junit-quickcheck
libfuzzer-workshop
junit-quickcheck | libfuzzer-workshop | |
---|---|---|
5 | 2 | |
952 | 1,216 | |
- | - | |
7.3 | 2.6 | |
9 days ago | 10 months ago | |
Java | C++ | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
junit-quickcheck
-
Need your feedback on a tool that auto-generates unit tests for java code
For anyone interested, there's also https://github.com/pholser/junit-quickcheck . Haven't used it myself but looks like an interesting library to explore. It's based on QuickCheck as well AFAIK.
-
Coding Challenge
Thank you for the insightful reply. I did struggle to convert the original algorithm I wrote (with while loops / continue / break) to a more functional style using unfold, and also faced an issue with the type signatures when I tried to break down the contents of Stream.unfoldRight to multiple functions, which is reflected to the messy state you mentioned. Regarding property based testing, I used junit-quickcheck and the "symmetry" property check was one I meant to write but wasn't quite sure how to create a generator for it. I created an issue to track my attempt to incorporate your suggestions in case you are interested in following this. Thanks again!
-
Does anyone have any advice for writing better Java tests.
A quick Google search shows that java has a library for this (here) but I've never used it in java so can't attest to it.
-
GitHub Copilot for JetBrains and Neovim
QuickcCheck-type tools (generators for tests that know about the edge cases of a domain - e. g. for the domain of numbers considering things like 0, the infinities, various almost-and-just-over powers of two, NaN and mantissas for floats, etc.):
* QuickCheck: https://hackage.haskell.org/package/QuickCheck
* Hypothesis: https://hypothesis.readthedocs.io/en/latest/
* JUnit QuickCheck: https://github.com/pholser/junit-quickcheck
Fuzz testing tools (tools which mutate the inputs to a program in order to find interesting / failing states in that program). Generally paired with code coverage:
* American Fuzzy Lop (AFL): https://github.com/google/AFL
* JQF: https://github.com/rohanpadhye/JQF
Mutation / Fault based test tools (review your existing unit coverage and try to introduce changes to your _production_ code that none of your tests catch)
* PITest: https://pitest.org/
-
Fuzzing Java in OSS-Fuzz
If you want an easy way to have better mutation coverage, check out property based testing. Eg junit-quickcheck for Java.
https://github.com/pholser/junit-quickcheck
libfuzzer-workshop
-
Ask HN: What are some worthy non-cryto uses of excess home compute nowadays?
Learning how to is half the fun!
There's a bunch of good tutorials out there on [dumb] fuzzing (presumably where you'll start). One starting point I'd recommend is taking a binary that accepts input from stdin and making some proof-of-concepts with AFL (https://lcamtuf.coredump.cx/afl/).
If you'd rather start from a code/library perspective (and not CLI), I'd recommend libfuzzer (https://github.com/Dor1s/libfuzzer-workshop/).
There's a lot of other fuzzers, techniques, and depth to the field, but I'd recommend inch worming through (speed up as you gain more comfort). The Fuzzing Book is good to help you understand the logic behind techniques and strategies (https://www.fuzzingbook.org/)
As for some management, there's a few decent "monitoring" systems out there; personally I just SSH in and check the fuzzer manually (I leave it running in a tmux pane), but if that's not your cup of tea I've heard good things about OneFuzz (https://github.com/microsoft/onefuzz) and LuckyCat (https://github.com/fkie-cad/LuckyCAT).
Happy to answer any specifics of the sort :)
-
Fuzzing Java in OSS-Fuzz
That depends on the language you want to fuzz. A good general introduction and hands-on "course" for C/C++ is https://github.com/Dor1s/libfuzzer-workshop. If you prefer Java and just want to get a feeling for how concrete fuzz targets can look like, take a look at the Jazzer examples at https://github.com/CodeIntelligenceTesting/jazzer/tree/main/....
What are some alternatives?
jqwik - Property-Based Testing on the JUnit Platform
jazzer - Coverage-guided, in-process fuzzing for the JVM
American Fuzzy Lop - american fuzzy lop - a security-oriented fuzzer
copilot.vim - Neovim plugin for GitHub Copilot
PIT - State of the art mutation testing system for the JVM
JQF - JQF + Zest: Coverage-guided semantic fuzzing for Java.
fishnet - Distributed Stockfish analysis for lichess.org
copilot-docs - Documentation for GitHub Copilot
onefuzz - A self-hosted Fuzzing-As-A-Service platform
LuckyCAT - A distributed fuzzing management framework