Fuzzing is a very effective testing methodology to find bugs. In a nutshell, a fuzzer sends many slightly malformed messages to the software under test, hoping for crashes or incorrect system behaviour. The methodology is relatively simple, although applications that keep internal states are challenging to fuzz. The research community has responded to this challenge by developing fuzzers tailored to stateful systems, but a clear understanding of the variety of strategies is still missing. In this paper, we present the first taxonomy of fuzzers for stateful systems and provide a systematic comparison and classification of these fuzzers.

中文翻译：

---

有状态系统的模糊器：调查和研究方向

模糊测试是一种非常有效的发现错误的测试方法。简而言之，模糊器向被测软件发送许多稍微畸形的消息，希望出现崩溃或不正确的系统行为。尽管保持内部状态的应用程序很难进行模糊测试，但该方法相对简单。研究界通过开发针对有状态系统的模糊器来应对这一挑战，但仍然缺乏对各种策略的清晰理解。在本文中，我们提出了有状态系统的模糊器的第一个分类法，并对这些模糊器进行了系统的比较和分类。