JQF
American Fuzzy Lop
JQF | American Fuzzy Lop | |
---|---|---|
3 | 21 | |
633 | 2,903 | |
- | - | |
6.3 | 0.0 | |
7 months ago | almost 3 years ago | |
Java | C | |
BSD 2-clause "Simplified" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
JQF
-
CS 6120: Advanced Compilers: The Self-Guided Online Course
We are working on projects related with cybersecurity and compilers. A reference we look at is [1] and [2]. I think we can publish the results in the coming months.
[1] https://github.com/rohanpadhye/jqf/wiki/Fuzzing-a-Compiler
[2] https://news.ycombinator.com/item?id=36373410
-
GitHub Copilot for JetBrains and Neovim
QuickcCheck-type tools (generators for tests that know about the edge cases of a domain - e. g. for the domain of numbers considering things like 0, the infinities, various almost-and-just-over powers of two, NaN and mantissas for floats, etc.):
* QuickCheck: https://hackage.haskell.org/package/QuickCheck
* Hypothesis: https://hypothesis.readthedocs.io/en/latest/
* JUnit QuickCheck: https://github.com/pholser/junit-quickcheck
Fuzz testing tools (tools which mutate the inputs to a program in order to find interesting / failing states in that program). Generally paired with code coverage:
* American Fuzzy Lop (AFL): https://github.com/google/AFL
* JQF: https://github.com/rohanpadhye/JQF
Mutation / Fault based test tools (review your existing unit coverage and try to introduce changes to your _production_ code that none of your tests catch)
* PITest: https://pitest.org/
-
Jazzer brings modern fuzz testing to the JVM
If you are interested in fuzzing your Java code, you should also have a look at the JQF project which directly integrates with junit tests: https://github.com/rohanpadhye/JQF
American Fuzzy Lop
-
Prefer table driven tests (2019)
There's some efforts to guide test generation for property based testing to make the instruction pointer explore as large a space as possible.
This effort is more mature in the fuzzing community. See eg American Fuzzy Lop https://github.com/google/AFL
-
C++ Faker library
What you're describing, just generating random input to test a program, is sometimes called "blind fuzzing" but the state-of-the-art is far beyond that. Maybe try reading through the documentation of e.g. https://github.com/google/AFL to see what a fuzzer does and why just producing random input isn't even scratching the surface.
-
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
for general riscv I used to use this https://github.com/google/AFL I dont know if it supports x64 tho.
-
How to fuzz java code with jazzar?
Ex ( AFL, WinAFL, HonggFuzz, LibFuzzer, Jazzer )
-
One year ago I wrote a buddy memory allocator - project update
I wrote this little fuzz test target in order to fuzz it with afl (under ASan and UBSan):
-
Beariish/little: A small, easily embedded language implemented in a single .c file
afl, which is trivial to apply to this program:
-
TCL like interpreter suitable for embedded use
I made my own version of a TCL interpreter (well, a very TCL like langauge) derived from "picol" available at https://github.com/howerj/pickle. There are many different re-implementations and derivatives of this interpreter but they all seem very "crashy", this one has been significantly hardened by using a fuzzer on it which ran for months called American Fuzzy Lop https://lcamtuf.coredump.cx/afl/ . It is also more suitable for embedded use whilst still not having arbitrary restrictions like many other implementations.
-
What's in your tool belt?
On Linux afl is a very powerful bug-finding tool, and it's a great companion when doing code review. Composes well with ASan and UBSan.
- Afl - American fuzzy lop - a security-oriented fuzzer
-
Difficulty of CSCA48 compared to other first year cs/math courses
b-, https://lcamtuf.coredump.cx/afl/
What are some alternatives?
jqwik - Property-Based Testing on the JUnit Platform
boofuzz - A fork and successor of the Sulley Fuzzing Framework
junit-quickcheck - Property-based testing, JUnit-style
honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
fuzzing - Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
Cppcheck - static analysis of C/C++ code
fast-check - Property based testing framework for JavaScript (like QuickCheck) written in TypeScript
HTTP Parser - http request/response parser for c
copilot-docs - Documentation for GitHub Copilot
PHP CPP - Library to build PHP extensions with C++
fuzzcheck-rs - Modular, structure-aware, and feedback-driven fuzzing engine for Rust functions
ZXing - ZXing ("Zebra Crossing") barcode scanning library for Java, Android