scratch VS American Fuzzy Lop

pbmview, an image viewer (windows subsystem).

For comparison (for those following along): https://github.com/skeeto/scratch/blob/master/parsers/qoi.c https://github.com/skeeto/scratch/blob/master/parsers/ini.c

Another option I learned a couple years ago is embedding a UTF-8 manifest ([details])[https://github.com/skeeto/scratch/tree/master/libwinsane]. Also put the console in UTF-8 mode (SetConsoleOutputCP(CP_UTF8)), and you're done. Works on Windows 10 and later. This covers everything: argv is UTF-8 and fopen accepts UTF-8 paths. (This is exactly how CRTs should have worked all along.)

I was thinking more about this and I realized it's quite easy to do it in arbitrary precision, so here's my take: https://github.com/skeeto/scratch/blob/master/misc/bswap.c

As was linked from my QOI article, here's my full decoder with comments: qoi.c. Each pixel decodes to a 32-bit integer, ABGR. That corresponds to SDL's SDL_PIXELFORMAT_ABGR8888. SDL_UpdateTexture copies that data into the texture's internal storage, and font is no longer needed. (In a real program I'd allocate it in a scratch arena, reset after initialization.)

A recent, interesting experience with function+context allocation: For more than a decade, Windows accidentally exposed part of zlib in a public DLL, and (overly-)clever applications can exploit this as a "system zlib." Though it doesn't export the "end" functions, so cleanup seems impossible. However, custom allocation works, so doesn't matter. I plugged it into an arena.

There's some efforts to guide test generation for property based testing to make the instruction pointer explore as large a space as possible.

This effort is more mature in the fuzzing community. See eg American Fuzzy Lop https://github.com/google/AFL

What you're describing, just generating random input to test a program, is sometimes called "blind fuzzing" but the state-of-the-art is far beyond that. Maybe try reading through the documentation of e.g. https://github.com/google/AFL to see what a fuzzer does and why just producing random input isn't even scratching the surface.

for general riscv I used to use this https://github.com/google/AFL I dont know if it supports x64 tho.

Ex ( AFL, WinAFL, HonggFuzz, LibFuzzer, Jazzer )

I wrote this little fuzz test target in order to fuzz it with afl (under ASan and UBSan):

afl, which is trivial to apply to this program:

I made my own version of a TCL interpreter (well, a very TCL like langauge) derived from "picol" available at https://github.com/howerj/pickle. There are many different re-implementations and derivatives of this interpreter but they all seem very "crashy", this one has been significantly hardened by using a fuzzer on it which ran for months called American Fuzzy Lop https://lcamtuf.coredump.cx/afl/ . It is also more suitable for embedded use whilst still not having arbitrary restrictions like many other implementations.

On Linux afl is a very powerful bug-finding tool, and it's a great companion when doing code review. Composes well with ASan and UBSan.

b-, https://lcamtuf.coredump.cx/afl/