Module 4: Random Testing Flashcards
random testing (fuzzing)
idea: feed random inputs to a program
observe whether it behaves correctly
special case of mutation analysis
infinite monkey theorem
a monkey hitting keys at random on a typewriter will produce any given text…with probability increasing 1 as time increases
what kind of bugs can fuzzing find?
memory errors other undefined behavior assertion violations infinite loops concurrency bugs (data races, deadlocks, etc)
random testing pros and cons
pros:
easy to implement
provably good coverage given enough tests
can work with programs in any format
appealing for finding security vulnerabilities
cons:
inefficient test suite
might find unimportant bugs
poor code coverage
afl core ideas:
- genetic algorithm
- efficient source-code instrumentation
- effective heuristics for input mutation
fuzz targets
enable to fuzz libraries (i.e. program components) instead of whole programs
cuzz: fuzzing thread schedules
introduces Sleep() calls
- automatically
- systematically before each statement
- gives worst case
bug depth
the number of ordering constraints a schedule has to satisfy to find the bug