Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted.
Fuzz testing is often used in large software development projects that employ black-box testing . These projects usually have a budget to develop test tools, and fuzz testing is one of the techniques which offers a high benefit to cost ratio.
However, fuzz testing is not a substitute for exhaustive testing or formal methods : it can only provide a random sample of the system's behavior, and in many cases passing a fuzz test may only demonstrate that a piece of software can handle exceptions without crashing, rather than behaving correctly. Thus, fuzz testing can only be regarded as an assurance of overall quality rather than a bug-finding tool.
As a gross measurement of reliability, fuzzing can suggest which parts of a program should get special attention, in the form of a code audit , application of static analysis , or partial rewrites .
Fuzz testing,中文可以翻译为模糊测试 ,简单的说来就是构造一些random或者unexpected的数据作为程序的输入,观察程序在这种情况下的工作 状况。Fuzz testing是检查程序容错性的一个重要的测试手段。
转自这里