top | item 26100154

(no title)

serjd | 5 years ago

In pitest mutations are seeded into your code, then your tests are run. The assumption is: If your unit test don't fail after changed code, it may indicate an issue with the test suite.

In fuzz testing, the mutations are seeded into the inputs. Depending on the fuzzing approach, those might be seeded from random, patterns, application behavior, etc. Jazzer is based on libFuzzer, meaning that it's feedback-loop is based on which coverage metrics are reported during run-time.

Integrating important JVM projects is work in progress ;-)

discuss

The_rationalist|5 years ago

Very interesting, thanks! It's seems like a great Idea to reuse libFuzzer, I just hope that the JNI overhead isn't too big.

Openjdk 16 has https://openjdk.java.net/jeps/389 But it's not obvious if it improve performance

fhenneke|5 years ago

Thanks for the link, I wasn't aware of this new feature!

Our coverage instrumentation does not rely on JNI calls, only the libFuzzer callbacks do, so the overhead shouldn't be too substantial. It's certainly not a proper benchmark, but one core on my laptop can fuzz the more non-trivial examples at around 10,000 exec/s. We are also working on some further performance improvements.