American Fuzzy Lop
sanitizers
Our great sponsors
American Fuzzy Lop | sanitizers | |
---|---|---|
21 | 48 | |
2,903 | 10,796 | |
- | 2.1% | |
0.0 | 6.3 | |
almost 3 years ago | 4 days ago | |
C | C | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
American Fuzzy Lop
-
Prefer table driven tests (2019)
There's some efforts to guide test generation for property based testing to make the instruction pointer explore as large a space as possible.
This effort is more mature in the fuzzing community. See eg American Fuzzy Lop https://github.com/google/AFL
-
C++ Faker library
What you're describing, just generating random input to test a program, is sometimes called "blind fuzzing" but the state-of-the-art is far beyond that. Maybe try reading through the documentation of e.g. https://github.com/google/AFL to see what a fuzzer does and why just producing random input isn't even scratching the surface.
-
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
for general riscv I used to use this https://github.com/google/AFL I dont know if it supports x64 tho.
-
How to fuzz java code with jazzar?
Ex ( AFL, WinAFL, HonggFuzz, LibFuzzer, Jazzer )
-
One year ago I wrote a buddy memory allocator - project update
I wrote this little fuzz test target in order to fuzz it with afl (under ASan and UBSan):
-
Beariish/little: A small, easily embedded language implemented in a single .c file
afl, which is trivial to apply to this program:
-
TCL like interpreter suitable for embedded use
I made my own version of a TCL interpreter (well, a very TCL like langauge) derived from "picol" available at https://github.com/howerj/pickle. There are many different re-implementations and derivatives of this interpreter but they all seem very "crashy", this one has been significantly hardened by using a fuzzer on it which ran for months called American Fuzzy Lop https://lcamtuf.coredump.cx/afl/ . It is also more suitable for embedded use whilst still not having arbitrary restrictions like many other implementations.
-
What's in your tool belt?
On Linux afl is a very powerful bug-finding tool, and it's a great companion when doing code review. Composes well with ASan and UBSan.
- Afl - American fuzzy lop - a security-oriented fuzzer
-
Difficulty of CSCA48 compared to other first year cs/math courses
b-, https://lcamtuf.coredump.cx/afl/
sanitizers
-
Good resources for learning C in depth?
AddressSanitizer is really useful, it's similar to Valgrind but has much lower overhead.
-
Memory Allocators
And if you're up for it, I'd further recommend adding some ways to deal with buffer overflows in debug builds. The way I deal with this is by using Address-Sanitizer's manual poisoning api. Bonus point if you leave additional poisoned space between allocations so off by one errors are likely to end up in a poisoned region instead of nearby allocation.
- Exception thrown: write access violation
-
2023 Stack Overflow Survey: Rust is the most admired programming language, making it the most loved language for 8 years in a row
It also doesn't hurt that Miri can find many kinds of unsafe violations even in unsafe blocks. Zig may get something like this one day, but even if it does, checking things at runtime is not a substitute for compile time -- the C++ Sanitizers haven't exactly solved the safety story for C++ even over a decade later.
-
What's the best thing you've found in code? :
This is where stuff like ASan is really useful.
-
how do I check my library for memory leaks?
Use: https://github.com/google/sanitizers/wiki/AddressSanitizer
-
Is malloc_trim() safe to use?
Have you tried using tools like ASAN/LSAN or valgrind to confirm that there are indeed no memory leaks?
-
Having trouble with projects too long to post here.
Compile with ASAN and UBSAn
- Strange Segmentation Fault when accessing a Class inside a for loop.
- Will Carbon Replace C++?
What are some alternatives?
boofuzz - A fork and successor of the Sulley Fuzzing Framework
miri - An interpreter for Rust's mid-level intermediate representation
honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
spdlog - Fast C++ logging library.
Cppcheck - static analysis of C/C++ code
xeus-cling - Jupyter kernel for the C++ programming language
PHP CPP - Library to build PHP extensions with C++
plotters - A rust drawing library for high quality data plotting for both WASM and native, statically and realtimely 🦀 📈🚀
HTTP Parser - http request/response parser for c
Catch - A modern, C++-native, test framework for unit-tests, TDD and BDD - using C++14, C++17 and later (C++11 support is in v2.x branch, and C++03 on the Catch1.x branch)
ZXing - ZXing ("Zebra Crossing") barcode scanning library for Java, Android
doctest - The fastest feature-rich C++11/14/17/20/23 single-header testing framework