American Fuzzy Lop VS buddy_alloc

There's some efforts to guide test generation for property based testing to make the instruction pointer explore as large a space as possible.

This effort is more mature in the fuzzing community. See eg American Fuzzy Lop https://github.com/google/AFL

What you're describing, just generating random input to test a program, is sometimes called "blind fuzzing" but the state-of-the-art is far beyond that. Maybe try reading through the documentation of e.g. https://github.com/google/AFL to see what a fuzzer does and why just producing random input isn't even scratching the surface.

for general riscv I used to use this https://github.com/google/AFL I dont know if it supports x64 tho.

Ex ( AFL, WinAFL, HonggFuzz, LibFuzzer, Jazzer )

I wrote this little fuzz test target in order to fuzz it with afl (under ASan and UBSan):

afl, which is trivial to apply to this program:

I made my own version of a TCL interpreter (well, a very TCL like langauge) derived from "picol" available at https://github.com/howerj/pickle. There are many different re-implementations and derivatives of this interpreter but they all seem very "crashy", this one has been significantly hardened by using a fuzzer on it which ran for months called American Fuzzy Lop https://lcamtuf.coredump.cx/afl/ . It is also more suitable for embedded use whilst still not having arbitrary restrictions like many other implementations.

On Linux afl is a very powerful bug-finding tool, and it's a great companion when doing code review. Composes well with ASan and UBSan.

b-, https://lcamtuf.coredump.cx/afl/

If you need a sub-allocator with predictable performance feel free to give it a try. The code is here and it is licensed under the 0BSD license, making it as lax and as close to public domain as possible. Comments, issues and PRs are always welcomed and appreciated. Thanks!

I maintain a project that's not technically MISRA compliant (due to being a memory allocator and MISRA disallowing the very idea) and I keep it at 100% test coverage with support for multiple compilers and operating systems. Over time I had a few users reporting back - since it's working for them I count that as success. Is it wildly popular ? Of course not, but it doesn't have to be.

You are right about the tests - they are written with 64-bit in mind. I ought to rework them to switch sizes based on arch but that will take a weekend. I've filed https://github.com/spaskalev/buddy_alloc/issues/19 to track this.

I also maintain a application-based malloc (that doesn't do obtaining and releasing memory through the OS, just managing sub-diving a larger memory block into smaller requests) at https://github.com/spaskalev/buddy_alloc - feel free to ping me with any questions about it.

I'm the author of https://github.com/spaskalev/buddy_alloc - a custom memory allocator for C (modern C11, works with C++ as well) designed for predictable and repeatable performance. It is suitable for use in embedded, games and any other system with soft or hard real-time demands. It has 100% line and branch test coverage and uses a fixed amount of space on the call stack when called. Recently the project had its first external contribution as well. Cheers!

I made a memory allocator that turned out rather neat - https://github.com/spaskalev/buddy_alloc