In my experience you can get surprisingly far with automated fuzz testing and ru... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		josephg on Oct 26, 2023 \| parent \| context \| favorite \| on: Static Analysis Tools for C In my experience you can get surprisingly far with automated fuzz testing and runtime checks. Doing it well is a bit of an art form - it’s quite easy to accidentally write fuzz tests which almost never exercise some code paths. Or end up with fuzzers that spend 99.9% of your cpu checking invariants and things like that. But with a good fuzzer, the ratio of bugs found per line of testing code is insanely high. And they’re much easier to maintain than a big bank of unit tests. Highly recommended if you want to get more bang per line of testing code.

gavinhoward on Oct 26, 2023 [–]

Oh, yes, absolutely. I fuzz religiously.

In fact, in my current project, I add every single path found by AFL++ to my test suite. It tests all kinds of terrible things, and then those paths are tested forever.

I even run all the paths AFL++ finds through the sanitizers and Valgrind.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact