AFL is probably the most advanced AI in software testing today, and has found hundreds of high-profile, exploitable bugs in widely-used, high-quality software. Also, it has successfully reverse-engineered instances of the JPEG format and SQL syntax by testing libjpeg and SQLite.
I didn’t know about SAGE. It sounds like SAGE and AFL are very similar in many ways, and it’s tricky to call, but I think AFL is still probably more capable. Both use statistical AI techniques to guide white-box fuzzing, but where SAGE uses an SMT constraint solver to do abstract execution in order to efficiently explore execution paths, AFL uses compile-time instrumentation or QEMU emulation and fork(); where SAGE uses “a novel directed-search algorithm, dubbed generational search”, AFL uses genetic algorithms. It seems like AFL’s techniques work a little bit better in practice so far, but I could be wrong.
It’s maybe a bit of a moot point, though, since SAGE is proprietary.
I guess I don’t know the context of this link. AFAICT, it’s just a link to a random project’s quickstart guide?
It’s the American fuzzy lop’s quick start guide. AFL and related stuff are frequently linked here and on hackernews.
AFL is probably the most advanced AI in software testing today, and has found hundreds of high-profile, exploitable bugs in widely-used, high-quality software. Also, it has successfully reverse-engineered instances of the JPEG format and SQL syntax by testing libjpeg and SQLite.
AFL is good, but I doubt it is the most advanced. For example, SAGE exists.
I didn’t know about SAGE. It sounds like SAGE and AFL are very similar in many ways, and it’s tricky to call, but I think AFL is still probably more capable. Both use statistical AI techniques to guide white-box fuzzing, but where SAGE uses an SMT constraint solver to do abstract execution in order to efficiently explore execution paths, AFL uses compile-time instrumentation or QEMU emulation and fork(); where SAGE uses “a novel directed-search algorithm, dubbed generational search”, AFL uses genetic algorithms. It seems like AFL’s techniques work a little bit better in practice so far, but I could be wrong.
It’s maybe a bit of a moot point, though, since SAGE is proprietary.