American Fuzzy Lop
buddy_alloc
Our great sponsors
American Fuzzy Lop | buddy_alloc | |
---|---|---|
21 | 7 | |
2,903 | 117 | |
- | - | |
0.0 | 7.3 | |
almost 3 years ago | 25 days ago | |
C | C | |
Apache License 2.0 | BSD Zero Clause License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
American Fuzzy Lop
-
Prefer table driven tests (2019)
There's some efforts to guide test generation for property based testing to make the instruction pointer explore as large a space as possible.
This effort is more mature in the fuzzing community. See eg American Fuzzy Lop https://github.com/google/AFL
-
C++ Faker library
What you're describing, just generating random input to test a program, is sometimes called "blind fuzzing" but the state-of-the-art is far beyond that. Maybe try reading through the documentation of e.g. https://github.com/google/AFL to see what a fuzzer does and why just producing random input isn't even scratching the surface.
-
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
for general riscv I used to use this https://github.com/google/AFL I dont know if it supports x64 tho.
-
How to fuzz java code with jazzar?
Ex ( AFL, WinAFL, HonggFuzz, LibFuzzer, Jazzer )
-
One year ago I wrote a buddy memory allocator - project update
I wrote this little fuzz test target in order to fuzz it with afl (under ASan and UBSan):
-
Beariish/little: A small, easily embedded language implemented in a single .c file
afl, which is trivial to apply to this program:
-
TCL like interpreter suitable for embedded use
I made my own version of a TCL interpreter (well, a very TCL like langauge) derived from "picol" available at https://github.com/howerj/pickle. There are many different re-implementations and derivatives of this interpreter but they all seem very "crashy", this one has been significantly hardened by using a fuzzer on it which ran for months called American Fuzzy Lop https://lcamtuf.coredump.cx/afl/ . It is also more suitable for embedded use whilst still not having arbitrary restrictions like many other implementations.
-
What's in your tool belt?
On Linux afl is a very powerful bug-finding tool, and it's a great companion when doing code review. Composes well with ASan and UBSan.
- Afl - American fuzzy lop - a security-oriented fuzzer
-
Difficulty of CSCA48 compared to other first year cs/math courses
b-, https://lcamtuf.coredump.cx/afl/
buddy_alloc
-
buddy memory allocator - project update (2 years)
If you need a sub-allocator with predictable performance feel free to give it a try. The code is here and it is licensed under the 0BSD license, making it as lax and as close to public domain as possible. Comments, issues and PRs are always welcomed and appreciated. Thanks!
-
Open-source MISRA-compliant projects
I maintain a project that's not technically MISRA compliant (due to being a memory allocator and MISRA disallowing the very idea) and I keep it at 100% test coverage with support for multiple compilers and operating systems. Over time I had a few users reporting back - since it's working for them I count that as success. Is it wildly popular ? Of course not, but it doesn't have to be.
-
One year ago I wrote a buddy memory allocator - project update
You are right about the tests - they are written with 64-bit in mind. I ought to rework them to switch sizes based on arch but that will take a weekend. I've filed https://github.com/spaskalev/buddy_alloc/issues/19 to track this.
-
is there some good tutorial about how malloc or mcheck works?
I also maintain a application-based malloc (that doesn't do obtaining and releasing memory through the OS, just managing sub-diving a larger memory block into smaller requests) at https://github.com/spaskalev/buddy_alloc - feel free to ping me with any questions about it.
-
I'm giving out microgrants to open source projects for the third year in a row! Brag about your projects here so I can see them, big or small!
I'm the author of https://github.com/spaskalev/buddy_alloc - a custom memory allocator for C (modern C11, works with C++ as well) designed for predictable and repeatable performance. It is suitable for use in embedded, games and any other system with soft or hard real-time demands. It has 100% line and branch test coverage and uses a fixed amount of space on the call stack when called. Recently the project had its first external contribution as well. Cheers!
-
What is your own favorite C project?
I made a memory allocator that turned out rather neat - https://github.com/spaskalev/buddy_alloc
What are some alternatives?
boofuzz - A fork and successor of the Sulley Fuzzing Framework
rpmalloc - Public domain cross platform lock free thread caching 16-byte aligned memory allocator implemented in C
honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
VulkanMemoryAllocator - Easy to integrate Vulkan memory allocation library
Cppcheck - static analysis of C/C++ code
isoalloc - A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance
PHP CPP - Library to build PHP extensions with C++
gunslinger - C99, header-only framework for games and multimedia applications
HTTP Parser - http request/response parser for c
rotate - [WIP] static typed programming language that compiles to vm bytecode
ZXing - ZXing ("Zebra Crossing") barcode scanning library for Java, Android
microui - A tiny immediate-mode UI library