From: A dynamic taint tracking optimized fuzz testing method based on multi-modal sensor data fusion
Node xi | DIF(xi) | CDC(xi) | Constraint(xi) | Valid grammar | Grammar after fuzzification | Test grammar |
---|---|---|---|---|---|---|
31 | I | ø | ø | I = 0x0000 | I ≠0x0000 | I = 0x0000 I ≠0x0000 |
81 | I~C | (31,F) | I = 0x0000 | Crc(I ~ D) = C | Crc(I ~ D) ≠C | Crc(I ~ D) = C Crc(I ~ D) ≠C |
131 | F | (81,F) | I = 0x0000 crc(I ~ D) = C | F = 0x01 | F ≠0x01 | F = 0x01 F ≠0x01 |
141 | F | (131,F) | I = 0x0000 crc(I ~ D) = C F ≠0x01 | Skip | Skip | Skip |
171 | S, E | (141,T) | I = 0x0000 crc(I ~ D) = C F = 0x05 | S ≤ E | S > E | S ≤ E S > E |
211 | S, E | (171,F) | I = 0x0000 crc(I ~ D) = C F = 0x05 S ≤ E | Skip | Skip | Skip |
211 | L, S, E | (211,T) | I = 0x0000 crc(I ~ D) = C F3 = {1}, F4 ≤ F5 | Input size is valid | Input size is valid | Input size is valid |