All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Challenges in Collecting Code Coverage from Blackbox Binaries During Fuzz Testing

By

matt_d

4h ago· 14 min readenInsight

Summary

This article discusses the evolution of fuzz testing, specifically focusing on the challenges and techniques for collecting code coverage from blackbox binaries. It contrasts older, feedback-free fuzzing approaches with modern coverage-guided methods, and explores the "wrong way" to approach binary coverage — likely involving inefficient or incorrect instrumentation techniques. The piece provides technical depth on how coverage data can be gathered from compiled binaries without source code access, and the pitfalls that come with naive implementations.

Source

Hacker NewsChallenges in Collecting Code Coverage from Blackbox Binaries During Fuzz Testingredvice.org

Key quotes

· 3 pulled
Way back in the age of the dinosaurs, if you wrote a program and wanted to test that it was correct, you mostly had two choices: you could either manually construct malformed inputs and try them in succession, or hook up a program which would randomly generate inputs and try them automatically.
Those programs were called fuzzers, or sometimes generators, and this was 'fuzz testing'.
the generator would have no feedback from the program under test except 'did this random input crash or not'.
Snippet from the RSS feed
Collecting code coverage for blackbox binaries the wrong way.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.