1.6 KiB
Fuzzing Glossary
TODO
Naming things is hard. This page tries to reduce confusion around naming.
Fuzz Target
Or Target Function or Fuzzing Target Function.
A function to which we apply fuzzing.
A specific signature must be used for OSS-Fuzz.
Examples: openssl,
SQLite,
e2.
A Fuzz Target can and should also be used for regression testing
and for reproducing bug reports, see ideal integration.
Fuzzing Engine
A program that tries to find interesting inputs for a Fuzz Target by executing it. Examples: libFuzzer, AFL, honggfuzz, etc
See also [#mutation-engine] and [#test-generator].
Test Input
Or reproducer, or testcase. A sequence of bytes that is used as the input to a Fuzz Target.
Mutation Engine
A tool that take a set of testcases and creates their mutations, but do not directly feed the mutations to Fuzz Targets. Example Radamsa,
Test Generator
A tool that generates testcases
Fuzzer
The most overloaded term, which makes it bad (maybe, we should try avoiding it?). Sometimes the "Fuzzer" is referred to a Fuzz Target, sometimes to a Fuzzing Engine, Mutation Engine, or a Test Generator. Sometimes to a binary built from a Fuzz Target using some of the Fuzzing Engine and optionally with some dynamic testing tool.