SlideShare una empresa de Scribd logo

Fuzz Testing-Atul Khot

Descargar como PPT, PDF
B
bhumika2108

This document discusses fuzz testing techniques. It describes generating random data and inputs to test systems in unexpected ways. This allows discovering bugs like hangs, crashes, and performance issues. Examples mentioned include testing a math library by generating random expressions, testing a text messaging system by simulating many parallel messages, and testing a tree parsing algorithm with huge randomly generated directory trees. Fuzz testing uncovered bugs in areas like regular expressions, logging libraries causing bottlenecks, and parsing hangs.

Tecnología
1 de 10
Fuzz Testing Atul S. Khot (atul.khot@gmail.com) VodQA ThoughtWorks Pune - 2013
Random behavior aka Insanity  Testing the “drink maker”  lemon juice + milk + tea leaves + (black?) salt  Rather a fuzzy drink ;-)   We human beings are somewhat “conditioned” - computers aren't And that is good!!!
Of talking gibberish  Try throwing senseless data at your system  And see what is uncovered    Hangs/infinite loops/exceptions/Deadlocks/race conditions whatever ;-) Better let the computer go insane (it is all raring to go...) And no call to recall your initial C days... Pointers going haywire? Etc...
Is tommath right?   How do I test tommath gets its arithmetic right? Generate random numbers – next generate artihmetic expressions (*,/,+,-)  Run the expressions throught tommath  Run the expressions through gnu bc   Compare – 30 million – different expressions – over 4 days You get a fair good idea All gory details in my Linux For You article
Uncovering performance bottlenecks      A campaign manager – customer needs to send a text sms to 16 million cell numbers Cannot test – as one run would cost $35000/Decouple (very handy techique) – instead of sending to real webservice – send it to a mock Shell scripts run in parallel – you can spawn many thousand parallel processes easily... Each process is a simple socket client – sending a mobile number – and the message
The surprise is revealed  Our algorithms were right  No big deadlocks  For this huge run – profiler indicated log4j as the culprit  Log4j's writing to a log file – was a bottleneck   Solution - use an Async appender – Events are logged asynchronously Nobody thought log4j as a possible suspect ;-)
Ideas galore     Needed to test a complex tree manipulation algorithm written in TCL I coded the algorithm – to test I needed very big trees Directories – Perl slicing and dicing – C++ boost library (open source) – Files correspond to leaves in the tree Directories are essentially random trees –
Bugs surface...  Revealed a bug - we needed to make some regex greedier  Was a corner case  Hard to see how we could have come upon it with manual testing  A TCL expert from Norway carefully reviewed  Okayed – big moment ;-)
Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed
Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed

Recomendados

Static vs dynamic types
Static vs dynamic typesStatic vs dynamic types
Static vs dynamic types
Terence Parr
 
Bonjour, iCloud
Bonjour, iCloudBonjour, iCloud
Bonjour, iCloud
Chris Adamson
 
Php Basic Security
Php Basic SecurityPhp Basic Security
Php Basic Security
mussawir20
 
Icloud keynote2
Icloud keynote2Icloud keynote2
Icloud keynote2
avsorrent
 
iCloud
iCloudiCloud
iCloud
Andri Yadi
 
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Loadzen
 
Good ideas that we forgot
Good ideas that we forgot Good ideas that we forgot
Good ideas that we forgot
J On The Beach
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
Moabi.com
 

Recomendados

Static vs dynamic types
Static vs dynamic typesStatic vs dynamic types
Static vs dynamic types
Terence Parr
 
Bonjour, iCloud
Bonjour, iCloudBonjour, iCloud
Bonjour, iCloud
Chris Adamson
 
Php Basic Security
Php Basic SecurityPhp Basic Security
Php Basic Security
mussawir20
 
Icloud keynote2
Icloud keynote2Icloud keynote2
Icloud keynote2
avsorrent
 
iCloud
iCloudiCloud
iCloud
Andri Yadi
 
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Loadzen
 
Good ideas that we forgot
Good ideas that we forgot Good ideas that we forgot
Good ideas that we forgot
J On The Beach
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
Moabi.com
 
What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)
Chris Riccomini
 
Why I Love Python
Why I Love PythonWhy I Love Python
Why I Love Python
didip
 
Code quality; patch quality
Code quality; patch qualityCode quality; patch quality
Code quality; patch quality
dn
 
Code quality. Patch quality
Code quality. Patch qualityCode quality. Patch quality
Code quality. Patch quality
malcolmt
 
Data analysis with pandas
Data analysis with pandasData analysis with pandas
Data analysis with pandas
Outreach Digital
 
Data Analysis With Pandas
Data Analysis With PandasData Analysis With Pandas
Data Analysis With Pandas
Stephan Solomonidis
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer games
Maciej Siniło
 
2010 za con_roelof_temmingh
2010 za con_roelof_temmingh2010 za con_roelof_temmingh
2010 za con_roelof_temmingh
Johan Klerk
 
A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data
lokku
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game Programming
Yaser Zhian
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2
ice799
 
2014 pycon-talk
2014 pycon-talk2014 pycon-talk
2014 pycon-talk
c.titus.brown
 
Codebits Handivi
Codebits HandiviCodebits Handivi
Codebits Handivi
cfpinto
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Priyanka Aash
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log Analysis
Anton Chuvakin
 
HCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionHCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interaction
Alan Dix
 
How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...
Eugene Kirpichov
 
An Introduction to Machine Learning
An Introduction to Machine LearningAn Introduction to Machine Learning
An Introduction to Machine Learning
Angelo Simone Scotto
 
Effective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxEffective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptx
Vikas Prabhu
 
Dmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsDmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile Tools
Agile Lietuva
 
User Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopUser Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshop
bhumika2108
 
Saying no to selenium tests
Saying no to selenium testsSaying no to selenium tests
Saying no to selenium tests
bhumika2108
 

Más contenido relacionado

Similar a Fuzz Testing-Atul Khot

Code quality; patch quality
Code quality; patch qualityCode quality; patch quality
Code quality; patch quality
dn
 
2010 za con_roelof_temmingh
2010 za con_roelof_temmingh2010 za con_roelof_temmingh
2010 za con_roelof_temmingh
Johan Klerk
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2
ice799
 
How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...
Eugene Kirpichov
 
Dmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsDmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile Tools
Agile Lietuva
 

Similar a Fuzz Testing-Atul Khot (20)

What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)
 
Why I Love Python
Why I Love PythonWhy I Love Python
Why I Love Python
 
Code quality; patch quality
Code quality; patch qualityCode quality; patch quality
Code quality; patch quality
 
Code quality. Patch quality
Code quality. Patch qualityCode quality. Patch quality
Code quality. Patch quality
 
Data analysis with pandas
Data analysis with pandasData analysis with pandas
Data analysis with pandas
 
Data Analysis With Pandas
Data Analysis With PandasData Analysis With Pandas
Data Analysis With Pandas
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer games
 
2010 za con_roelof_temmingh
2010 za con_roelof_temmingh2010 za con_roelof_temmingh
2010 za con_roelof_temmingh
 
A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game Programming
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2
 
2014 pycon-talk
2014 pycon-talk2014 pycon-talk
2014 pycon-talk
 
Codebits Handivi
Codebits HandiviCodebits Handivi
Codebits Handivi
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log Analysis
 
HCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionHCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interaction
 
How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...
 
An Introduction to Machine Learning
An Introduction to Machine LearningAn Introduction to Machine Learning
An Introduction to Machine Learning
 
Effective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxEffective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptx
 
Dmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsDmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile Tools
 

Más de bhumika2108

123 automation framework
123 automation framework123 automation framework
123 automation framework
bhumika2108
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
bhumika2108
 
Did you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi RayDid you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi Ray
bhumika2108
 
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
bhumika2108
 
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha VijayaraghavanWhy did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
bhumika2108
 
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
bhumika2108
 
Why test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak KoulWhy test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak Koul
bhumika2108
 
Accessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and SiddhanthAccessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and Siddhanth
bhumika2108
 
Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...
bhumika2108
 
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree DeshmukhReal time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
bhumika2108
 
Web android automation-Darshan Padmawar
Web android automation-Darshan PadmawarWeb android automation-Darshan Padmawar
Web android automation-Darshan Padmawar
bhumika2108
 

Más de bhumika2108 (19)

User Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopUser Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshop
 
Saying no to selenium tests
Saying no to selenium testsSaying no to selenium tests
Saying no to selenium tests
 
123 automation framework
123 automation framework123 automation framework
123 automation framework
 
Where do my tests belong?
Where do my tests belong?Where do my tests belong?
Where do my tests belong?
 
Wearables & testing
Wearables & testingWearables & testing
Wearables & testing
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
 
Did you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi RayDid you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi Ray
 
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
 
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha VijayaraghavanWhy did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
 
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
 
Why test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak KoulWhy test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak Koul
 
Accessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and SiddhanthAccessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and Siddhanth
 
Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...
 
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree DeshmukhReal time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
 
Web android automation-Darshan Padmawar
Web android automation-Darshan PadmawarWeb android automation-Darshan Padmawar
Web android automation-Darshan Padmawar
 
Whats accessibility
Whats accessibilityWhats accessibility
Whats accessibility
 
Add ons for software testers
Add ons for software testersAdd ons for software testers
Add ons for software testers
 
Relate UI automation & performance
Relate UI automation & performanceRelate UI automation & performance
Relate UI automation & performance
 
Automated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib DeyAutomated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib Dey
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

Fuzz Testing-Atul Khot

  • 1. Fuzz Testing Atul S. Khot (atul.khot@gmail.com) VodQA ThoughtWorks Pune - 2013
  • 2. Random behavior aka Insanity  Testing the “drink maker”  lemon juice + milk + tea leaves + (black?) salt  Rather a fuzzy drink ;-)   We human beings are somewhat “conditioned” - computers aren't And that is good!!!
  • 3. Of talking gibberish  Try throwing senseless data at your system  And see what is uncovered    Hangs/infinite loops/exceptions/Deadlocks/race conditions whatever ;-) Better let the computer go insane (it is all raring to go...) And no call to recall your initial C days... Pointers going haywire? Etc...
  • 4. Is tommath right?   How do I test tommath gets its arithmetic right? Generate random numbers – next generate artihmetic expressions (*,/,+,-)  Run the expressions throught tommath  Run the expressions through gnu bc   Compare – 30 million – different expressions – over 4 days You get a fair good idea All gory details in my Linux For You article
  • 5. Uncovering performance bottlenecks      A campaign manager – customer needs to send a text sms to 16 million cell numbers Cannot test – as one run would cost $35000/Decouple (very handy techique) – instead of sending to real webservice – send it to a mock Shell scripts run in parallel – you can spawn many thousand parallel processes easily... Each process is a simple socket client – sending a mobile number – and the message
  • 6. The surprise is revealed  Our algorithms were right  No big deadlocks  For this huge run – profiler indicated log4j as the culprit  Log4j's writing to a log file – was a bottleneck   Solution - use an Async appender – Events are logged asynchronously Nobody thought log4j as a possible suspect ;-)
  • 7. Ideas galore     Needed to test a complex tree manipulation algorithm written in TCL I coded the algorithm – to test I needed very big trees Directories – Perl slicing and dicing – C++ boost library (open source) – Files correspond to leaves in the tree Directories are essentially random trees –
  • 8. Bugs surface...  Revealed a bug - we needed to make some regex greedier  Was a corner case  Hard to see how we could have come upon it with manual testing  A TCL expert from Norway carefully reviewed  Okayed – big moment ;-)
  • 9. Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed
  • 10. Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed