Synthesizing Program Input Grammars

We present an algorithm for synthesizing a context-free grammar encoding the language of valid program inputs from a set of input examples and blackbox access to the program. Our algorithm addresses shortcomings of existing grammar inference algorithms, which both severely overgeneralize and are prohibitively slow. Our implementation, Glade, leverages the grammar synthesized by our algorithm to fuzz programs with highly structured inputs. We show that Glade consistently increases the incremental coverage compared to two baseline fuzzers.