Fuzzing
LWN has a great article about the history of syscalls fuzzing, a practise that apparently dates back to the mid-1990s.
In 2007, Tavis Ormandy and Michał Zalewski started to publicly play around with coverage based fuzzers. They weren’t the only ones, for example Jared Demott gave a talk on this topic at DEFCON 14. This resulted in the publication of AFL in 2013, yielding a phenomenal amount of bugs.
Microsoft is apparently massively fuzzing its Windows operating system since at least Vista, released in 2006.
In March 2016, Linux gained support for KCOV, thanks to Dmitry Vyukov, based on a patch from Quentin Casasnovas. KCOV was apparently already used internally at Google for a couple of months, according to the commit message.
In August 2018, OpenBSD gained support for KCOV as well, thanks to Anton Lindqvist.
In 2019, Microsoft ported ASAN to Windows.
OpenBSD is being fuzzed by syzkaller, since 2018, resulting in a couple of crashes.
The coverage is low-ish for now, but the good news is that the number of syscalls and ioctl are steadily increasing!
Jesse Hertz and Tim Newsham from ncc group ported TriforceAFL on OpenBSD, but unfortunately, the project isn’t maintained anymore.
Sanitizers
Fuzzing is great, but without sanitizers, a lot of bugs are going unnoticed. Unfortunately, OpenBSD only supports KUBSAN:
. | OpenBSD | Linux | NetBSD | FreeBSD | Windows |
---|---|---|---|---|---|
KASAN | No | 2015 | 2018 | 2023 | public since 2023 |
KUBSAN | 2019, based on NetBSD | 2014 | 2018 | 2018 | No |
KMSAN | No | 2017 | 2019 | 2023 | No |
KTSAN/KCSAN | No | 2015 | 2019 | No | No |
KLEAK | No | 2009 | 2018 | 2019 | No |
KFENCE | No | 2012 | No | No | No |