Boost logo

Boost :

Subject: Re: [boost] Formal Review of IO and Toolbox extensions to Boost.GIL starts TOMORROW
From: Fabio Fracassi (f.fracassi_at_[hidden])
Date: 2010-12-09 16:44:21


On 7/12/2010 21:21, Christian Henning wrote:
> Hi Fabio,
>
> On Mon, Dec 6, 2010 at 4:08 PM, Fabio Fracassi<f.fracassi_at_[hidden]> wrote:
>
>> Note that I also do not have any first hand experience with it, but from
>> what I have heard some forms of randomized (with a logged or fixed seed)
>> fault injection
>> (https://secure.wikimedia.org/wikipedia/en/wiki/Fault_injection) or
>> fuzz-testing (https://secure.wikimedia.org/wikipedia/en/wiki/Fuzz_testing)
>> is quite effective for that kind of testing.
>> A quick google search turned up this
>> (http://www.securiteam.com/tools/6P00B1FNFM.html) for a jpeg fuzzer (haven't
>> checked the license though)
>>
>> I think adding something like this to the test suite would be the most
>> efficient approach, especially since scripted fuzzing does not take too much
>> diskspace.
>
> Don't you think that adding a fuzzer to the boost source tree is a
> little dangerous? Same goes "fuzzed" jpegs since they might be picked
> up by a virus scanner.

I didn't think about virus scanners. I don't think a fuzzer script would
be a problem though, the fuzzed images might be another matter.
If it is really a problem, The fuzzer tests could be separated to
another archive.

>
> I rather not add such dodgy data into the boost community.

I don't think they are dodgy, fuzzing is a legitimate testing facility.
AFAIK Mozilla and other Browsers use it.

regards

Fabio


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk