Fuzzing Out Bugs in Safety-Critical Embedded Software
by Paul Butcher –
Software testing is inherently multifaceted. However, the recommended approach is not to pick and choose a single tool. Instead, modern-day safety and security critical verification testing guidelines propose that campaigns should incorporate multiple strategies. The icing on the cake is to leverage the results of one tool to inject as an input into another. The cherry on top is to construct an automated cyclic toolchain where multiple tools complement and feed into one another. In addition, by adding an automated test case generation aspect into the mix we can help ensure the campaigns remain dynamic which encourages growth in the test suite across the life of a program, from development to deployment and eventual decommissioning.
Unit and Fuzz testing are complementary technologies that very much fit the bill.
I spoke with Brandon Lewis from Embedded Computing Design about fuzz testing and the added assurance benefits of chaining Unit and Fuzz testing campaigns.
GNAT DAS: GNATcoverage | GNATtest | GNATfuzz
To learn more about the Embedded Toolbox series of PodCasts see here
About Paul Butcher
Paul is the UK Programme Manager, Head of Dynamic Analysis for AdaCore, and the Lead Engineer for GNATfuzz. He has over 25 years of experience in developing and verifying embedded safety-critical real-time systems. Before joining AdaCore, Paul was a consultant engineer, working for UK aerospace companies such as Leonardo Helicopters, BAE Systems, Thales UK, and QinetiQ. Before becoming a consultant, Paul worked as a Software Developer and Safety Engineer for the Typhoon platform, safety-critical automated train driving software, military UAVs, the Tactical Processor for the Wildcat platform, and mission planning systems for Typoon, EH101, and Wildcat. Paul graduated from the University of Portsmouth with a Bachelor’s Degree with Honours in Computing and a Higher National Diploma in Software Engineering.