Yoshua Wuyts - bridging fuzzing and property testing (Highlights)

# Yoshua Wuyts - bridging fuzzing and property testing (Highlights) ![rw-book-cover|256](https://blog.yoshuawuyts.com/favicon-192.png) ## Metadata **Review**:: [readwise.io](https://readwise.io/bookreview/30016244) **Source**:: #from/readwise #from/reader **Zettel**:: #zettel/fleeting **Status**:: #x **Authors**:: [[Yoshua Wuyts]] **Full Title**:: bridging fuzzing and property testing **Category**:: #articles #readwise/articles **Category Icon**:: 📰 **URL**:: [blog.yoshuawuyts.com](https://blog.yoshuawuyts.com/bridging-fuzzing-and-property-testing/) **Host**:: [[blog.yoshuawuyts.com]] **Highlighted**:: [[2023-07-12]] **Created**:: [[2023-07-16]] ## Note 1. What are the similarities and differences between fuzzing and property testing? In fuzzing, inputs are generated by an external tool. This tool instruments the code under test and analyze the collected data so it can generate inputs to reach more branches. On the other hand, property testing is driven by your self, sometimes via an stochastic process. Despite the differences, they are both automatic testing techniques, and they both support test shrinking to create a minimal test case. 2. How does heckcheck compare to other popular property testing libraries such as proptest and quickcheck? It reuses the crate arbitrary to generate structured data. 3. What are some common testing strategies discussed in the document? Fuzzing and property testing. ## Highlights - Fuzzers usually have the ability to instrument the code under test, and make use of tools such as [sanitizers](https://en.wikipedia.org/wiki/Code_sanitizer#Other_sanitizers) to check whether invariants are violated ([View Highlight](https://read.readwise.io/read/01h554dhtzv3z2bhx4em3rm63z)) ^562408735 Sanitizer: memory leaks, statistics counters, etc. - In Rust support for fuzzing is provided via the [`cargo-fuzz`](https://github.com/rust-fuzz/cargo-fuzz) extension. ([View Highlight](https://read.readwise.io/read/01h5544thf39neqdb96txs5frz)) ^562407152 - Property testing typically works the other way around: property testing is typically done by including a library in your test code which allows you to drive the tests yourself. ([View Highlight](https://read.readwise.io/read/01h5549x148btwj0trqgv380ty)) ^562408300 The key difference: property testing is driven by yourself. - The final piece of both property testing and fuzzing is that they perform something called *test case shrinking* when they're done. When they encounter a failing test, what they'll do is try and simplify the input to the bare minimum to isolate the issue as much as possible. ([View Highlight](https://read.readwise.io/read/01h5548ht4c32k0svnpcvqk058)) ^562407841 - And because fuzzing and property testing are very similar, you'd assume that it should be possible to use `arbitrary` for property-based tests too right? I couldn't find a crate which did this, so I ended up writing one! Enter [heckcheck](https://docs.rs/heckcheck/latest/heckcheck/), a really small property-testing library. ([View Highlight](https://read.readwise.io/read/01h554rnferbwtdnjbc11scsj1)) ^562410602