Twitter | Pretraživanje | |
Dmitry Vyukov 28. sij
I am impressed by testing approach, breadth, methodology and investment: It's very important that there are OSS projects that set such examples. There is always something to improve, but I think nobody will object that that's good level of testing
Reply Retweet Označi sa "sviđa mi se"
Dmitry Vyukov 28. sij
Odgovor korisniku/ci @dvyukov
Just some excerpts: 2. Test Harnesses 3. Anomaly Testing 3.1. Out-Of-Memory 3.3. Crash Testing 4. Fuzz Testing 4.1. SQL Fuzz 4.1.1. AFL 4.1.2. OSS Fuzz 4.1.4. third-party fuzzers ...
Reply Retweet Označi sa "sviđa mi se"
Dmitry Vyukov 28. sij
Odgovor korisniku/ci @dvyukov
4.1.4.third-party fuzzers 4.2.Malformed DB Files 4.3.Boundary Value Tests 5.Regression Testing 6.Automatic Resource Leak Detection 7.Test Coverage 7.6.Mutation testing 8.Dynamic Analysis 8.2.Valgrind 8.4.Mutex Asserts 8.6.Undefined Behavior Checks 10.Checklists 11.Static Analysis
Reply Retweet Označi sa "sviđa mi se"
Dmitry Vyukov 28. sij
Odgovor korisniku/ci @dvyukov
Their fault injection approach is similar to systematic fault injection we use in syzkaller for kernel: That's the way for testing error paths. Lots of different fuzzers +1 Just one is never enough. Also continuous fuzzing on OSS-Fuzz.
Reply Retweet Označi sa "sviđa mi se"
Dmitry Vyukov 28. sij
Odgovor korisniku/ci @dvyukov
Measuring and knowing your test coverage +1 Lots of dynamic analysis +1 (though I am surprised to see Valgrind but not ASAN) Release checklists and tracking +1 (no "our release is all broken, but we did not even know")
Reply Retweet Označi sa "sviđa mi se"
Dmitry Vyukov 28. sij
Odgovor korisniku/ci @dvyukov
Interesting note re static analysis (SA): "SA hasn't been helpful in finding bugs in SQLite. SA has found a few bugs in SQLite, but those are the exceptions. More bugs have been introduced into SQLite while trying to get it to compile without warnings than have been found by SA"
Reply Retweet Označi sa "sviđa mi se"
Dmitry Vyukov
Though, the code base is clean of compiler warnings and _some_ static analysis warnings. Which makes sense.
Reply Retweet Označi sa "sviđa mi se" More
Elazar Leibovich 28. sij
Odgovor korisniku/ci @dvyukov
I remember the quote, it was about compiler warnings, which the author understand as false positives. This is not the same as modern SA, which can give you an example of faulty input.
Reply Retweet Označi sa "sviđa mi se"