Tools

Grammar Testing

• yagg
• gramfuzz
• dharma
• gromit
• quickfuzz
• go-gramgen
• langfuzz
• SynTesk
• Pinery?
• Hypothesis
• blab

Also:

• Collection of Lark grammars - suitable for Hypothesis
• The BNF Converter Build Status
• BNF wrangling and railroad diagrams

Static Analysis

• CBMC - bounded model-checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses
• clang-tidy - clang static analyser
• CMetrics - Measures size and complexity for C files
• CodeSonar from GrammaTech ©️ - Advanced, whole program, deep path, static analysis of C and C++ with easy-to-understand explanations and code and path visualization.
• Corrode - Semi-automatic translation from C to Rust. Could reveal bugs in the original implementation by showing Rust compiler warnings and errors.
• cppcheck - static analysis of C/C++ code
• CppDepend ©️ - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.
• cpplint - automated C++ checker that follows Google's style guide
• cqmetrics - quality metrics for C code
• CScout - complexity and quality metrics for for C and C preprocessor code
• flawfinder - finds possible security weaknesses
• flint++ - cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.
• Frama-C - a sound and extensible static analyzer for C code
• IKOS - a sound static analyzer for C/C++ code based on LLVM
• oclint - static analysis of C/C++ code
• Polyspace Bug Finder ©️ - identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software.
• Polyspace Code Prover ©️ - provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code.
• scan-build - Analyzes C/C++ code using LLVM at compile-time
• splint - Annotation-assisted static program checker
• vera++ - Vera++ is a programmable tool for verification, analysis and transformation of C++ source code.

Dynamic Analysis

• https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool
• http://dynamorio.org/
• https://dyninst.org/
• https://www.frida.re/
• DynInst https://dyninst.github.io/scalable_tools_workshop/petascale2018/assets/slides/dyninst_updates.pdf
• LD_PRELOAD
  • more https://github.com/gaul/awesome-ld-preload
  • https://github.com/yugr/valgrind-preload
  • https://github.com/yugr/sortcheck
  • https://github.com/yugr/libdebugme
  • https://github.com/yugr/sigcheck
  • https://github.com/zardus/preeny

Если сделать обёртку для вызовов malloc() и free(), то можно собирать статистику о потреблении памяти и выявлять утечки памяти. Можете написать свою обёртку, а можете взять libtcmalloc.

Благодаря LD_PRELOAD работает множество бибилиотек для fault injection: libfaketime - изменение скорости течения времени, libeatmydata - выключить вызов fsync() для нашей программы, fakeroot - запуск программы в Linux с привилегиями суперпользователя для выполнения любых файловых операций, libshape - ограничение пропускной способности при работе с сетью и другие.

И что немаловажно - такой подход не требует изменения исходного кода программы, то есть у вас не возникнет ситуации, когда для тестирования собирают одну версию исходного кода, а для релиза другую.

Mutation Testing

• Mull
• Frama-C plugin
• mutate_cpp
• MuCPP
• Assessment of Class Mutation Operators for C++ with the MuCPP Mutation System
• accmut
• Faster mutation analysis via equivalence modulo states
• MUSIC
• MUSIC: Mutation Analysis Tool with High Configurability and Extensibility
• yuejia/Milu [abandoned]
• MILU: A Customizable, Runtime-Optimized Higher Order Mutation Testing Tool for the Full C Language
• dextool
• markus-kusano/CCMutator [abandoned]
• CCmutator: A Mutation Generator for Concurrency Constructs in Multithreaded C/C++ Applications
• SRCIROR - A mutation tool for source and IR
• https://en.wikipedia.org/wiki/Mutation_testing#External_links

Property-Based Testing

• C: qcc
• C: qc
• C: theft
• Python hypothesis
• F# FsCheck
• Rust fuzzcheck-rs
• https://hypothesis.works/articles/quickcheck-in-every-language/
• Java pholser/junit-quickcheck
• https://en.wikipedia.org/wiki/QuickCheck
• https://gist.github.com/npryce/4147916

Symbolic Execution

• C/C++ KLEE https://klee.github.io/
• See https://en.wikipedia.org/wiki/Symbolic_execution

Fuzzing

• pythonfuzz
• csmith
• afl
• zzuf
• radamsa
• fsfuzzer
• https://git.2f30.org/fsfuzz/files.html
• syzcaller: Fuzzing the OpenBSD Kernel (bugs found by syzcaller)
• A Genetic File, Syscall and Network Fuzzer
• https://github.com/mwrlabs/KernelFuzzer
• GLFuzz
  • http://glslsandbox.com/
  • http://webglreport.com/
• see https://oss-security.openwall.org/wiki/tools
• ftp://ftp.cs.wisc.edu/paradyn/fuzz/fuzz-nt-src.zip
• https://github.com/renatahodovan/fuzzinator
• Fuzzing Management

Model-based Testing

• Python: Hypothesis
• Python: PyModel
• Python: graphwalker
• C#: NModel
• C# Spec_Explorer
• Java: GraphWalker
• Java: Modbat
• C/C++: fMBT
• C/C++: CTESK
• TorXakis - a tool for Model Based Testing
• korolvs/rpetri - Petri nets with Ruby
• Tools: open-source-tools-for-model-based-testing
• Tools: http://notes.virtuousprogrammer.com/Model%20Based%20Testing%20(MBT).html

Code-based tests generation

• http://mit.bme.hu/~micskeiz/pages/code_based_test_generation.html

Search-Based Testing

• C/C++ Austin
• C/C++ CAVM https://bitbucket.org/teamcoinse/cavm/src/master/

Concolic Testing

• C/C++ CREST https://www.burn.im/crest/