You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The library currently uses Math.random() for generating random values during testing. While Math.random() is "good enough" for creating values, it cannot be seeded for reproducible values. This prevents someone from being able to re-run a failing test with the same values, including ourselves.1
Requirements
The algorithm MUST be seedable and deterministic.
Tests must be reproducible in cases of failing tests that need to be explored further by the maintainers.
The algorithm MUST produce a reasonably random and distributed set of values.
Cryptographic security is outside the scope of this library,2 but it still needs to be able to provide a good variety over the course of testing.
The algorithm MUST be as fast as possible.
Each fuzz test runs 100 times by default. This means generating 100 values for a primitive alone; this number grows exponentially for product types, such as objects and arrays. Nontrivial test suites must be able to run reasonably fast, otherwise the library will go unused.
This library aims to be self-testing before its initial release. ↩
If you require cryptographically secure value generation as part of your tests, consider using a fuzzer to generate a seed value, then use Fuzzer.map() or one of its variants to pass that to a more secure function. Just be sure the function you use does not rely on any global values, like the current time! If you're not sure, there's no better time than the present to review arbitrary code you're pulling in from outside sources. :-) ↩
The text was updated successfully, but these errors were encountered:
Description
The library currently uses
Math.random()
for generating random values during testing. WhileMath.random()
is "good enough" for creating values, it cannot be seeded for reproducible values. This prevents someone from being able to re-run a failing test with the same values, including ourselves.1Requirements
The algorithm MUST be seedable and deterministic.
Tests must be reproducible in cases of failing tests that need to be explored further by the maintainers.
The algorithm MUST produce a reasonably random and distributed set of values.
Cryptographic security is outside the scope of this library,2 but it still needs to be able to provide a good variety over the course of testing.
The algorithm MUST be as fast as possible.
Each fuzz test runs 100 times by default. This means generating 100 values for a primitive alone; this number grows exponentially for product types, such as objects and arrays. Nontrivial test suites must be able to run reasonably fast, otherwise the library will go unused.
Potential Algorithms
Footnotes
This library aims to be self-testing before its initial release. ↩
If you require cryptographically secure value generation as part of your tests, consider using a fuzzer to generate a seed value, then use
Fuzzer.map()
or one of its variants to pass that to a more secure function. Just be sure the function you use does not rely on any global values, like the current time! If you're not sure, there's no better time than the present to review arbitrary code you're pulling in from outside sources. :-) ↩The text was updated successfully, but these errors were encountered: