Everyone hates hearing this one:
Documentation, documentation, documentation.
Programming is a social task. Therefore, everything else related to software development best practices branches off from that.
What percent of developers do you think are actively using fuzzing? I would be shocked if more than 1%. Please do not read this as I do not think fuzzing is important! It is very important for system-level software.
I often include valgrind tests before Beta releases, as it is usually going to point out suspect areas needing inspection.
Fuzzing is only really useful for a very narrow range of analysis scenarios. If people understand threading properly: code should be able to take getting hammered, exiting gracefully, and cleanly get re-instantiated.
Also, banning hosts/accounts with an error-rate quota system is more common these days. =3
many languages gracefully handle errors, making those errors transparent to automated detection -- our crashes are now silent correctness failures
this trend in programming culture reduces our ability to do automated error detection!
you make a good point, and a good case for crash early and crash often -- with choice of erlang style recovery, or fuzzing style hard nosed correctness enforcement
z33k|1 year ago
throwaway2037|1 year ago
Joel_Mckay|1 year ago
Fuzzing is only really useful for a very narrow range of analysis scenarios. If people understand threading properly: code should be able to take getting hammered, exiting gracefully, and cleanly get re-instantiated.
Also, banning hosts/accounts with an error-rate quota system is more common these days. =3
tsegratis|1 year ago
this trend in programming culture reduces our ability to do automated error detection!
you make a good point, and a good case for crash early and crash often -- with choice of erlang style recovery, or fuzzing style hard nosed correctness enforcement