candy icon indicating copy to clipboard operation
candy copied to clipboard
verified publisher icon candy-lang

Data Flow or Null Hypothesis/Alternative Hypotheses

Open fpottbaecker opened this issue 2 years ago • 0 comments

Given the following function

foo value1 value2 =
  needs (int.is value1)
  needs (text.is value2)
 [...]

we can assume that it will always panic with us at fault for non ints in value1 and non texts in value2.

This is also a lot of initial fuzzing that takes place without being fully necessary, since we could use the data flow of the function to generate hypotheses (maybe for .is or another small sets of checks):

Null Hypothesis: The function will not panic if value1 is an int and it value2 is a text Alternative Hypotheses:

  • The function will panic with us at fault if (value1 is a {list, text, ...} and value2 is anything)
  • The function will panic with us a fault if (value1 is an int and value2 is a {int, list, ...})

So, in essence, the fuzzer could focus on testing the null hypothesis, with some tests for the alternative hypotheses sprinkled in.

fpottbaecker avatar Aug 31 '23 18:08 fpottbaecker