening complex objects)process_numbers()
— Testing Configurations (Options in Python)PROCESS_NUMBERS_EBNF_GRAMMAR
— Testing Configurations (A Grammar for Configurations)PROCESS_NUMBERS_GRAMMAR
— Testing Configurations (A Grammar for Configurations)process_van()
— Parsing Inputs (Why Parsing for Fuzzing?)process_van_with_obj()
— Mining Input Grammars (Exercise 1: Flattening complex objects)process_vehicle()
— Parsing Inputs (Why Parsing for Fuzzing?)process_vehicle_with_obj()
— Mining Input Grammars (Exercise 1: Flattening complex objects)prod_line_grammar()
— Parsing Inputs (Excursion: Testing the Parsers)ProgramRunner
class — Fuzzing: Breaking Things with Random Inputs (Runner Classes)prop_function()
— Mining Function Specifications (Evaluating Properties)prop_function_text()
— Mining Function Specifications (Evaluating Properties)proxy()
— Tracking Information Flow (String Operators), Tracking Information Flow (Splits), Tracking Information Flow (General wrappers), Tracking Information Flow (Methods yet to be translated), Tracking Information Flow (Part 2: Arithmetic expressions), Concolic Fuzzing (Binary Operators for Integers), Concolic Fuzzing (Integer Unary Operators), Concolic Fuzzing (Trip Wire), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 2: Bit Manipulation)prune_tokens()
— Concolic Fuzzing (Pruning and Updating)prune_tree()
— Parsing Inputs (A Parser Class), Parsing Inputs (Excursion: Canonical Grammars), Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)public_class_methods()
— Class Diagrams (Getting Methods and Variables)PUBLIC
— Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks)PYAN
— Control Flow Graph (Call Graph Helpers), Control Flow Graph (Call Graph Helpers)PyCFG
class — Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG)ast
module documentation — Testing Compilers (Synopsis), Testing Compilers (Synopsis)PythonFuzzer
class — Testing Compilers (A Class for Fuzzing Python)PYTHON_AST_COMPOSITES_GRAMMAR
— Testing Compilers (Excursion: Composites)PYTHON_AST_GRAMMAR
— Testing Compilers (Synopsis), Testing Compilers (End of Excursion), Testing Compilers (End of Excursion), Testing Compilers (Adjusting the Grammar), Testing Compilers (Synopsis)Q0
— When To Stop Fuzzing (Part 3: Compute and Evaluate Extrapolator)Q1
— When To Stop Fuzzing (Part 2: Compute Estimate)Q2
— When To Stop Fuzzing (Part 2: Compute Estimate)quadratic_solver()
— Introduction to Software Testing (Exercise 3: Quadratic Solver)quadratic_solver_fixed()
— Introduction to Software Testing (Part 2: Fix the problem)quad_solver()
— Control Flow Graph (quad_solver)qualified()
— Mining Input Grammars (Context), Mining Input Grammars (Exercise 1: Flattening complex objects)quux()
— Class Diagrams (Getting a Class Hierarchy)qux()
— Class Diagrams (Getting a Class Hierarchy)__radd__()
— Tracking Information Flow (String Operators), Tracking Information Flow (Concatenation), Concolic Fuzzing (Concatenation of Strings)RandomFuzzer
class — Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)randomized_hillclimb()
— Search-Based Fuzzing (Global Search)random_list()
— Introduction to Software Testing (Part 2: Random Inputs)random_string()
— Search-Based Fuzzing (Hillclimbing Valid Hexadecimal Inputs)random_unicode_string()
— Search-Based Fuzzing (Evolutionary Search)reachable_nonterminals()
— Fuzzing with Grammars (Excursion: Implementing is_valid_grammar()
)readable()
— Mining Input Grammars (Recovering Grammars from Derivation Trees)readable_rule()
— Mining Input Grammars (Recovering Grammars from Derivation Trees)read_gcov_coverage()
— Code Coverage (Getting Coverage from External Programs)rearrange()
— Parsing Inputs (Exercise 5: Leo Parser)recover_grammar()
— Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Grammar Mining)recover_grammar_with_taints()
— Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)recurse_grammar()
— Parsing Inputs (Excursion: Canonical Grammars)recursive_delete()
— Greybox Fuzzing with Grammars (Fragment-Based Mutation)recursive_swap()
— Greybox Fuzzing with Grammars (Fragment-Based Mutation)RedBlackTree
class — Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)reduce()
— Reducing Failure-Inducing Inputs (Delta Debugging), Reducing Failure-Inducing Inputs (Delta Debugging), Reducing Failure-Inducing Inputs (The Reduction Strategy)Reducer
class — Reducing Failure-Inducing Inputs (Delta Debugging)reduce_subtree()
— Reducing Failure-Inducing Inputs (The Reduction Strategy)reduce_tree()
— Reducing Failure-Inducing Inputs (The Reduction Strategy), Reducing Failure-Inducing Inputs (A Depth-Oriented Strategy)RegionMutator
class — Greybox Fuzzing with Grammars (Region-Based Mutation), Greybox Fuzzing with Grammars (Region-Based Mutation), Greybox Fuzzing with Grammars (Region-Based Mutation)register()
— Mutation Analysis (A Simple Mutator for Functions)register_event()
— Mining Input Grammars (AssignmentVars)register_node()
— Control Flow Graph (Registry)REGISTRY_IDX
— Control Flow Graph (Registry), Control Flow Graph (Registry)REGISTRY
— Control Flow Graph (Registry), Control Flow Graph (Registry)remove_first_char()
— Mining Function Specifications (Exercise 3: Verbose Invariant Checkers), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)rename_variables()
— Symbolic Fuzzing (Dealing with Reassignments)replace()
— Tracking Information Flow (Replace)replace_symbol()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)repOK()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)__repr__()
— Code Coverage (A Coverage Class), Parsing Inputs (Tree Extractor), Mining Input Grammars (Context), Mining Input Grammars (CallStack), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Part 3: Passing taints from integers to strings), Concolic Fuzzing (Representing Decisions), Symbolic Fuzzing (Tracking Assignments), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Control Flow Graph (CFGNode)REQUIRED_FIELDS
— Testing Web Applications (Part 4: A Robust Server)__req__()
— Concolic Fuzzing (Equality between Integers), Concolic Fuzzing (Equality between Strings)reset()
— Mutation-Based Fuzzing (Multiple Mutations), Mutation-Based Fuzzing (Guiding by Coverage), Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Greybox Fuzzing (Greybox Mutation-based Fuzzing), Greybox Fuzzing (Boosted Greybox Fuzzing), Probabilistic Grammar Fuzzing (Counting Expansions), Reducing Failure-Inducing Inputs (Delta Debugging), Reducing Failure-Inducing Inputs (Delta Debugging), Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls), Carving Unit Tests (Part 1: Store function results), Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (Crawling User Interfaces), When To Stop Fuzzing (Fuzzing the Enigma)reset_counter()
— Concolic Fuzzing (Generating Fresh Names)reset_coverage()
— Grammar Coverage (Keeping Track of Expansions)reset_generators()
— Fuzzing with Generators (Support for Python Generators)reset_registry()
— Control Flow Graph (Registry)restart()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)RestartExpansionException
class — Fuzzing with Generators (Local Checking and Repairing)restarting_hillclimber()
— Search-Based Fuzzing (Hillclimbing the Example)restart_expansion()
— Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Generators and Grammar Coverage)result()
— Carving Unit Tests (Part 2: Access results)ResultCarver
class — Carving Unit Tests (Exercises), Carving Unit Tests (Part 1: Store function results), Carving Unit Tests (Part 2: Access results)RETURN_VALUE
— Mining Function Specifications (Extracting Invariants)RE_EXTENDED_NONTERMINAL
— Fuzzing with Grammars (Expanding Operators)RE_NONTERMINAL
— Fuzzing with Grammars (Some Definitions)RE_PARENTHESIZED_EXPR
— Fuzzing with Grammars (Expanding Parenthesized Expressions)right()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)RISKY_NUMBERS
— Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs), Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs)rjust()
— Tracking Information Flow (Justify)__rmod__()
— Tracking Information Flow (mod)rootIsBlack()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)roots()
— Symbolic Fuzzing (Example: Roots of a Quadratic Equation)roots2()
— Symbolic Fuzzing ( Roots - Check Before Divide)roots3()
— Symbolic Fuzzing ( Roots - Eliminating the Zero Division Error)round10()
— Concolic Fuzzing (Example: Round)rpartition()
— Tracking Information Flow (Partitions)RR_GRAMMAR2
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR3
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR4
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR5
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR6
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR7
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR8
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR9
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR
— Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)rsplit()
— Tracking Information Flow (Split)rstrip()
— Tracking Information Flow (Strip), Concolic Fuzzing (Remove Space from Ends)rules()
— Parsing Inputs (Nullable), Parsing Inputs (Part 1: A LL(1) Parsing Table)run()
— Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes), Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff), Mutation-Based Fuzzing (Guiding by Coverage), Mutation-Based Fuzzing (Guiding by Coverage), Greybox Fuzzing (Greybox Mutation-based Fuzzing), Greybox Fuzzing (Boosted Greybox Fuzzing), Reducing Failure-Inducing Inputs (Why Reducing?), Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules), Reducing Failure-Inducing Inputs (Synopsis), Testing Configurations (Classes for Fuzzing Configuration Options), Testing Web Applications (Fuzzing with Unexpected Values), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), When To Stop Fuzzing (Fuzzing the Enigma)Runner
class — Fuzzing: Breaking Things with Random Inputs (Runner Classes)runs()
— Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)runTest()
— Mutation Analysis (Mutator for Modules and Test Suites)run_function()
— Mutation-Based Fuzzing (Guiding by Coverage), Mutation-Based Fuzzing (Guiding by Coverage)run_fuzzmanager()
— Fuzzing in the Large (Excursion: Starting the Server)run_fuzzmanager_forever()
— Fuzzing in the Large (Excursion: Starting the Server)run_generator()
— Fuzzing with Generators (Generating Elements before Expansion), Fuzzing with Generators (Support for Python Generators)run_httpd_forever()
— Testing Web Applications (Running the Server)run_post_functions()
— Fuzzing with Generators (Checking and Repairing Elements after Expansion)run_post_functions_locally()
— Fuzzing with Generators (Local Checking and Repairing)run_process()
— Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runner Classes)sample_db()
— Tracking Information Flow (Representing Tables)sanitize()
— Tracking Information Flow (Tracking Untrusted Input)scan()
— Parsing Inputs (Scanning Tokens)ScopedGrammarMiner
class — Mining Input Grammars (Grammar Mining), Mining Input Grammars (Grammar Mining), Mining Input Grammars (Grammar Mining), Mining Input Grammars (Grammar Mining)ScopedVars
class — Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars)ScopeTracker
class — Mining Input Grammars (Scope Tracker), Mining Input Grammars (Scope Tracker)ScopeTreeMiner
class — Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)score()
— Mutation Analysis (Evaluating Mutations), Mutation Analysis (Mutator for Modules and Test Suites)search_superclasses()
— Class Diagrams (Getting Methods and Variables)second()
— Class Diagrams (Getting a Class Hierarchy)SECRET_ORIGIN
— Tracking Information Flow (Privacy Leaks Revisited), Tracking Information Flow (Privacy Leaks Revisited), Tracking Information Flow (Privacy Leaks Revisited)SECRET
— Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks)SeedWithRegions
class — Greybox Fuzzing with Grammars (Region-Based Mutation)SeedWithStructure
class — Greybox Fuzzing with Grammars (Building the Fragment Pool)Seed
class — Greybox Fuzzing (Seeds and Power Schedules)select()
— Testing Compilers (Survival of the Fittest)selection()
— Search-Based Fuzzing (Genetic Algorithms)send_back()
— Tracking Information Flow (Preventing Privacy Leaks)send_order_form()
— Testing Web Applications (Order Form)send_order_received()
— Testing Web Applications (Processing Orders), Testing Web Applications (Part 2: Sanitized HTML)send_terms_and_conditions()
— Testing Web Applications (Order Form)Sequence
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)seq_vars()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)__setitem__()
— Mining Input Grammars (Vars)set_arguments()
— Testing Configurations (Classes for Fuzzing Configuration Options)set_expansion_probabilities()
— Probabilistic Grammar Fuzzing (Assigning Probabilities)set_flatten_depth()
— Mining Input Grammars (Exercise 1: Flattening complex objects)set_grammar()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)set_invocation()
— Testing Configurations (Classes for Fuzzing Configuration Options)_set_kv()
— Mining Input Grammars (Vars), Mining Input Grammars (AssignmentVars)set_opts()
— Fuzzing with Grammars (Excursion: Implementing opts()
)set_parents()
— Control Flow Graph (CFGNode)set_prob()
— Probabilistic Grammar Fuzzing (Directed Fuzzing)set_probabilities()
— Probabilistic Grammar Fuzzing (Assigning Probabilities)SEXPR_TOKEN
— Concolic Fuzzing (Using the Command Line)shellsort()
— Introduction to Software Testing (Exercise 2: Testing Shellsort)show_ast()
— Symbolic Fuzzing (Function Summaries), Academic Prototyping (Static Analysis in Python: Still Easy), Prototyping with Python (Static Analysis in Python: Still Easy)show_cfg()
— Symbolic Fuzzing (The Control Flow Graph)show_coverage()
— Mutation Analysis (Structural Coverage Adequacy by Example), Symbolic Fuzzing (Visualizing the Coverage), Testing Compilers (Getting Coverage)show_diagram()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)show_grammar()
— Parsing Inputs (Excursion: Canonical Grammars)show_table()
— Parsing Inputs (Part 1: A LL(1) Parsing Table)SIGALRM
— Timeout (Synopsis), Timeout (Synopsis)SIGALRM
signals](https://docs.python.org/3.10/library/signal.html) (interrupts) to implement timeouts; this has no effect on performance of the tracked code. On other systems (notably Windows), Timeout
uses the [sys.settrace()
— Timeout (Synopsis), Timeout (Synopsis)SignalTimeout
class — Timeout (Variant 1: Unix (using signals, efficient))SimpleConcolicFuzzer
class — Concolic Fuzzing (The SimpleConcolicFuzzer class), Concolic Fuzzing (The SimpleConcolicFuzzer class), Concolic Fuzzing (The SimpleConcolicFuzzer class), Concolic Fuzzing (The fuzzing method)SimpleExtractor
class — Parsing Inputs (Tree Extractor)SimpleGrammarCoverageFuzzer
class — Grammar Coverage (Covering Grammar Expansions), Grammar Coverage (Covering Grammar Expansions)SimpleHTTPRequestHandler
class — Testing Web Applications (Excursion: Implementing a Web Server), Testing Web Applications (Handling HTTP Requests), Testing Web Applications (Order Form), Testing Web Applications (Order Form), Testing Web Applications (Processing Orders), Testing Web Applications (Processing Orders), Testing Web Applications (Processing Orders), Testing Web Applications (Processing Orders), Testing Web Applications (Other HTTP commands), Testing Web Applications (Page Not Found), Testing Web Applications (Internal Errors), Testing Web Applications (Logging)SimpleSymbolicFuzzer
class — Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Generating All Possible Paths), Symbolic Fuzzing (Generating All Possible Paths), Symbolic Fuzzing (Extracting All Constraints), Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer), Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer), Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)simple_call_string()
— Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording my_sqrt())simple_grammar_fuzzer()
— Fuzzing with Grammars (A Simple Grammar Fuzzer)simple_parse_csv()
— Parsing Inputs (An Ad Hoc Parser)single_char_tokens()
— Parsing Inputs (Excursion: Canonical Grammars)Skip
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)smt_expr()
— Concolic Fuzzing (Translating to the SMT Expression Format)smt_val()
— Concolic Fuzzing (Representing Decisions)solve_path_constraint()
— Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer), Symbolic Fuzzing (Solving Path Constraints)some_long_running_function()
— Timer (Measuring Time), Timeout (Variant 1: Unix (using signals, efficient))sort_by_prob()
— Probabilistic Grammar Fuzzing (Testing Uncommon Features)source()
— Control Flow Graph (CFGNode)span()
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)split()
— Parsing Inputs (Excursion: Canonical Grammars), Tracking Information Flow (Split), Concolic Fuzzing (Splitting Strings)_split_helper()
— Tracking Information Flow (Split)_split_space()
— Tracking Information Flow (Split)sql()
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Tracking Untrusted Input)SQLException
class — Tracking Information Flow (A Vulnerable Database)SQLInjectionFuzzer
class — Testing Web Applications (Fully Automatic Web Attacks)SQLInjectionGrammarMiner
class — Testing Web Applications (Fully Automatic Web Attacks)sqrt_program()
— Introduction to Software Testing (System Input vs Function Input), Introduction to Software Testing (System Input vs Function Input), Introduction to Software Testing (System Input vs Function Input)srange()
— Fuzzing with Grammars (Character Classes)src()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites)stack_to_tree()
— Mining Input Grammars (CallStack)Stack
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)startswith()
— Concolic Fuzzing (Checking for String Prefixes)start_httpd()
— Testing Web Applications (Running the Server)START_STATE
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)start_symbol()
— Parsing Inputs (A Parser Class)START_SYMBOL
— Fuzzing with Grammars (Some Definitions)start_webdriver()
— Testing Graphical User Interfaces (Starting the Web driver)Start
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)State
class — Parsing Inputs (States), Parsing Inputs (Exercise 5: Leo Parser)steepest_ascent_hillclimber()
— Search-Based Fuzzing (Hillclimbing the Example)StmtDeletionMutator
class — Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions)store_order()
— Testing Web Applications (Processing Orders), Testing Web Applications (Part 3: Sanitized SQL)string_part_of_value()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)strip()
— Tracking Information Flow (Strip), Concolic Fuzzing (Remove Space from Ends)strip_all_info()
— Tracking Information Flow (Conversions)strip_all_info_again()
— Tracking Information Flow (Implicit Information Flow)STROKE_ODD_PIXEL_LENGTH
— Railroad Diagrams (Excursion: Railroad diagrams implementation)StrongShapeTest
class — Mutation Analysis (Mutator for Modules and Test Suites)strong_oracle()
— Mutation Analysis (Structural Coverage Adequacy by Example)__str__()
— Greybox Fuzzing (Seeds and Power Schedules), Parsing Inputs (Columns), Parsing Inputs (States), Parsing Inputs (Tree Extractor), Mining Input Grammars (CallStack), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (Taint Aware Fuzzing), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Part 3: Passing taints from integers to strings), Concolic Fuzzing (Representing Decisions), Symbolic Fuzzing (Stepwise Exploration of Paths), Control Flow Graph (CFGNode)Style
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)submit()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)subtrees_with_symbol()
— Reducing Failure-Inducing Inputs (Finding Subtrees)suite()
— Mutation Analysis (Mutator for Modules and Test Suites)sum()
— Mining Function Specifications (Synopsis), Testing Compilers (Parsing Inputs)sum2()
— Mining Function Specifications (Some Examples)sum3()
— Mining Function Specifications (Multiple Types)supported_opts()
— Efficient Grammar Fuzzing (Excursion: check_grammar()
implementation), Probabilistic Grammar Fuzzing (Expanding by Probability), Fuzzing with Generators (A Class for Integrating Constraints), Fuzzing with Generators (Generators and Probabilistic Fuzzing), Fuzzing with Generators (Generators and Grammar Coverage)swapcase()
— Tracking Information Flow (String methods that do not change origin)swap_fragment()
— Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Region-Based Mutation)SymbolicFuzzer
class — Symbolic Fuzzing (Advanced Symbolic Fuzzing), Symbolic Fuzzing (Check Before You Loop), Symbolic Fuzzing (Solving Path Constraints), Symbolic Fuzzing (Generating All Paths), Symbolic Fuzzing (Generating All Paths), Symbolic Fuzzing (Exercise 2: Statically checking if a loop should be unrolled further), Symbolic Fuzzing (Exercise 2: Statically checking if a loop should be unrolled further)symbol_cost()
— Efficient Grammar Fuzzing (Excursion: Implementing Cost Functions)SYMBOL_NAME
— Efficient Grammar Fuzzing (Representing Derivation Trees)symbol_reductions()
— Reducing Failure-Inducing Inputs (Both Strategies Together)SYMBOL_TABLE
— Fuzzing with Generators (Definitions and Uses)sym_to_float()
— Symbolic Fuzzing (Example: Roots of a Quadratic Equation)SYM_VARS_STR
— Symbolic Fuzzing (Get Names and Types of Variables Used)SYM_VARS
— Symbolic Fuzzing (The Control Flow Graph)syntax_diagram()
— Fuzzing with Grammars (Excursion: Implementing syntax_diagram()
)syntax_diagram_alt()
— Fuzzing with Grammars (Excursion: Implementing syntax_diagram()
)syntax_diagram_expr()
— Fuzzing with Grammars (Excursion: Implementing syntax_diagram()
)syntax_diagram_symbol()
— Fuzzing with Grammars (Excursion: Implementing syntax_diagram()
)_t()
— Parsing Inputs (States), Mining Input Grammars (Context)table()
— Tracking Information Flow (Representing Tables), Concolic Fuzzing (Example: Database)TaintedDB
class — Tracking Information Flow (TaintedDB)TaintedGrammarFuzzer
class — Tracking Information Flow (TaintedGrammarFuzzer), Tracking Information Flow (TaintedGrammarFuzzer), Tracking Information Flow (TaintedGrammarFuzzer), Tracking Information Flow (TaintedGrammarFuzzer)TaintedInputStack
class — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)TaintedScopedGrammarMiner
class — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)TaintedScopedVars
class — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)TaintedScopeTracker
class — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)TaintedScopeTreeMiner
class — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)Tainted
class — Tracking Information Flow (Taint Aware Fuzzing)target_tile()
— Greybox Fuzzing (Solving the Maze), Control Flow Graph (Example: Maze), Control Flow Graph (Example: Maze)terminals()
— Parsing Inputs (Nullable)terminal_repr()
— Search-Based Fuzzing (Evolutionary Search)Terminal
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)test()
— Reducing Failure-Inducing Inputs (Delta Debugging), Reducing Failure-Inducing Inputs (Delta Debugging)TestGCD
class — Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Synopsis)test_equilateral()
— Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)test_isosceles()
— Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)test_me()
— Search-Based Fuzzing (Representing Program Inputs as a Search Problem)test_me2()
— Search-Based Fuzzing (Hillclimbing the Example)test_me2_instrumented()
— Search-Based Fuzzing (Hillclimbing the Example)test_me_instrumented()
— Search-Based Fuzzing (Instrumentation), Search-Based Fuzzing (Instrumentation)test_mirror()
— Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Synopsis)test_samples()
— Testing Compilers (Constants)test_scalene()
— Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)test_simple()
— Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Synopsis)test_successful_order()
— Testing Graphical User Interfaces (Writing Test Cases)tile_()
— Control Flow Graph (Example: Maze), Control Flow Graph (Example: Maze), Control Flow Graph (Example: Maze)timeout_handler()
— Timeout (Variant 1: Unix (using signals, efficient))Timer
class — Timer (Measuring Time)tint
class — Tracking Information Flow (Part 1: Creation), Tracking Information Flow (Part 2: Arithmetic expressions), Tracking Information Flow (Part 3: Passing taints from integers to strings), Tracking Information Flow (Part 3: Passing taints from integers to strings), Tracking Information Flow (Part 4: Passing taints from strings to integers)title()
— Tracking Information Flow (String methods that do not change origin)to_graph()
— Control Flow Graph (Supporting Functions)to_json()
— Control Flow Graph (CFGNode)to_nonterminal()
— Mining Input Grammars (Assembling a Derivation Tree)to_single_assignment_predicates()
— Symbolic Fuzzing (Renaming Used Variables)to_src()
— Symbolic Fuzzing (Function Summaries)trace()
— Code Coverage (A Coverage Class)traceit()
— Code Coverage (Tracing Executions), Code Coverage (A Coverage Class), Mining Input Grammars (Tracer), Mining Input Grammars (Context), Mining Input Grammars (Context), Concolic Fuzzing (Tracking Constraints), Mining Function Specifications (Tracking Calls), Mining Function Specifications (Tracking Calls), Testing Configurations (A Grammar Miner for Options and Arguments), Carving Unit Tests (Recording Calls), Carving Unit Tests (Exercises), Carving Unit Tests (Part 1: Store function results), Academic Prototyping (Dynamic Analysis in Python: So Easy it Hurts), Prototyping with Python (Dynamic Analysis in Python: So Easy it Hurts)TraceNode
class — Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions)Tracer
class — Mining Input Grammars (Tracer), Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (Context)TraceTree
class — Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions)trace_call()
— Mining Function Specifications (Tracking Calls)trace_locals()
— Testing Configurations (Tracking Arguments)trace_options()
— Testing Configurations (Tracking Arguments)trace_return()
— Mining Function Specifications (Tracking Calls)tracing_context()
— Mining Input Grammars (Context)tracing_var()
— Mining Input Grammars (Context)Tracker
class — Mining Function Specifications (Tracking Calls)TrackingArcCoverage
class — Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer)TrackingConfigParser
class — Testing Configurations (Part 3: Mine a Configuration Grammar)TrackingDB
class — Tracking Information Flow (TrackingDB)TrackingGrammarCoverageFuzzer
class — Grammar Coverage (Tracking Grammar Coverage), Grammar Coverage (Keeping Track of Expansions), Grammar Coverage (Computing Possible Expansions), Grammar Coverage (Tracking Expansions while Fuzzing), Grammar Coverage (Tracking Expansions while Fuzzing)track_event()
— Mining Input Grammars (DefineTracker), Mining Input Grammars (AssignmentTracker)translate_to_z3_name()
— Symbolic Fuzzing (Get Names and Types of Variables Used)traverse()
— Academic Prototyping (Static Analysis in Python: Still Easy), Academic Prototyping (A Symbolic Test Generator), Prototyping with Python (Static Analysis in Python: Still Easy), Prototyping with Python (A Symbolic Test Generator)traverse_if_children()
— Academic Prototyping (A Symbolic Test Generator), Prototyping with Python (A Symbolic Test Generator)traverse_tree()
— Efficient Grammar Fuzzing (Excursion: Implementing display_tree()
), Class Diagrams (Getting a Class Tree)traverse_z3()
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)TreeMiner
class — Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)tree_fitness()
— Testing Compilers (Fitness)tree_list_to_string()
— Reducing Failure-Inducing Inputs (A Few Helpers)TREE_NODES
— Concolic Fuzzing (The SimpleConcolicFuzzer class)tree_to_grammar()
— Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Grammar Mining)tree_to_string()
— Efficient Grammar Fuzzing (End of Excursion), Tracking Information Flow (TaintedGrammarFuzzer), Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)tree_type()
— Tracking Information Flow (TaintedGrammarFuzzer)TRIALS
— Fuzzing in the Large (End of Excursion), Fuzzing in the Large (Collecting Code Coverage)triangle()
— Mutation Analysis (Structural Coverage Adequacy by Example), Concolic Fuzzing (Translating to the SMT Expression Format), Academic Prototyping (Python is Easy), Prototyping with Python (Python is Easy)triangle_m1()
— Mutation Analysis (Injecting Artificial Faults)triangle_traced()
— Academic Prototyping (Dynamic Analysis in Python: So Easy it Hurts), Prototyping with Python (Dynamic Analysis in Python: So Easy it Hurts)trim_grammar()
— Fuzzing with Grammars (Excursion: Implementing is_valid_grammar()
)TroffRunner
class — Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff)true_property_instantiations()
— Mining Function Specifications (Checking Invariants)TrustedDB
class — Tracking Information Flow (Tracking Untrusted Input)TRUSTED
— Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks)TState
class — Parsing Inputs (Exercise 5: Leo Parser)tstr1()
— Concolic Fuzzing (Equality between Strings), Concolic Fuzzing (Equality between Strings)tstr10()
— Concolic Fuzzing (Remove Space from Ends)tstr11()
— Concolic Fuzzing (Splitting Strings)tstr2()
— Concolic Fuzzing (Length of Strings)tstr3()
— Concolic Fuzzing (An Iterator Class for Strings)tstr4()
— Concolic Fuzzing (Translating to Upper and Lower Equivalents)tstr5()
— Concolic Fuzzing (Translating to Upper and Lower Equivalents)tstr6()
— Concolic Fuzzing (Checking for String Prefixes)tstr7()
— Concolic Fuzzing (Finding Substrings)tstr8()
— Concolic Fuzzing (Remove Space from Ends)tstr9()
— Concolic Fuzzing (Remove Space from Ends)tstr
class — Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (String Operators), Tracking Information Flow (String Operators), Tracking Information Flow (String Operators)twice()
— Testing Configurations (Creating Autopep8 Options)TypeAnnotator
class — Mining Function Specifications (All-in-one Annotation)typed_functions()
— Mining Function Specifications (All-in-one Annotation)typed_functions_ast()
— Mining Function Specifications (All-in-one Annotation)typed_triangle()
— Academic Prototyping ((No) Type Checking), Prototyping with Python ((No) Type Checking)TypeTracker
class — Mining Function Specifications (All-in-one Annotation)TypeTransformer
class — Mining Function Specifications (Annotating Functions with Given Types), Mining Function Specifications (Annotating Functions with Given Types), Mining Function Specifications (Annotating Functions with Given Types)type_string()
— Mining Function Specifications (Annotating Functions with Mined Types)TYPE
— Fuzzing with Constraints (Quantifiers)UNEXPLORED_STATE
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)unhack()
— Control Flow Graph (Supporting Functions)unicode_escape()
— Fuzzing in the Large (Excursion: escapelines()
implementatipn)unicode_string_neighbors()
— Search-Based Fuzzing (Evolutionary Search)unify_key()
— Parsing Inputs (Unify Key), Parsing Inputs (Unify Rule), Parsing Inputs (Exercise 1: An Alternative Packrat)unify_rule()
— Parsing Inputs (Unify Rule), Parsing Inputs (Exercise 1: An Alternative Packrat)uniq_postdot()
— Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)unknown()
— Class Diagrams (Getting Docs)UNKNOWN_ORIGIN
— Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Privacy Leaks Revisited)unreachable_nonterminals()
— Fuzzing with Grammars (Excursion: Implementing is_valid_grammar()
)UNRESOLVED
— Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runners), Fuzzing: Breaking Things with Random Inputs (Runners), Reducing Failure-Inducing Inputs (End of Excursion)UNTRUSTED
— Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks)unwrap_substrings()
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)up()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)update()
— Mining Input Grammars (Vars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)update_cache()
— Parsing Inputs (Why Parsing for Fuzzing?)update_children()
— Control Flow Graph (CFGNode), Control Flow Graph (PyCFG)update_existing_state()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)update_functions()
— Control Flow Graph (PyCFG)update_grammar()
— Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recover Grammar), Mining Input Grammars (Grammar Mining), Tracking Information Flow (TaintedGrammarFuzzer), Concolic Fuzzing (Pruning and Updating)update_inventory()
— Tracking Information Flow (End of Excursion)update_maps()
— Search-Based Fuzzing (Instrumentation for Atomic Conditions)update_new_state()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)update_state()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)update_tree()
— Tracking Information Flow (TaintedGrammarFuzzer)upper()
— Tracking Information Flow (String methods that do not change origin), Concolic Fuzzing (Translating to Upper and Lower Equivalents)URLPARSE_ORACLE_GRAMMAR
— Fuzzing APIs (Exercise 1: Deep Arguments)URLS_X
— Mining Input Grammars (Problems with the Simple Miner)URLS
— Mining Input Grammars (Example 2. Recovering URL Grammar)url_parse()
— Mining Input Grammars (Example 2. Recovering URL Grammar)used_identifiers()
— Symbolic Fuzzing (Get Names and Types of Variables Used)used_vars()
— Symbolic Fuzzing (Get Names and Types of Variables Used)use_id()
— Fuzzing with Generators (Definitions and Uses)v()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)V1
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree)valid_luhn_checksum()
— Fuzzing with Generators (Functions Called After Expansion)VALUES
— Tracking Information Flow (Inserting Data)VARIABLE
— Code Coverage (A Coverage Class), Fuzzing with Constraints (Quantifiers), Fuzzing with Constraints (Quantifiers), Fuzzing with Constraints (Matching Expansion Elements), Fuzzing with Constraints (Matching Expansion Elements)Vars
class — Mining Input Grammars (Vars), Mining Input Grammars (Vars)var_access()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)var_assign()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)VAR_GRAMMAR
— Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Definitions and Uses)var_location_register()
— Mining Input Grammars (AssignmentVars)var_name()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)var_string()
— Class Diagrams (Drawing Class Hierarchy with Method Names)var_symbol()
— Carving Unit Tests (A Grammar from Arguments)VAR
— Class Diagrams (Getting a Class Hierarchy)VEHICLES
— Mining Input Grammars (A Simple Grammar Miner), Tracking Information Flow (A Vulnerable Database), Tracking Information Flow (End of Excursion)Vehicle
class — Mining Input Grammars (Exercise 1: Flattening complex objects)verbose_condition()
— Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)verbose_postcondition()
— Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)verbose_precondition()
— Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)visit_AnnAssign()
— Mutation Analysis (A Simple Mutator for Functions)visit_Assert()
— Mutation Analysis (A Simple Mutator for Functions)visit_Assign()
— Mutation Analysis (A Simple Mutator for Functions)visit_AugAssign()
— Mutation Analysis (A Simple Mutator for Functions)visit_BinOp()
— Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)visit_Break()
— Mutation Analysis (A Simple Mutator for Functions)visit_Compare()
— Search-Based Fuzzing (Instrumenting Source Code Automatically)visit_Continue()
— Mutation Analysis (A Simple Mutator for Functions)visit_Delete()
— Mutation Analysis (A Simple Mutator for Functions)visit_Expr()
— Mutation Analysis (A Simple Mutator for Functions), Mining Function Specifications (Annotating Functions with Given Types)visit_FunctionDef()
— Search-Based Fuzzing (Instrumenting Source Code Automatically), Mining Function Specifications (Annotating Functions with Given Types), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)visit_Global()
— Mutation Analysis (A Simple Mutator for Functions)visit_Name()
— Mining Function Specifications (Extracting Meta-Variables), Mining Function Specifications (Instantiating Properties)visit_Nonlocal()
— Mutation Analysis (A Simple Mutator for Functions)visit_Pass()
— Mutation Analysis (A Simple Mutator for Functions)visit_Raise()
— Mutation Analysis (A Simple Mutator for Functions)visit_Return()
— Mutation Analysis (A Simple Mutator for Functions)visit_z3_expr()
— Concolic Fuzzing (Hack to use the ASCII value of a character.)VisualCoverage
class — Mutation Analysis (Structural Coverage Adequacy by Example)VisualizedArcCoverage
class — Symbolic Fuzzing (Visualizing the Coverage)VS
— Railroad Diagrams (Excursion: Railroad diagrams implementation)walk()
— Control Flow Graph (PyCFG)was_seen()
— Parsing Inputs (Exercise 6: Filtered Earley Parser)WeakShapeTest
class — Mutation Analysis (Mutator for Modules and Test Suites)weak_oracle()
— Mutation Analysis (Structural Coverage Adequacy by Example)webbrowser()
— Carving Unit Tests (System Tests vs Unit Tests), Testing Web Applications (Logging)WebFormFuzzer
class — Testing Web Applications (A Fuzzer for Web Forms)WebRunner
class — Testing Web Applications (Fuzzing with Unexpected Values)WHERE
— Tracking Information Flow (Deleting Data)wrapper()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)wrapString()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)writeSvg()
— Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation)x()
— Tracking Information Flow (Extract Origin String)XML_GRAMMAR
— Greybox Fuzzing with Grammars (Building the Fragment Pool)XML_UNICODE_WCHAR_T
— Testing Configurations (Part 3: C Preprocessor Configuration Fuzzing)z3_as_string()
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)Z3_BINARY
— Concolic Fuzzing (Using the Command Line)z3_chr()
— Concolic Fuzzing (Hack to use the ASCII value of a character.)z3_names_and_types()
— Symbolic Fuzzing (Get Names and Types of Variables Used)Z3_OPTIONS
— Concolic Fuzzing (Using the Command Line)z3_ord()
— Concolic Fuzzing (Hack to use the ASCII value of a character.)zbool
class — Concolic Fuzzing (A Proxy Class for Booleans), Concolic Fuzzing (Negation of Encoded formula), Concolic Fuzzing (Registering Predicates on Conditionals)zchr()
— Concolic Fuzzing (Translating an Ordinal Value to ASCII)ZeroDivisionRunner
class — Reducing Failure-Inducing Inputs (Synopsis)ZeroOrMore()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)zeval()
— Concolic Fuzzing (Evaluating the Concolic Expressions)zeval_py()
— Concolic Fuzzing (Using the Python API)zeval_smt()
— Concolic Fuzzing (Using the Command Line)zfloat
class — Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)zint
class — Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (Equality between Integers), Concolic Fuzzing (Equality between Integers), Concolic Fuzzing (Comparisons between Integers), Concolic Fuzzing (Comparisons between Integers), Concolic Fuzzing (Using an Integer in a Boolean Context), Concolic Fuzzing (Exercise 2: Bit Manipulation)zord()
— Concolic Fuzzing (Retrieving Ordinal Value)zproxy_create()
— Concolic Fuzzing (Concolic Proxy Objects)zstr_iterator
class — Concolic Fuzzing (An Iterator Class for Strings)zstr
class — Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (Equality between Strings), Concolic Fuzzing (Length of Strings), Concolic Fuzzing (Length of Strings), Concolic Fuzzing (Concatenation of Strings), Concolic Fuzzing (Producing Substrings), Concolic Fuzzing (Translating to Upper and Lower Equivalents), Concolic Fuzzing (Translating to Upper and Lower Equivalents), Concolic Fuzzing (Checking for String Prefixes), Concolic Fuzzing (Finding Substrings), Concolic Fuzzing (Remove Space from Ends), Concolic Fuzzing (Remove Space from Ends), Concolic Fuzzing (Remove Space from Ends), Concolic Fuzzing (Splitting Strings)_zv()
— Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)