Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main selling points of radamsa are that it has already found a slew of bugs in programs that actually matter, it is easily scriptable and easy to get up and running.
A robustness testing tool is obviously only good only if it really can find non-trivial issues in real-world programs. Being a University-based group, we have tried to formulate some more scientific approaches to define what a ‘good fuzzer’ is, but real users are more likely to be interested in whether a tool has found something useful. We do not have anyone at OUSPG running tests or even developing Radamsa full-time, but we obviously do make occasional test-runs, both to assess the usefulness of the tool, and to help improve robustness of the target programs. For the test-runs we try to select programs that are mature, useful to us, widely used, preferably open source and/or tend to process data from outside sources.
Latest Change 18/5/2016:
+ rad/main.scm ; seek does not break unbounded output, likely
+ test; added –seek
Supported operating systems:
+ Mac OS X
+ Windows (using Cygwin)
Software requirements for building from sources:
+ gcc / clang
git clone https://github.com/aoh/radamsa.git && cd radamsa && make && sudo make install