American Fuzzy Lop VS w64devkit

There's some efforts to guide test generation for property based testing to make the instruction pointer explore as large a space as possible.

This effort is more mature in the fuzzing community. See eg American Fuzzy Lop https://github.com/google/AFL

What you're describing, just generating random input to test a program, is sometimes called "blind fuzzing" but the state-of-the-art is far beyond that. Maybe try reading through the documentation of e.g. https://github.com/google/AFL to see what a fuzzer does and why just producing random input isn't even scratching the surface.

for general riscv I used to use this https://github.com/google/AFL I dont know if it supports x64 tho.

Ex ( AFL, WinAFL, HonggFuzz, LibFuzzer, Jazzer )

I wrote this little fuzz test target in order to fuzz it with afl (under ASan and UBSan):

afl, which is trivial to apply to this program:

I made my own version of a TCL interpreter (well, a very TCL like langauge) derived from "picol" available at https://github.com/howerj/pickle. There are many different re-implementations and derivatives of this interpreter but they all seem very "crashy", this one has been significantly hardened by using a fuzzer on it which ran for months called American Fuzzy Lop https://lcamtuf.coredump.cx/afl/ . It is also more suitable for embedded use whilst still not having arbitrary restrictions like many other implementations.

On Linux afl is a very powerful bug-finding tool, and it's a great companion when doing code review. Composes well with ASan and UBSan.

b-, https://lcamtuf.coredump.cx/afl/

Try w64devkit https://github.com/skeeto/w64devkit

Click "View raw" to download. The executable is just ~3kB. If you'd like to try building it yourself, I distribute a Windows XP-friendly, no-installation-required C and C++ toolchain, w64devkit. The 32-bit toolchains are labeled "i686" (on the right under "Releases"). The build command (cc ...) is at the top of the source file.

I bundle my preferred tools together in a standalone compiler toolkit for Windows: w64devkit. Except Git and documentation (see the links in the README), that's essentially everything I need to be productive.

I have a Dockerfile here that goes through all the steps bootstrapping a Mingw-w64 toolchain from source: https://github.com/skeeto/w64devkit

FWIW, both GNU objcopy and GNU ld (including e.g. the XCOPY-deployable ones from w64devkit[1]) are perfectly capable[2] of turning binary data into MSVC-acceptable COFF files with start and end symbols, while Free Pascal, for example, straight up ships with a bin2obj tool; the MSVC toolset is the outlier here.

[1] https://github.com/skeeto/w64devkit

[2] https://www.devever.net/~hl/incbin

Sounds like an high priority issue to solve first. I distribute a toolchain that doesn't require installation and includes a debugger: w64devkit (see "Releases"). You can pluck out the gdb.exe since it's statically linked and doesn't depend on anything else in the kit.

This particular case is a Windows program due to Winsock, and I happen to include all the above tools, except SDL2, a small Mingw-w64 distribution, w64devkit. So it doesn't take much!

Similar project providing slightly fewer tools: https://github.com/skeeto/w64devkit