History

Nick Terrell 4be7f0d45c [fuzz] Add libFuzzer targets

* The regression driver serves both as a regression test, and as a binary for afl-fuzz.
* Next, we want to check in a seed corpus for each target. Then we can run the regression
  test binary on them on Travis or Circle CI.

2017-06-30 17:39:56 -07:00

fuzz_helpers.h

[fuzz] Add libFuzzer targets

2017-06-30 17:39:56 -07:00

fuzz.h

[fuzz] Add libFuzzer targets

2017-06-30 17:39:56 -07:00

Makefile

[fuzz] Add libFuzzer targets

2017-06-30 17:39:56 -07:00

README.md

[fuzz] Add libFuzzer targets

2017-06-30 17:39:56 -07:00

regression_driver.c

[fuzz] Add libFuzzer targets

2017-06-30 17:39:56 -07:00

simple_decompress.c

[fuzz] Add libFuzzer targets

2017-06-30 17:39:56 -07:00

simple_round_trip.c

[fuzz] Add libFuzzer targets

2017-06-30 17:39:56 -07:00

stream_decompress.c

[fuzz] Add libFuzzer targets

2017-06-30 17:39:56 -07:00

stream_round_trip.c

[fuzz] Add libFuzzer targets

2017-06-30 17:39:56 -07:00

README.md

Fuzzing

Each fuzzing target can be built with multiple engines.

LibFuzzer

You can install libFuzzer with make libFuzzer. Then you can make each target with make target LDFLAGS=-L. CC=clang CXX=clang++.

AFL

The regression driver also serves as a binary for afl-fuzz. You can make each target with one of these commands:

make target-regression CC=afl-clang CXX=afl-clang++
AFL_MSAN=1 make target-regression-msan CC=afl-clang CXX=afl-clang++
AFL_ASAN=1 make target-regression-uasan CC=afl-clang CXX=afl-clang++

Then run as ./target @@.

Regression Testing

Each fuzz target has a corpus checked into the repo under fuzz/corpora/. You can run regression tests on the corpora to ensure that inputs which previously exposed bugs still pass. You can make these targets to run the regression tests with different sanitizers.

make regression-test
make regression-test-msan
make regression-test-uasan