Hi Sergey,
We don't do any fuzzing ourselves at the moment. The Software Integrity Group at Synopsys have been kind enough to do some fuzzing in the past using their Defensics tool, and other parties have done fuzzing as well, I can't comment on what fuzzer was used there.
As we aren't doing fuzzing we haven't adapted the code to deal with fuzzing, and I can't comment on coverage.
I have been developing a manual test suite that exercises as many edge cases of the MQTT protocol as I can manage - this is not fuzzing proper of course, but does achieve many of the same results. I can't tell you coverage off the top of my head, but as this is protocol parsing only I wouldn't expect it to be terribly high. The Defensics fuzzing was also around the MQTT protocol. I know that others have done fuzzing of the config file.
Regards,
Roger
Dear maintainers of mosquitto project!
Do you perform fuzzing of your code? If the answer is yes, then is it possible to view the results of this activity? Particularly:
- which fuzzer do you use?
- how do you adapt original code to fuzzing?
- how do you calculate code coverage?
Thank you in advance for your answers!
--
Best regards,
Sergey Grekhov
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev