Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-80378

Migrate from libfuzzer to FuzzTest

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Server Security

    Description

      According to libfuzzer's documentation:

      The original authors of libFuzzer have stopped active work on it and switched to working on another fuzzing engine, Centipede. LibFuzzer is still fully supported in that important bugs will get fixed. However, please do not expect major new features or code reviews, other than for bug fixes.

      The "Centipede" project was itself restructured into FuzzTest.

      FuzzTest seems to add features around property based testing. It also seems to have a much stronger story around testing C++ types. Rather than just emitting random bits, it seems to have adaptors to common types and containers. It even has support for generating arbitrary protobuf messages, conforming to a schema. It seems to support user defined structs too... These features together seem like they would make it much easier to write complex fuzzer tests.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: