FirefoxSummit/2006/ProposedSessions/FuzzTesting

From MozillaWiki
Jump to: navigation, search

Session Title

Fuzz-testing Gecko

Session Leader

Jesse Ruderman

Summary

Fuzz testing is the art of creating "random" but interesting input to a program. For example, someone wanting to test an HTML parser might feed it thousands of horribly invalid HTML files. But someone testing code that displays SVG would want to use well-formed XML, only using SVG tags and attributes in random combinations and sometimes in invalid ways.

Hundreds of bugs have been fixed as a result of fuzz-testing components of Gecko over the last 15 months. Many of these were bogus assertion failures or obscure hangs, but some were security holes.

Agenda

  • How the Gecko fuzzers work
  • The state of Gecko (with respect to fuzzing)
  • Strategies for creating new fuzzers that are effective at finding bugs and facilitate creating reduced testcases after finding bugs
  • What Gecko features, components, and APIs haven't been fuzz-tested and should be?

Interested Attendees

Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts