About Fandango

About Fandango#

Given the specification of a program’s input language, Fandango quickly generates myriads of valid sample inputs for testing.

The specification language combines a grammar with constraints written in Python, so it is extremely expressive and flexible. Most notably, you can define your own testing goals in Fandango. If you need the inputs to have particular values or distributions, you can express all these right away in Fandango.

Fandango supports multiple modes of operation:

  • By default, Fandango operates as a black-box fuzzer - that is, it creates inputs from a .fan Fandango specification file.

  • If you have sample inputs, Fandango can mutate these to obtain more realistic inputs.

Fandango comes as a portable Python program and can easily be run on a large variety of platforms.

Under the hood, Fandango uses sophisticated evolutionary algorithms to produce inputs, it starts with a population of random inputs, and evolves these through mutations and cross-over until they fulfill the given constraints.

Fandango is in active development! Features planned for 2025 include:

  • protocol testing

  • coverage-guided testing

  • code-directed testing

  • high diversity inputs

and many more.

Refer to Fandango#

To refer to Fandango, use its official URL:

https://fandango-fuzzer.github.io

Cite Fandango#

If you want to cite Fandango in your academic work, use the ISSTA 2025 paper by Zamudio Amaya, Smytzek, and Zeller [ZASZ25]. Note that José Antonio has two proper last names, Zamudio Amaya, so the proper way to cite the paper is like this:

@inproceedings{zamudio2025fandango,
  author = {Zamudio Amaya, Jos\'{e} Antonio and Smytzek, Marius and Zeller, Andreas},
  booktitle = {Proc. International Symposium on Software Testing and Analysis (ISSTA)},
  title = {{FANDANGO}: {E}volving Language-Based Testing},
  year = {2025},
  month = jun,
  address = {Trondheim, Norway},
  publisher = {Association of Computing Machinery (ACM)},
  url = {https://publications.cispa.de/articles/standard/FANDANGO_Evolving_Language-Based_Testing/28769252?file=53591066}
}

Read More#

To learn more about how Fandango works, start with the ISSTA 2025 paper by Zamudio Amaya, Smytzek, and Zeller [ZASZ25].

[ZASZ25] (1,2)

José Antonio Zamudio Amaya, Marius Smytzek, and Andreas Zeller. FANDANGO: Evolving language-based testing. In Proc. International Symposium on Software Testing and Analysis (ISSTA). Trondheim, Norway, June 2025. Association of Computing Machinery (ACM). URL: https://publications.cispa.de/articles/standard/FANDANGO_Evolving_Language-Based_Testing/28769252?file=53591066.

Acknowledgments#

Fandango is a project of the CISPA Helmholtz Center for Information Security to facilitate highly efficient and highly customizable software testing.

This research was funded by the European Union (ERC “Semantics of Software Systems”, S3, 101093186). Views and opinions expressed are however those of the authors only and do not necessarily reflect those of the European Union or the European Research Council. Neither the European Union nor the granting authority can be held responsible for them.

Contents