BFuzz Reviews

Radamsa generates test cases for robustness testing, or fuzzer. It is used to test a program's ability to withstand malformed or malicious inputs. It works by reading valid data files and generating different outputs. Radamsa's main selling points are that it has found a lot of bugs in important programs, is scriptable and easy to set up. Fuzzing is a technique to find unexpected behavior within programs. The idea is to simply subject the program to different inputs and observe what happens. This process has two parts: how to get the inputs, and what to do with them. Radamsa can be used to solve the first part. The second part is usually a shell script. The testers usually have an idea of what they don't want to happen and try to verify it.

Atheris is an engine for Python fuzzing that uses coverage-guided fuzzing. It supports fuzzing Python code as well as native extensions written in CPython. Atheris is based off libFuzzer. Atheris is a tool that can be used for fuzzing native code to find additional bugs. Atheris supports Linux 32- and 64-bit and Mac OS X with Python versions 3.6-3.10. It comes with an integrated libFuzzer that is suitable for fuzzing Python code. If you want to fuzz native extensions you may have to build Atheris from source in order to match the libFuzzer versions. Atheris relies upon libFuzzer which is distributed along with Clang. Apple Clang does not come with libFuzzer. You'll have to install a different version of LLVM. Atheris is based upon a coverage-guided, mutation-based fuzzer called LibFuzzer. This has the benefit of not requiring a grammar definition to generate inputs. It makes its setup easier. The disadvantage is that the fuzzer will have a harder time generating inputs for complex data types.