Get the latest tech news
Fuzzer Blind Spots: Meet Jepsen
Insights, updates, and technical deep dives on building a high-performance financial transactions database.
Fuzz testing searches for bugs by probabilistically exploring the state space of a program, which would be too massive to check exhaustively. In our case, the VOPR’s seemingly sophisticated approach to query generation created a blind spot that hid a real bug. When a fuzzer stops finding bugs, that doesn’t mean its job is done—it may simply mean it has exhausted the particular slice of state space it can reach.
Or read this on Hacker News