Undefined behavior in C and C++| russellw.github.io
Домашняя страница| bronevichok.ru
Instrumentation Options (Using the GNU Compiler Collection (GCC))| gcc.gnu.org
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.| OpenSSF Best Practices Working Group
Your attention is invited to the first part of an e-book on undefined behavior. This is not a textbook, as it′s intended for those who are already familiar with C++ programming. It′s a kind of C...| PVS-Studio
Sanitizer special case list¶| clang.llvm.org
According to Annex I Part II of the EU CRA, manufacturers must actively search for vulnerabilities in their embedded devices, fix them and publicly disclose them to their users and the cybersecurit…| Burkhard Stubert
0.14.0 Release Notes| ziglang.org
When I started working on Rust in 2011, my daughter was about three months old. She’s now in sixth grade, and she’s started growing rapidly. Sometimes we wake up to find that her clothes don’t quite fit anymore: the sleeves might be a little too short, or the legs come up to her ankles. Rust is experiencing something similar. We’ve been growing tremendously fast over the last few years, and any time you experience growth like that, there are bound to be a few rough patches. Things tha...| smallcultfollowing.com
Getting Started¶| www.llvm.org
Following up on my first blog post, I’ve received a few requests to write about setting up a debugging environment; however, since everybody uses different emulators and so on, I’ll mainly focus on which config options are useful!| pwning.systems
An overview of the C++ tooling ecosystem: compilers, build systems, debuggers, sanitizers, analyzers, profilers, package managers and online tools.| hacking C++
man7.org > Linux > man-pages| man7.org
A few days ago I published a short post about two bugs I wrote while developing the C++ external scanner for my TLA⁺ tree-sitter grammar. Reactions were mixed! Many people were supportive, but there were of course the usual drive-by claims by developers that the bugs were trivial, they would’ve found & fixed them inside of 20 minutes, and I was laughably incompetent for having written them in the first place.| Andrew Helwer
AddressSanitizer (ASan) is an instrumentation tool created by Google security researchers to identify memory access problems in C and C++ programs.| sergioprado.blog
Returning, now with intention, to write up some thoughts about how to effectively debug a renderer.| pharr.org
Instrumentation Options (Using the GNU Compiler Collection (GCC))| gcc.gnu.org
Getting Started¶| llvm.org
This article will show some initial research into booting a KSAN kernel, testing the KASAN functionality and some initial groundwork on KSANCOV. This functionality is super useful when performing kernel crash triage or fuzzing against macOS.| Blog
Fuzzing is a software testing method that involves passing malformed data as input to the program and monitoring it for misbehavior. Today, fuzzing is one of the most effective ways to find software security problems. In 2014, Michał Zalewski presented American Fuzzy Lop, the first coverage guided fuzzer. This started the modern world of fuzzing solutions and techniques on the market.| www.moritz.systems
