Update FuzzingBitGen to reduce possible infinite loops.
The old FuzzingBitGen algorithm would pull a byte from the head of the data stream to determine whether to return a min or a max, and then it would attempt to pull variate data from the tail of the stream. Once the data stream was expired it would return minimum values from the distributions, which could lead to infinite loops in rejection sampling algorithms.
The updated FuzzingBitGen now takes the following.
1. Separate control and a data streams (as absl::Span<uint8_t>).
The control stream indicates whether the distribution functions will return boundary values (min, max, mean) or a value derived from the data stream.
The data stream provides the actual byte data for generating random values.
2. A seed for an internal LCG PRNG (as uint64_t).
When the data stream is exhausted, FuzzingBitGen uses the internal LCG to generate random variates. While the old version had an internal LCG PRNG, those values were not used by the distribution functions.
The basic flow of each variate generation is:
1. Read a byte from the control stream (in fuzzing_bit_gen).
2. Depending on the byte, return a min/max/mean/variate, etc.
3. Once the data stream is expired, use an internal LCG to generate variates.
This update also calls c++ distribution functions in more cases, so that outputs are more aligned with actual distribution behavior.
Adds a test to demonstrate that std::shuffle() is properly manipulated by the fuzzing framework.
Also add additional tests to FuzzingBitGen for the distribution functions.
NOTE: This will change the variates generated by FuzzingBitGen from prior versions.
PiperOrigin-RevId: 885638015
FuzzTest is a C++ testing framework for writing and executing fuzz tests, which are property-based tests executed using coverage-guided fuzzing under the hood. Fuzz tests are like regular unit tests, but more generic and more powerful. Instead of saying: “for this specific input, we expect this specific output”, we can say: “for these types of input, we expect this generic property to be true”. For example:
void MyApiAlwaysSucceedsOnPositiveIntegers(int i) { bool success = MyApi(i); EXPECT_TRUE(success); } FUZZ_TEST(MyApiTest, MyApiAlwaysSucceedsOnPositiveIntegers) .WithDomains(/*i:*/fuzztest::Positive<int>());
It is our latest fuzz testing technology and the successor of previously used fuzzing tools, such as libFuzzer. It allows you to write powerful fuzz tests more easily than with previously used fuzz targets. You can use it together with GoogleTest, or other unit testing frameworks, allowing you to write fuzz test side by side with regular unit tests, and just as easily.
It is a first-of-its-kind tool that bridges the gap between fuzzing and property-based testing, as it is both:
FuzzTest is for everyone who writes C++ code. (Currently, only C++ is supported.) Fuzz testing is a proven testing technique that has found tens of thousands of bugs. With the FuzzTest framework writing these tests becomes a breeze. Because fuzz tests are more generic, they are more powerful than regular unit tests. They can find tricky edge cases automatically for us, edge cases that most likely we would never think of.
You can write fuzz tests as easily as you write unit tests using GoogleTest for example. Simply use the FUZZ_TEST macro like you would use GoogleTest's TEST macro.
At Google, FuzzTest is widely used and software engineers love it. It has replaced the old style of writing fuzz targets.
To get started, read the Quickstart with Bazel or Quickstart with CMake, then take a look at the Overview and the Codelab.
Once you have a high level understanding about fuzz tests, consider reading the rest of the documentation, including the:
If you have a question or encounter a bug, please file an issue on GitHub.