Glossary

Honggfuzz

A security-oriented multi-process fuzzer from Google with hardware performance-counter coverage and a compact codebase.

Honggfuzz is an open-source fuzzer developed at Google, designed for robustness and correctness of coverage measurement. Unlike AFL++ and libFuzzer's software instrumentation, Honggfuzz can use hardware performance counters (Intel PT, BTS, or Linux perf) to collect branch coverage with no compile-time changes to the target. It also supports software instrumentation via SanitizerCoverage. Honggfuzz runs each fuzz iteration in a separate process by default, making it tolerant of targets that fork or use threads internally — a significant practical advantage for network daemons and complex stateful programs. It shares corpus with AFL++ and libFuzzer through a common directory format, making it a natural addition to a multi-engine fuzzing setup.

Coverage-Guided Fuzzing

A fuzzing strategy that uses runtime code coverage feedback to steer input mutation toward unexplored code paths.

AFL++

A community-maintained, highly optimised fork of American Fuzzy Lop that is the most widely deployed coverage-guided fuzzer.

libFuzzer

An in-process, coverage-guided fuzzing library built into LLVM that links directly into the target binary.

Centipede

Google's distributed coverage-guided fuzzer designed to scale across many machines with shared central corpus storage.

Corpus

The evolving collection of test inputs a fuzzer maintains, used as the base for generating new mutations.

Honggfuzz

Related