marina-p
commented
8 months ago Hello @vatlidak,
Thank you for raising this. We noticed this as well! The clarifying sentence is a good idea, will add this.
There's a related usability issue - users want to run one 'fuzz' mode and get the results, not have to try different/all fuzzing strategies separately. Currently there is a default strategy bfs-fast in fuzz mode (which causes confusion since it may never test some of the values provided in the dictionary even in very long runs). Perhaps there should be a balance of different strategies when none are specified by default.
Thanks,
Marina
vatlidak
Description
Hello to the RESTler family,
It has come to my attention that the vast majority of API fuzzers that compare against RESTler present experimental results that include comparison only against our BFS test generation strategy.
I think it's worth adding a sentence (next to our bibtex citation pointer) noting that "RESTler includes multiple test generation strategies and in order to get a comprehensive comparative view w.r.t. to (i) efficiency (i.e., how quickly can RESTler find crashes) and (ii) effectiveness (i.e., how many crashes can RESTler find in a give time frame), we recommend to compare against all documented ``fuzzing_mode(s)'' because each one provides a different trade-off between breadth and depth of state space exploration."
Thanks,
Vaggelis