
How to Fuzz an ADT Implementation (2013) - luu
https://blog.regehr.org/archives/896
======
agroce
[https://blog.trailofbits.com/2019/01/22/fuzzing-an-api-
with-...](https://blog.trailofbits.com/2019/01/22/fuzzing-an-api-with-
deepstate-part-1/) provides a little more friendly way (with delta-debugging
and save/replay, and ability to use more fuzzers) to do this, via DeepState

------
taborj
Yet another article that uses an acronym and then doesn't bother cluing us in
to what it stands for.

I build healthcare interfaces; ADT means demographics. What's it mean here?

~~~
zem
even in a programming context i thought it was going to be 'algebraic
datatype'

------
antirez
This is how rax
([https://github.com/antirez/rax](https://github.com/antirez/rax)) and most of
Redis is tested. Indeed this is the _only_ way to be confident about a complex
data structure implementation sanity.

------
jkaptur
> Testing is necessarily incomplete but if you beat the crap out of the subset
> of the API that you actually intend to use, it’s possible to become
> reasonably confident that it will work in practice.

This is the kicker for me. I'm not a C++ expert, but knowing that a coverage-
guided fuzzer has been running against my code for the past few months gives
me a lot of confidence.

