[fuzzing] Fuzzing tradeoffs - where previously described?
ari.takanen at codenomicon.com
Thu Feb 1 11:17:28 CST 2007
On Thu, Feb 01, 2007 at 04:09:17PM +0000, Disco Jonny wrote:
> >I agree with you, both approaches can co-exist. I think there is a
> >place for both random testing (fuzzing) and systematic testing
> >(robustness testing).
> are we talking about yours and jared's interpretation of random? or on
> the scale of true random?
I was speaking about systematic vs random (non-systematic). I do not
care about the quality of the randomness. Lets look at three
widely-used "algorithms" (well to me these are too simple to be caller
algorithms, but lets assume someone wants to start building a library
of fuzzing methods):
"2^x, +-1, +-2, ..." is systematic to me, and...
"2^x + rand(seed)" is not (even if you have control on the seed).
To me, "bit-flipping" is also random, even if done systematically
because you do not know the "purpose" of the test.
There is dozens of articles on random testing and white-noise testing,
its problematics, and where it makes sense and where it doesn't. This
is not anything new...
I am not sure that me and Jared agree on the definition of fuzzing yet
(or whether it should have any random component in it), but that will
make our book even more interesting! ;)
Ari Takanen Codenomicon Ltd.
ari.takanen at codenomicon.com Tutkijantie 4E
tel: +358-40 50 67678 FIN-90570 Oulu
More information about the fuzzing