Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Can someone tell me what the living heck is `Fuzzing`?

I read this twice and I really don't have a single clue other than it having something to do with or requiring fast memory?



Wikipedia explains it: https://en.wikipedia.org/wiki/Fuzzing


Testing code via semi-random inputs[1]. The most common fuzzers, AFL-Fuzz[2] and libFuzzer[3] are coverage-guided: they compile the program with special instrumentation to determine code coverage, then call the program repeatedly, changing the inputs via genetic algorithm to try to maximize the code paths executed. When unexpected behavior is observed (typically the test harness crashing) the fuzzer saves the test's input for future use.

Basically automatic generation of test case inputs. It's non-deterministic, so it won't always find problems, but it can save a lot of manual effort.

[1] https://en.wikipedia.org/wiki/Fuzzing [2] https://lcamtuf.coredump.cx/afl/ [3] https://www.llvm.org/docs/LibFuzzer.html


For an interesting, similar idea, see also:

https://en.wikipedia.org/wiki/QuickCheck


Fuzzing: give a program structured random garbage as input and see what happens, then fix the resulting bugs.


Originally: for each terminal program, pass every file as input. If crash results: document it.

Effectively: random inputs to achieve unexpected results. It's now come to mean "random data testing of an API"


Here is a tutorial I found: https://fuzzing-project.org/tutorial1.html




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: