About Fandango#
Given the specification of a programâs input language, Fandango quickly generates myriads of valid sample inputs for testing.
The specification language combines a grammar with constraints written in Python, so it is extremely expressive and flexible. Most notably, you can define your own testing goals in Fandango. If you need the inputs to have particular values or distributions, you can express all these right away in Fandango.
Fandango supports multiple modes of operation:
By default, Fandango operates as a black-box fuzzer - that is, it creates inputs from a
.fanFandango specification file.If you have sample inputs, Fandango can mutate these to obtain more realistic inputs.
Fandango comes as a portable Python program and can easily be run on a large variety of platforms.
Under the hood, Fandango uses sophisticated evolutionary algorithms to produce inputs, it starts with a population of random inputs, and evolves these through mutations and cross-over until they fulfill the given constraints.
Fandango is in active development! Features planned for 2025 include:
protocol testing
coverage-guided testing
code-directed testing
high diversity inputs
and many more.
Acknowledgments#
Fandango is a project of the CISPA Helmholtz Center for Information Security to facilitate highly efficient and highly customizable software testing.
This research was funded by the European Union (ERC âSemantics of Software Systemsâ, S3, 101093186). Views and opinions expressed are however those of the authors only and do not necessarily reflect those of the European Union or the European Research Council. Neither the European Union nor the granting authority can be held responsible for them.