AdaCore Blog

Fuzzing Out Bugs in Safety-Critical Embedded Software

by Paul Butcher

Software testing is inherently multifaceted. However, the recommended approach is not to pick and choose a single tool. Instead, modern-day safety and security critical verification testing guidelines propose that campaigns should incorporate multiple strategies. The icing on the cake is to leverage the results of one tool to inject as an input into another. The cherry on top is to construct an automated cyclic toolchain where multiple tools complement and feed into one another. In addition, by adding an automated test case generation aspect into the mix we can help ensure the campaigns remain dynamic which encourages growth in the test suite across the life of a program, from development to deployment and eventual decommissioning.

Unit and Fuzz testing are complementary technologies that very much fit the bill.

I spoke with Brandon Lewis from Embedded Computing Design about fuzz testing and the added assurance benefits of chaining Unit and Fuzz testing campaigns.

GNAT DAS: GNATcoverage | GNATtest | GNATfuzz

To learn more about the Embedded Toolbox series of PodCasts see here

Posted in #Security    #Fuzzing    #Ada   

About Paul Butcher

Paul Butcher

Paul is the UK Programme Manager for AdaCore and the Lead Engineer for GNATfuzz and has over 25 years of experience in embedded safety-critical real-time systems. Before joining AdaCore, Paul was a consultant engineer for ten years, working for UK aerospace companies such as Leonardo Helicopters, BAE Systems, Thales UK, and QinetiQ. Before becoming a consultant, Paul worked on the Typhoon platform and safety-critical software developments in the rail sector for BAE Systems and military UAVs for Thales UK. Paul graduated from the University of Portsmouth with a Bachelor's Degree with Honours in Computing and a Higher National Diploma in Software Engineering.