[HN Gopher] A Year in the Life of a Compiler Fuzzing Campaign
       ___________________________________________________________________
        
       A Year in the Life of a Compiler Fuzzing Campaign
        
       Author : axiomdata316
       Score  : 82 points
       Date   : 2021-04-09 14:38 UTC (8 hours ago)
        
 (HTM) web link (blog.trailofbits.com)
 (TXT) w3m dump (blog.trailofbits.com)
        
       | berlinquin wrote:
       | First time reading about compiler fuzzing, but seems like there's
       | some parallels with TLA+.
       | 
       | With TLA+, you could check a compiler's specification before you
       | implement it. Then, once you've implemented it, you could do
       | fuzzing on the actual program.
       | 
       | I wonder how much overlap there is between bugs you could catch
       | with TLA+ vs fuzzing.
        
         | ahelwer wrote:
         | The term you're looking for is model-based testing, where a
         | formal description of the system is used to generate sequences
         | of events which are fed as input to the system under test; the
         | SUT state is then checked for equivalence to the model state.
         | There is significant overlap in concept between model-based
         | testing, property-based testing, and fuzzing: all involve the
         | structured (some more, some less) generation of random inputs
         | to a SUT and the checking of SUT behavior against an assumed-
         | correct oracle. This spans from feeding random system files to
         | the program to see whether it crashes with a strange exception,
         | to a more formalized process directed by a TLA+ (or other
         | language) spec as you've described.
        
       ___________________________________________________________________
       (page generated 2021-04-09 23:01 UTC)