FirefoxSummit/2006/ProposedSessions/FuzzTesting: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (19 intermediate revisions by 19 users not shown) | |||
| Line 18: | Line 18: | ||
* How the Gecko fuzzers work | * How the Gecko fuzzers work | ||
* The state of Gecko (with respect to fuzzing) | * The state of Gecko (with respect to fuzzing) | ||
* Strategies for creating new fuzzers that are effective at finding bugs and | * Strategies for creating new fuzzers that are effective at finding bugs and facilitate creating reduced testcases after finding bugs | ||
* What Gecko features, components, and APIs haven't been fuzz-tested and should be? | * What Gecko features, components, and APIs haven't been fuzz-tested and should be? | ||
| Line 24: | Line 24: | ||
Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts | Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts | ||
* [[User:Waldo|Jeff Walden]] | |||
* [[User:GavinSharp|Gavin]] | |||
* tor | |||
* [[User:Dbaron|David Baron]] | |||
* [[User:Zachlipton|Zach Lipton]] | |||
* Christopher Aillon | |||
* rbs | |||
* Steven Michaud | |||
* [[User:Pettay|Olli Pettay]] | |||
* Jonas Sicking | |||
* chofmann | |||
* Roc | |||
* ispiked | |||
* [[User:Rflint|Ryan Flint]] | |||
* [[User:MartijnWargers| Martijn Wargers]] | |||
* [[User:rcampbell|robcee]] | |||
* [[User:Crowder|Crowder]] | |||
* [[User:Zak|Zak Greant]] | |||
* [[User:Noam|Noam Rathaus]] | |||
Latest revision as of 07:57, 18 November 2006
Session Title
Fuzz-testing Gecko
Session Leader
Jesse Ruderman
Summary
Fuzz testing is the art of creating "random" but interesting input to a program. For example, someone wanting to test an HTML parser might feed it thousands of horribly invalid HTML files. But someone testing code that displays SVG would want to use well-formed XML, only using SVG tags and attributes in random combinations and sometimes in invalid ways.
Hundreds of bugs have been fixed as a result of fuzz-testing components of Gecko over the last 15 months. Many of these were bogus assertion failures or obscure hangs, but some were security holes.
Agenda
- How the Gecko fuzzers work
- The state of Gecko (with respect to fuzzing)
- Strategies for creating new fuzzers that are effective at finding bugs and facilitate creating reduced testcases after finding bugs
- What Gecko features, components, and APIs haven't been fuzz-tested and should be?
Interested Attendees
Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts
- Jeff Walden
- Gavin
- tor
- David Baron
- Zach Lipton
- Christopher Aillon
- rbs
- Steven Michaud
- Olli Pettay
- Jonas Sicking
- chofmann
- Roc
- ispiked
- Ryan Flint
- Martijn Wargers
- robcee
- Crowder
- Zak Greant
- Noam Rathaus