AFLplusplus
Cwerg
AFLplusplus | Cwerg | |
---|---|---|
16 | 59 | |
4,646 | 402 | |
1.8% | - | |
9.7 | 9.6 | |
4 days ago | 5 days ago | |
C | Python | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
AFLplusplus
-
Decoding C/C++ Compilation Process: From Source Code to Binary
It could be cool to see some explanation of CFG representations or GIMPLE/LLVM here. GCC/Clang can print those out as text, or just compile to that code and not go lower if you ask them to. There are some interesting things you can do with bytecode, like Rellic, AFL++, or optview2. It seems a bit reductive imo to go straight from high-level code to disassembly without at all examining any layers in between. Especially if we use something like Polygeist or CIR.
-
Why is my fuzzer running so slow?
Honestly, I wouldn't bother writing your own fuzzer, and just use one of the existing solutions, like afl++. Contrary to popular belief, good fuzzers do not just generate random bytes; the way they generate data depends on a genetic algorithm based on the code paths taken by the program. AFL++ can also fuzz regular binaries that weren't instrumented, but according to the documentation it is much less effective.
-
Olive programming language
Be outside the loop? At least that's how they do it in their example https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md
-
How do you test compiler projects?
I use fuzzers, as every programmer should, and do not commit unless my compiler can be fuzzed for at least 24 hours without any crashes (if I were selling the software, I'd increase that period). I use AFL++ in LTO mode and comby-decomposer with a crappy script I made to collect crash test cases. I am also interested in afl-compiler-fuzzer, but have not yet tried it. Later, I'd like to try my hand at making a test generator that reaches codegen more often (no compile errors in the random source code). I use afl-tmin to minimize test cases, but the result is always illegible without manual work, and usually has extra junk the minimizer is incapable of deleting. Something like C-Reduce would be useful here.
-
November 2022 monthly "What are you working on?" thread
1: https://github.com/ArkScript-lang/Ark 2: https://github.com/AFLplusplus/AFLplusplus
-
AFLplusplus VS jazzer.js - a user suggested alternative
2 projects | 12 Sep 2022
- New Mode for AFL++
-
Frelatage: A fuzzing library to find vulnerabilities and bugs in Python applications
Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris and PyFuzzer.The main purpose of the project is to take advantage of the best features of these fuzzers and gather them together into a new tool in order to efficiently fuzz python applications.
-
Fuzzing: Automated Bug Hunting in Software
I personally have not gone over any books over the topic so I cannot recommend books. However, there is a popular fuzzer known as AFL++ that specifies its technical workings and has a tutorial on its usage in the documentation. You can find it here. I found using the tool helped me gain a good understanding of the topic.
-
60x speed-up of Linux “perf”
With AFL++ you can even determine exactly where the fork happens:
https://github.com/AFLplusplus/AFLplusplus/blob/stable/instr...
Cwerg
-
Cwerg: C-like language that can be implemented in 10kLOC
Perhaps these have already been dealt with and I'm missing critical information. If so, my apologies. Great work, in any case.
[1] https://github.com/robertmuth/Cwerg/tree/master/FrontEnd#dis...
-
Where can I find resources and guides on how to build compiler backends?
Cwerg has backend that can be used as JIT and is written with readability in mind. Additional documentation can be found here: https://github.com/robertmuth/Cwerg/tree/master/Docs
- Most important language features not touched in the book "Crafting Interpreters"?
- Lack of resources in creating Assemblers from scratch.
-
Minimum ISA Capabilities to Support Most (Non-Interactive) Programs?
I defined a basic ISA-like IR for Cwerg. It has unlimited registers and no constraints on immediates.
-
How do you design a compiler and a language?
entire compiler front end ast nodes
-
Syntax Design
I was also going down the path of bike shedding concrete syntax for my language Cwerg before pulling the plug on that effort and just using s-exprs. I managed to make the s-expr quite succinct by carefully choosing the order of arguments so I can omit optional ones. Also very helpful was to use square brackets for list, e.g. (call fun-name [arg1 arg2]). This simplifies parsing a little bit and is easier on the eye. Here are some Code Examples
-
November 2022 monthly "What are you working on?" thread
I am iterating over the languages features for Cwerg's Frontend which aims to be a low level language with about the complexity of C but with some of the comforts of modern languages. I am especially happy with the choice of adding sum types. Relative to C the current feature set looks like this: Removed: * arrays decay to pointers * bitfields * separate compilation (more of a backend issue) * pre-processor * varargs * implcit type conversions * (untagged) unions * ++/-- * comma operator * implicitly nullable pointers * goto
- typed asts and codegen
- Features Compendium
What are some alternatives?
honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
mir - A lightweight JIT compiler based on MIR (Medium Internal Representation) and C11 JIT compiler and interpreter based on MIR
LibAFL - Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
tinycc - Unofficial mirror of mob development branch
oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
asmjit - Low-latency machine code generation
syzkaller - syzkaller is an unsupervised coverage-guided kernel fuzzer
bluebird - A work-in-progess programming language modeled after Ada and C++
American Fuzzy Lop - american fuzzy lop - a security-oriented fuzzer
asmdb - Instructions database and utilities for X86/X64 and ARM (THUMB/A32/A64) architectures.
sharpfuzz - AFL-based fuzz testing for .NET
boring-lang - A very boring programming language