fuzzcheck-rs
autocxx
Our great sponsors
fuzzcheck-rs | autocxx | |
---|---|---|
8 | 17 | |
421 | 2,038 | |
- | 2.0% | |
5.5 | 7.7 | |
6 months ago | about 1 month ago | |
Rust | Rust | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
fuzzcheck-rs
-
Fuzzcheck (a structure-aware Rust fuzzer)
Fuzzcheck is a structure-aware fuzzer for rust. "Fuzzing" means feeding large amounts of data into a program and checking for crashes (Fuzzcheck also checks to make sure that all the properties your program should uphold – e.g. a sorting algorithm applied to a list of n items should always return a list of n items – are upheld). Fuzzcheck is an "evolutionary" fuzzer – this means that it generates a set of random inputs, sees what percentage of the program is executed for each input, and keeps inputs which have high levels of percentage of program executed. It then "mutates" these inputs – whereas fuzzers such as AFL/Hongfuzz/etc mutate raw bytes in place (e.g. they swap bytes at different positions, or insert a random byte at a given position to generate inputs similar to the chosen "high coverage" inputs), Fuzzcheck works directly on the Rust types (so it might swap the order of two items in a vec, or randomly insert a new item). It's a really powerful tool for finding lots of bugs.
-
fuzzcheck 0.9 release - run coverage-guided fuzz tests alongside your regular unit tests + code coverage visualiser + new online guide and improved documentation
If you want help with Win support (issues/8) maybe post it here to get it added to TWIR.
-
What's everyone working on this week (43/2021)?
I am working on a code coverage viewer for my fuzzer (fuzzcheck). I described what I've done so far in this issue and I am hoping to release the first version within two weeks.
-
What's everyone working on this week (31/2021)?
The implications for my fuzzer, fuzzcheck, are huge! Compiling fuzz tests is a lot easier. There should be no more need to create a separate fuzz folder, fuzz tests can be regular #[test] functions, private implementation details can be fuzz-tested as well, rust-analyser works as expected, documentation can be easily generated, etc. I can also attach a human-readable coverage report to every test case :)
-
What's everyone working on this week (30/2021)?
Since I graduated, I have had a lot more time to work on fuzzcheck. I am trying to flesh it out, test it, and document it for a new release. It has always felt a bit rushed/experimental and now I am hoping to make it into something solid. I have also played with an egui interface for it, to visualise the tested code coverage, understand how the fuzzer’s decisions are made, and also to interactively tweak the fuzzer’s behaviour. It's a lot of work but it's slowly all coming together! :)
-
What's your favourite under-rated Rust crate and why?
fuzzcheck-rs is really cool. It combines property-testing with fuzzing, getting the nice, structured nature of the former, and the coverage-driven search of the latter, but it works by mutating the structure directly instead of going through a bit string. So if you have a binary tree, going from A(B, C) to A(C, B) can be a single mutation away if that makes sense in your use case, instead of being arbitrarily far away in the bitstring approach.
- Fuzzcheck: Structure and coverage guided fuzzing for Rust
autocxx
-
How do you feel about comments made by Tim Sweeney?
Meanwhile, one of the best C++ sources which community mostly think of - Chromium - starting to experience with Rust. If i'm not mistaken using https://github.com/google/autocxx
-
The Val Object Model : Dave Abrahams, Sean Parent, Dimitri Racordon, David Sankel
There's bindgen, cxx and autocxx. Obviously not as convenient as C++ calling C++; the more you need to interoperate with C++ code the more it makes sense to just stay with C++.
-
Are we reference yet? C++ references in Rust
If you want to reach the author for a correction, perhaps leave a comment on the Medium post or perhaps mention it on the autocxx PR I found this article from.
-
The Unicode Consortium announces ICU4X 1.0, its new high-performance internationalization library. It's written in Rust, with official C++ and JavaScript wrappers available.
Rust and C++ are not directly interoperable, but you can try to use some fancy libraries if your C++ codebase is simple. Google is taking on this gargantuan task with autocxx. I believe it is related to their exploration efforts to bring Rust to Chrome.
-
Mark Russinovich (Azure CTO): "it's time to halt starting any new projects in C/C++ and use Rust"
I used autocxx in a recent project and was amazed at how easy it was to call into C++ -- Rust Analyzer was even able to provide completion hints.
-
The State Of Rust In 2022 – De Programmatica Ipsum
Sure, they can improve C++ interop - and they have been - but that doesn't help them maintain the dozens of millions of lines of C++ they (Google, and others) currently have. Carbon is a pragmatic solution to the state of affairs in C++ that doesn't require them to rewrite all of their existing code to improve its maintainability.
-
Programming languages endorsed for server-side use at Meta
The areas you mentioned (CLI, web services, low level systems programming) are not mutually exclusive. Doing a good job on one doesn't mean something else is affected.
The folks who worked on the most popular command line argument parser (https://docs.rs/clap/latest/clap/#example) made a positive contribution that didn't detract from any other use case.
Similarly, the folks working on improving Rust for web services will also make it better for systems programming. In a blog post published today (https://blog.rust-lang.org/inside-rust/2022/07/27/keyword-ge...), they discuss keyword generics, a feature that will be equally helpful for `async` code and `const` functions evaluated at compile time.
There is already some interoperability with C++ (http://cxx.rs) and ongoing research into automating this interoperability (https://github.com/google/autocxx, https://github.com/google/crubit). Feels like there's enough effort
-
Google brands Carbon language as an 'experimental successor to C++'
That's not at all in Rust's bill, it needs an interaction layer to talk to C++. Efforts like cxx (and google's own autocxx) try to make this layer more automated and less painful, but the layer is still there, it still has a cost, and it doesn't erase the impedance mismatches between the languages.
-
Carbon Language: An experimental successor to C++
Notably Google is also investing in autocxx to make C++/Rust bidirectional interoperation easier
-
Carbon - an experimental C++ successor language
Again, not really...? A lot of the proposed ABI changes (for C++ - I don't know what they're planning for Carbon) are trivial to automatically fix if you have source access. If you don't have source access, you "only" need to maintain the ABI at the boundaries between foreign code and your code, which is quite possible (especially after the success of autocxx and related projects in the Rust <-> C++ world)
What are some alternatives?
openapi-fuzzer - Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
cxx - Safe interop between Rust and C++
rs_pbrt - Rust crate to implement a counterpart to the PBRT book's (3rd edition) C++ code. See also https://www.rs-pbrt.org/about ...
rust-bindgen - Automatically generates Rust FFI bindings to C (and some C++) libraries.
phpass - PHPass, the WordPress password hasher, re-implemented in rust
TIC-80 - TIC-80 is a fantasy computer for making, playing and sharing tiny games.
structopt - Parse command line arguments by defining a struct.
gdnative - Rust bindings for Godot 3
enum-map
carbon-lang - Carbon Language's main repository: documents, design, implementation, and related tools. (NOTE: Carbon Language is experimental; see README)
uivonim - Fork of the Veonim Neovim GUI
jakt - The Jakt Programming Language