Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
IIRC there was this [1] issue that some people pushed for a couple of years. Then at some point, this other one [2] became the new one for it (which has Kate Hockman as the issue creator).
It's been a multi-year effort, so congrats to those who've made it happen.
[1] https://github.com/golang/go/issues/19109
[2] https://github.com/golang/go/issues/44551
People can have different definitions and still communicate usefully, and I think there is not 100% agreement on the exact boundaries between the two.
That said, for me: they are distinct but related, and that distinction is useful.
For example, Hypothesis is a popular property testing framework. The authors have more recently created HypoFuzz, which includes this sentence in the introduction:
“HypoFuzz runs your property-based test suite, using cutting-edge fuzzing techniques and coverage instrumentation to find even the rarest inputs which trigger an error.”
Being able to talk about fuzzing and property testing as distinct things seems useful — saying something like “We added fuzzing techniques to our property testing framework“ is more meaningful than “We added property testing techniques to our property testing framework“ ;-)
My personal hope is there will be more convergence, and work to add first-class fuzzing support in a popular language like Go will hopefully help move the primary use case for fuzzing to be about correctness, with security moving to an important but secondary use case.
[0] https://hypothesis.works
DeepState [1] is a tool that lets you write Google Test-style unit tests, as well as property tests, in either C or C++, and plug in fuzzers and symbolic executors. That is, DeepState bridges this gap between fuzz testing and property testing.
[1] https://github.com/trailofbits/deepstate
> it shows the limitations of the language that you can't just build this inside the language.
Not sure why you'd make that assumption. https://github.com/dvyukov/go-fuzz