[dev] Fuzz testing tools

Remy Leone remy.leone at inria.fr
Thu May 11 03:50:25 EDT 2017 

Could we also take a look at google oss fuzz project :
https://github.com/google/oss-fuzz

I've created an issue where we can talk about it:
https://github.com/FRRouting/frr/issues/479

Best regards

Rémy

2017-05-11 0:08 GMT+02:00 Christian Franke <chris at opensourcerouting.org>:

> Hello everyone,
>
> as I mentioned during yesterdays call when we discussed fuzz testing, I
> have made very positive experience with using AFL. [1]
>
> In contrast to more basic fuzzers, afl uses instrumentation on the code
> that is added at compile time. The instrumentation is used to more
> efficiently generate fuzz input that causes the use of new branches in
> the code. An example to that effect is that when fuzzing libjpeg and
> using an 'a' point for fuzzing, afl will quickly come up with various
> broken and valid jpeg files, something most simple fuzzers wouldn't.
>
> Also, afl can generate a minimized corpus of input files from the
> fuzzing process that still has the maximum branch coverage achieved
> during fuzzing, which is useful to test for regressions without running
> the complete fuzzing process again.
>
> I wrote a small tool called wuschl which wraps around afl and collects
> the minimized corpus to use it for regression testing. [2]
>
> To make use of wuschl one needs to install afl and wuschl and write one
> test function that passes its input to the function to be fuzzed.
>
> Having that, one can run fuzzing and then collect the minimal corpus.
>
> After that, regression tests based on the corpus can be run without any
> need for wuschl or afl.
>
> Just wanted to point out the existance of AFL and also wuschl since I
> think that they might be useful to implement fuzzing for FRR and get the
> test coverage up.
>
> -Christian
>
> [1] http://lcamtuf.coredump.cx/afl/
> [2] https://github.com/cfra/wuschl
>
> _______________________________________________
> dev mailing list
> dev at lists.frrouting.org
> https://lists.frrouting.org/listinfo/dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/dev/attachments/20170511/59233023/attachment.html>

More information about the dev mailing list