From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on ip-172-31-74-118.ec2.internal X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50 autolearn=ham autolearn_force=no version=3.4.6 X-Received: by 2002:ac8:66d1:: with SMTP id m17mr117926qtp.146.1627486136426; Wed, 28 Jul 2021 08:28:56 -0700 (PDT) X-Received: by 2002:a25:b0a8:: with SMTP id f40mr329388ybj.253.1627486135964; Wed, 28 Jul 2021 08:28:55 -0700 (PDT) Path: eternal-september.org!reader02.eternal-september.org!feeder1.feed.usenet.farm!feed.usenet.farm!tr3.eu1.usenetexpress.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Wed, 28 Jul 2021 08:28:55 -0700 (PDT) In-Reply-To: <87pmvi36fv.fsf@nightsong.com> Injection-Info: google-groups.googlegroups.com; posting-host=185.38.247.134; posting-account=5xjsFAoAAACid1fWHbq16AFtrNLfsj6D NNTP-Posting-Host: 185.38.247.134 References: <871r84cq4r.fsf@nightsong.com> <87pmvi36fv.fsf@nightsong.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: Subject: Re: Ada and software testing From: Paul Butcher Injection-Date: Wed, 28 Jul 2021 15:28:56 +0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Xref: reader02.eternal-september.org comp.lang.ada:62430 List-Id: Hi Paul, If you haven't done already you may also want to have a look at: https://bl= og.adacore.com/advanced-fuzz-testing-with-aflplusplus-3-00 It's a follow blog to to the original R&D work around fuzz testing Ada prog= rams and goes into more detail. It also contains an example of why fuzz tes= ting Ada applications over C can actually identify more program anomalies (= again by leveraging the power of the Ada runtime checks). We're actually seeing a lot of interest in fuzz testing Ada programs and a = commercial need for an industrial grade fuzz testing solution for Ada. You may also want to have a look at ED-203A "Airworthiness Security Methods= and Considerations" which is a set of guidelines around ED-202A "Airworthi= ness Security Process Specification". This report explicitly mentions fuzz = testing as a means of identifying vulnerabilities and challenging security = measures within airborne software. In addition (and following on from a previous comment) one aspect we are ve= ry interested in exploring is being able to bolster existing unit test inpu= t data with a fuzzing campaign. Here we would take the existing test inputs= and feed them into the fuzzer as the starting corpus (in an automated fash= ion). Fuzz testing Ada programs may not currently be a thing, but it soon will be= ... ;-) Regards, Paul Butcher AdaCore