You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Generating strings which find all the possible bugs in a program is hard - even at a codepoint-by-codepoint level like in #1401. Worse, there are many bugs that are triggered by sequences of codepoints (e.g. combining characters, emoji composition, etc.) or even more strucured strings like XSS attacks.
Eventually, I would like to 'make our own luck', by teaching text() to pick from a list of known-weird strings (or templates for weird things) and then shrink it as if we and randomly generated that sequence of codepoints. This is already on the wishlist in #3086, at which point it's mostly a matter of vendoring e.g. https://github.com/minimaxir/big-list-of-naughty-strings and whatever else we can think of based on e.g. Text Rendering Hates You, Text Editing Hates You Too, and so on (ligatures, RTL/LTR/TTB text directions, mixed-direction text, emoji modifiers, EICAR test string, ...).
The text was updated successfully, but these errors were encountered:
It should also be possible to add more strings (and perhaps also ints, floats, and bytes) to this pool at runtime, to help out with project-specific magic strings like AFL's "dictionaries" of interesting tokens.
As an extension, we could automate the "run strings" trick of reading interesting literals out of the program under test, in our case by grabbing the AST of loaded modules and walking it in search of short literals or statically-evaluable expressions.
Generating strings which find all the possible bugs in a program is hard - even at a codepoint-by-codepoint level like in #1401. Worse, there are many bugs that are triggered by sequences of codepoints (e.g. combining characters, emoji composition, etc.) or even more strucured strings like XSS attacks.
Eventually, I would like to 'make our own luck', by teaching
text()
to pick from a list of known-weird strings (or templates for weird things) and then shrink it as if we and randomly generated that sequence of codepoints. This is already on the wishlist in #3086, at which point it's mostly a matter of vendoring e.g. https://github.com/minimaxir/big-list-of-naughty-strings and whatever else we can think of based on e.g. Text Rendering Hates You, Text Editing Hates You Too, and so on (ligatures, RTL/LTR/TTB text directions, mixed-direction text, emoji modifiers, EICAR test string, ...).The text was updated successfully, but these errors were encountered: