Complex software libraries, especially those that store internal states, can be difficult to test. Fuzz testing is an automated testing technique that provides random test inputs to a software module to reveal software defects and vulnerabilities. Traditional fuzz testing doesn't aim to validate the correctness of the output; rather, it attempts to uncover exceptional behavior such as crashes. This disclosure describes techniques to fuzz-test a software library, module, or product in a manner that also tests for correctness of output. A shadow, canonical library is written from the same specification as the production library. The shadow library, simpler and clearer than the production library but having its functionality, provides runtime golden outputs. Identical inputs, possibly auto-generated, are fed to canonical and production libraries and their outputs compared to determine correctness of production code.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.