fuzzcheck-rs
diem
Our great sponsors
fuzzcheck-rs | diem | |
---|---|---|
8 | 15 | |
421 | 16,697 | |
- | 0.1% | |
5.5 | 5.9 | |
6 months ago | 8 days ago | |
Rust | Rust | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
fuzzcheck-rs
-
Fuzzcheck (a structure-aware Rust fuzzer)
Fuzzcheck is a structure-aware fuzzer for rust. "Fuzzing" means feeding large amounts of data into a program and checking for crashes (Fuzzcheck also checks to make sure that all the properties your program should uphold – e.g. a sorting algorithm applied to a list of n items should always return a list of n items – are upheld). Fuzzcheck is an "evolutionary" fuzzer – this means that it generates a set of random inputs, sees what percentage of the program is executed for each input, and keeps inputs which have high levels of percentage of program executed. It then "mutates" these inputs – whereas fuzzers such as AFL/Hongfuzz/etc mutate raw bytes in place (e.g. they swap bytes at different positions, or insert a random byte at a given position to generate inputs similar to the chosen "high coverage" inputs), Fuzzcheck works directly on the Rust types (so it might swap the order of two items in a vec, or randomly insert a new item). It's a really powerful tool for finding lots of bugs.
-
fuzzcheck 0.9 release - run coverage-guided fuzz tests alongside your regular unit tests + code coverage visualiser + new online guide and improved documentation
If you want help with Win support (issues/8) maybe post it here to get it added to TWIR.
-
What's everyone working on this week (43/2021)?
I am working on a code coverage viewer for my fuzzer (fuzzcheck). I described what I've done so far in this issue and I am hoping to release the first version within two weeks.
-
What's everyone working on this week (31/2021)?
The implications for my fuzzer, fuzzcheck, are huge! Compiling fuzz tests is a lot easier. There should be no more need to create a separate fuzz folder, fuzz tests can be regular #[test] functions, private implementation details can be fuzz-tested as well, rust-analyser works as expected, documentation can be easily generated, etc. I can also attach a human-readable coverage report to every test case :)
-
What's everyone working on this week (30/2021)?
Since I graduated, I have had a lot more time to work on fuzzcheck. I am trying to flesh it out, test it, and document it for a new release. It has always felt a bit rushed/experimental and now I am hoping to make it into something solid. I have also played with an egui interface for it, to visualise the tested code coverage, understand how the fuzzer’s decisions are made, and also to interactively tweak the fuzzer’s behaviour. It's a lot of work but it's slowly all coming together! :)
-
What's your favourite under-rated Rust crate and why?
fuzzcheck-rs is really cool. It combines property-testing with fuzzing, getting the nice, structured nature of the former, and the coverage-driven search of the latter, but it works by mutating the structure directly instead of going through a bit string. So if you have a binary tree, going from A(B, C) to A(C, B) can be a single mutation away if that makes sense in your use case, instead of being arbitrarily far away in the bitstring approach.
- Fuzzcheck: Structure and coverage guided fuzzing for Rust
diem
- Diem – Facebook open source Cryptocurrency written in Rust
- Zig, the Small Language
-
Fuzzcheck (a structure-aware Rust fuzzer)
I implemented this for proptest + cargo fuzz a while ago as well: https://github.com/diem/diem/blob/main/testsuite/diem-fuzzer/src/lib.rs
-
Are there any big projects written in Rust without any use of unsafe code?
I believe diem has over 250kLOC and no unsafe code
-
Crowdloans on Kusama continue. Important news!
Pontem is an experimental network for the Diem coin (previously the project had the designation LIBRA and has been under development for several years). The project site is diem.com.
- the diem coin will be built on a native Facenook Blockchain or is the hypothesis that it can be based on Algorand well founded and has a minimum of sense?
-
Async Rust: history strikes back
This is a common confusion for newcomers, as the keyword has a different (yet somewhat related) meaning depending on the context. Libra actually had a soundness bug because of confusion about this in combination with unsafe.
What are some alternatives?
openapi-fuzzer - Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
hyperspace - Metaverse Hyperspace Chain, Hybrid PoW/PoS consensus full node with EVM compatible VM and smart tokens(FT/NFT).
rs_pbrt - Rust crate to implement a counterpart to the PBRT book's (3rd edition) C++ code. See also https://www.rs-pbrt.org/about ...
go-concise-encoding - Golang implementation of Concise Binary and Text Encoding
phpass - PHPass, the WordPress password hasher, re-implemented in rust
cardano-serialization-lib - This is a library, written in Rust, for serialization & deserialization of data structures used in Cardano's Haskell implementation of Alonzo along with useful utility functions.
structopt - Parse command line arguments by defining a struct.
Demo
enum-map
trophy-case - 🏆 Collection of bugs uncovered by fuzzing Rust code
uivonim - Fork of the Veonim Neovim GUI
abstreet - Transportation planning and traffic simulation software for creating cities friendlier to walking, biking, and public transit