Finding Bugs in TensorFlow with LibFuzzer
xkcd 1137 Over the past year, I've spent some time working on improving the robustness of TensorFlow. As I mentioned earlier, one of my goals for my time at Google was to dive into industry best-practices for writing good code . At Google, writing good code starts with careful programmers, requires good tests that get run on a fantastic internal testing infrastructure , is improved through code review , and makes use of several code quality tools and linters. One part of that testing that's been gaining more visibility recently is fuzzing - throwing random inputs at programs or libraries to try to cause them to crash. John Regehr has been fuzzing compilers for a while now - very effectively. (That link has a nice taxonomy of the types of fuzzers.) Google's Project Zero has been fuzzing the FreeType library for the last 4 years , and has found a tremendous number of security vulnerabilities in all sorts of programs. (This isn't to suggest fuzzing is new -