ROS Resources: Documentation | Support | Discussion Forum | Service Status | Q&A answers.ros.org

Sanitizing and Fuzzing Tutorials


#1

At the ROS Industrial Conference there was an interesting presentation and demonstration by Adam Alami and Zhoulai Fu. They mentioned sanitizing and fuzzing (fuzz testing) as additional techniques to improve code quality. However, on the ROS Software Quality Hub there is no information on these topics yet. Are you aware of existing tutorials on these topics? If not, what are good references / starting points to start using these techniques in ROS?


#2

Thanks for your interests. Indeed, sanitizing and fuzzing techniques have been widely used in the software industry. We are planning to write tutorials on these topics. Meanwhile, if you are interested, you can find relevant materials under other contexts, e.g., https://fuzzing-project.org/tutorial2.htm, by one of our collaborators Hanno Böck, or Clang’s tutorials: https://clang.llvm.org/docs/AddressSanitizer.html.


#3

There is also https://github.com/ros-testing/hypothesis-ros


#4

In case you want to fuzz Python (CPython) on the source code level there are some references in the python-afl project repo.


#5

There are some project forks with potentially additional functionality. However in case someone wants to add further data generation functionality please take a look at Generic mapping of rospy message classes to hypothesis-ros strategies and consider the approach discussed instead of adding explicit data generators (what’s done in the project forks).


#6

I was hired by ITU for a 2 month project to test ROS with the sanitizers.
I wrote together a small report about our experiences and findings:

This was a temporary project that ended now, but I’m still happy to answer any questions.