American Fuzzy Lop
doctest
Our great sponsors
American Fuzzy Lop | doctest | |
---|---|---|
21 | 19 | |
2,903 | 5,574 | |
- | 2.0% | |
0.0 | 0.0 | |
almost 3 years ago | about 1 month ago | |
C | C++ | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
American Fuzzy Lop
-
Prefer table driven tests (2019)
There's some efforts to guide test generation for property based testing to make the instruction pointer explore as large a space as possible.
This effort is more mature in the fuzzing community. See eg American Fuzzy Lop https://github.com/google/AFL
-
C++ Faker library
What you're describing, just generating random input to test a program, is sometimes called "blind fuzzing" but the state-of-the-art is far beyond that. Maybe try reading through the documentation of e.g. https://github.com/google/AFL to see what a fuzzer does and why just producing random input isn't even scratching the surface.
-
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
for general riscv I used to use this https://github.com/google/AFL I dont know if it supports x64 tho.
-
How to fuzz java code with jazzar?
Ex ( AFL, WinAFL, HonggFuzz, LibFuzzer, Jazzer )
-
One year ago I wrote a buddy memory allocator - project update
I wrote this little fuzz test target in order to fuzz it with afl (under ASan and UBSan):
-
Beariish/little: A small, easily embedded language implemented in a single .c file
afl, which is trivial to apply to this program:
-
TCL like interpreter suitable for embedded use
I made my own version of a TCL interpreter (well, a very TCL like langauge) derived from "picol" available at https://github.com/howerj/pickle. There are many different re-implementations and derivatives of this interpreter but they all seem very "crashy", this one has been significantly hardened by using a fuzzer on it which ran for months called American Fuzzy Lop https://lcamtuf.coredump.cx/afl/ . It is also more suitable for embedded use whilst still not having arbitrary restrictions like many other implementations.
-
What's in your tool belt?
On Linux afl is a very powerful bug-finding tool, and it's a great companion when doing code review. Composes well with ASan and UBSan.
- Afl - American fuzzy lop - a security-oriented fuzzer
-
Difficulty of CSCA48 compared to other first year cs/math courses
b-, https://lcamtuf.coredump.cx/afl/
doctest
-
Unit testing tool suggestions
I have never used "tools" for unit-tests, only web sites that show the results of the tests or code coverage. For C++ I prefer https://github.com/doctest/doctest but most companies I worked for use Catch2.
-
Question about Doctest.h
Do the README and tutorial not explain it well enough? It's a framework for automated unit testing.
- Doctest – C++ Testing Framework
-
Memory Safety in the D Programming Language (Part 2 of N)
This is, honestly, super easy to get going. Nowadays you have a ton of libraries and more-than-decent build systems. With Meson/CMake and Conan/Vcpkg I can set up a project with testing in 3 minutes. Also, I think that at the end of the day you want your tests to live somewhere else. But if you want to embed them, you also have https://github.com/doctest/doctest.
-
how can I improve my connect4 board class?
Write some tests. They can find bugs early and give you confidence that your code works so far. That doesn't have to be anything fancy, e.g. with doctest:
-
Testing framework Catch2 3.0 final released
Keep in mind https://github.com/doctest/doctest/issues/554. Also, doctest lacks: - Matchers - Data generators - Benchmarking - ...
-
Check if my code meets the requirements?
Your requirements can easily simulated on paper (like increase the speed once, twice, ...), then translated to unit-tests with a framework like https://github.com/doctest/doctest.
-
The Lisp Curse
I like working in C++, after a decade of working in Java, Python, Javascript and Clojure, I find working in C++ (which I learned before these other languages) to be quite fun and pleasant, at least with relatively modern C++.
I've been, on and off, working on a little toy game engine, for a few years. Its a mix of keeping up with C++ advancements, learning various concepts like physically based rendering, and just the fun of crafting a big project, with no constraints other than my time and ability, no deadlines, no expectation of releasing anything. Its cathartic and enjoyable. I really do enjoy it.
Last September, I got frustrated with something I was working on in a more serious capacity. It was some server software, it responded to HTTP requests, it accessed third party services over HTTP and Websockets, it talked to a Postgres database. Overall it was an event driven system that transformed data and generated actions that would be applied by talking to third party services. The "real" version was written in Clojure and it worked pretty well. I really like Clojure, so all good.
But because I was frustrated with some things about how it ran and the resources it took up, I wondered what it would be like if I developed a little lean-and-mean version in C++. So I gave it a try as a side project for a few weeks. I used doctest[1] for testing, immer[2] for Clojure-like immutable data structures, [3] lager for Elm-like application state and logic management, Crow[4] for my HTTP server, ASIO[5] and websocketpp[6] for Websockets, cpp-httplib[7] as a HTTP client and PGFE[8] for Postgres, amongst some other little utility libraries. I also wrote it in a Literate Programming style using Entangled[9], which helped me keep everything well documented and explained.
For the most part, it worked pretty well. Using immer and lager helped keep the logic safe and to the point. The application started and ran very quickly and used very little cpu or memory. However, as the complexity grew, especially when using template heavy libraries like lager, or dealing with complex things like ASIO, it became very frustrating to deal with errors. Template errors even on clang became incomprehensible and segmentation faults when something wasn't quite right became pretty hard to diagnose. I had neither of these problems working on my game engine, but both became issues on this experiment. After a few weeks, I gave up on it. I do think I could have made it work and definitely could go back and simplify some of the decisions I made to make it more manageable, but ultimately, it was more work than I had free time to dedicate to it.
So my experience was that, yes, you can write high level application logic for HTTP web backends in C++. You can even use tools like immer or lager to make it feel very functional-programming in style and make the application logic really clean. Its not hard to make it run efficiently both in terms of running time and memory usage, certainly when comparing to Clojure or Python. However, I found that over all, it just wasn't as easy or productive as either of those languages and I spent more time fighting the language deficiencies, even with modern C++, than I do when using Clojure or Python.
I think I would think very long and hard before seriously considering writing a web backend in C++. If I had the time, I'd love to retry the experiment but using Rust, to see how it compares.
[1] https://github.com/doctest/doctest
[2] https://github.com/arximboldi/immer
[3] https://github.com/arximboldi/lager
[4] https://github.com/CrowCpp/crow
[5] https://think-async.com/Asio/
[6] https://www.zaphoyd.com/projects/websocketpp/
[7] https://github.com/yhirose/cpp-httplib
[8] https://github.com/dmitigr/pgfe
[9] https://entangled.github.io/
-
C++17 python like print function
For stuff like this which is very easy to test (very predefined input vs output), I highly suggest using some testing framework. Catch2 is great, but there is also doctest and good ole googletest. If you do this, it would also be a great intro to CI, where you do some plumbing on github or gitlab where every commit causes a build to happen on their servers and run through the unit tests, and if it passes it gets merged into master.
-
How to unit test
doctest is my favorite framework. Really simple to use, header only, supports compile-time tests, lots of features and it works well with cmake.
What are some alternatives?
boofuzz - A fork and successor of the Sulley Fuzzing Framework
Catch - A modern, C++-native, test framework for unit-tests, TDD and BDD - using C++14, C++17 and later (C++11 support is in v2.x branch, and C++03 on the Catch1.x branch)
honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
Google Test - GoogleTest - Google Testing and Mocking Framework
Cppcheck - static analysis of C/C++ code
Google Mock
HTTP Parser - http request/response parser for c
Boost.Test - The reference C++ unit testing framework (TDD, xUnit, C++03/11/14/17)
PHP CPP - Library to build PHP extensions with C++
CppUTest - CppUTest unit testing and mocking framework for C/C++
ZXing - ZXing ("Zebra Crossing") barcode scanning library for Java, Android
Unity Test API - Simple Unit Testing for C