TIL that some fuzzers use code coverage metrics to drive their strategies. That's really clever! If some input can hit a line that was not previously being executed, chances are variations on it may hit more lines that haven't been covered yet.
-
-
Riffing here: could see some fuzzer come along for say, HTML parsing in Rust. It could generate HTML test cases based using an AST so inputs are valid tokens. But during execution it could instrument the Rust source to try and cover as many branches as possible.
Show this thread -
Also what if we put these approaches together? What if we could use coverage information to generate inputs that haven't yet been covered by existing unit tests? Rustc has lots of "valid weird input" tests — having tools that can help expand the unit test corpus would be great
Show this thread -
Also worth noting that Miri, the Rust interpreter, exists and could probably be used for things like coverage tracking and mutating the Rust AST.
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.