This is a simple technique for feeding random input to applications. While random testing is a time-honored technique, our approach has three characteristics that, when taken together, makes it somewhat different from other approaches.
- The input is completely random. We do not use any model of program behavior, application type, or system description.
- Our reliability criteria is simple: if the application crashes or hangs, it is considerd to fail the test, otherwise it passes. Note that the application does not have to respond in a sensible manner to the input, and it can even quietly exit.
- As a result of the first two characteristics, fuzz testing can be automated to a high degree and results can be compared across applications, operating systems, and vendors.
for more information.