Google's OSS-Fuzz expands fuzz-reward program to $30000

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Database storage-engine

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • RocksDB

    A library that provides an embeddable, persistent key-value store for fast storage.

    • https://github.com/facebook/rocksdb/issues?q=is%3Aissue+clic...

    Here are some bugs in JeMalloc:

  • jemalloc

    • https://github.com/jemalloc/jemalloc/issues/2222

    Strangely, these bugs were found by the CI of ClickHouse, and not by any of the hundreds of other products using these libraries.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • jumprope-rs

    • I’d go further and say that writing most software without fuzz testing is insane. Fuzz testing is one of those things they should teach in school. They’re a super useful technique - up there with TDD and it’s a tragedy they aren’t more wildly used.

    Fuzzers are so good because they find so many bugs relative to programmer effort (lines of code). They’re some of the most efficient testing you can do. If I had to choose between a full test suite and a fuzzer, I’d choose the fuzzer.

    I use fuzzers whenever I have a self contained “machine” in my code which should have well defined behaviour. For example, a b-tree. I write little custom fuzzers each time. The fuzzing code randomly mutates the data structure and keeps a list of the expected btree content. Then periodically I verify that the list and the btree agree on what should be contained inside the list. In the project I’m working on at the moment, I have about 6 different fuzzers sprinkled throughout my testing code. (Btree fuzzer, rope fuzzer, file serialisation fuzzer, a few crdt fuzzers, and so on).

    Writing fuzzers is quite devastating for the ego. Usually the first time I point a fuzzer at my code, even when my code has a lot of tests, the fuzzer throws an assertion failure instantly. “Iteration 2 … the state doesn’t match what was expected”.

    Getting a fuzzer running all night without finding any bugs is a balm for the soul.

    The code looks like this, if anyone is curious. Here’s a fuzzer for a rope (fancy string) implementation: https://github.com/josephg/jumprope-rs/blob/master/tests/tes...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • What is RocksDB (and its role in streaming)?

    3 projects | dev.to | 13 May 2024

  • The Hallucinated Rows Incident

    2 projects | dev.to | 23 Nov 2023

  • In-memory vs. disk-based databases: Why do you need a larger than memory architecture?

    3 projects | dev.to | 5 Sep 2023

  • Local file non relational database with filter by value

    1 project | /r/Database | 17 Jun 2023

  • Rocksdb over network

    1 project | /r/programming | 20 May 2023