Testing software to verify its correctness and debugging code to locate and patch faults are two important tasks that need to be mastered by every software developer. With increasing complexity of software these tasks become progressively complicated and cumbersome. Hence, approaches that simplify these tasks are needed. Fuzzing and delta-debugging are two zeitgeisty automatic techniques that allow the systematic generation and reduction of test data. However, most implementations of these techniques utilize either fuzzing or delta-debugging with hard-coded models, or are complicated fuzzing frameworks that lack usability.
In this thesis, we introduce Tavor, a framework and tool for applying both fuzzing and delta-debugging while operating on one user-defined data model, and the Tavor Format, an EBNF-like notation that allows to define data models for file formats, protocols and test cases. In combination they allow the basic utilization of fuzzing and delta-debugging without any programming knowledge, making these techniques available to non-expert users. Additionally, we present the necessary data structures, interfaces and algorithms to achieve this combination of fuzzing and delta-debugging.
One part of our evaluation is the comparison of Tavors fuzzing capabilities with aigfuzz, a dedicated fuzzer for the sophisticated AIGER format. In total 16 commands of the AIGER toolset were evaluated to compare the generated test sets. On average the random fuzzing strategy of the Tavor Framework reached 9.16% more line coverage than aigfuzz. The best result has been obtained for the aigunroll command, where aigfuzz covered 24.08% and Tavors AlmostAllPermutations fuzzing strategy reached 61.36%. In summary, this evaluation showed that Tavor as a generic fuzzer can keep up with a dedicated fuzzing implementation.