LBRYCommunity/lbrycrd
1
0
Fork 0
Code Issues 29 Pull requests 1 Projects Releases 32 Packages Wiki Activity

build: Allow to configure --with-sanitizers=fuzzer

Browse source
This commit is contained in:
MarcoFalke 2018-12-27 15:19:39 +01:00
parent fe5a70b9fe
commit fad058a79f
No known key found for this signature in database
GPG key ID: CE2B75697E69A548
2 changed files with 33 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
configure.ac
View file

@ -295,7 +295,14 @@ if test x$use_sanitizers != x; then
AX_CHECK_LINK_FLAG( AX_CHECK_LINK_FLAG(
[[-fsanitize=$use_sanitizers]], [[-fsanitize=$use_sanitizers]],
[[SANITIZER_LDFLAGS=-fsanitize=$use_sanitizers]], [[SANITIZER_LDFLAGS=-fsanitize=$use_sanitizers]],
[AC_MSG_ERROR([linker did not accept requested flags, you are missing required libraries])]) [AC_MSG_ERROR([linker did not accept requested flags, you are missing required libraries])],
[],
[AC_LANG_PROGRAM([[
#include <cstdint>
#include <cstddef>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { return 0; }
__attribute__((weak)) // allow for libFuzzer linking
]],[[]])])
fi fi
ERROR_CXXFLAGS= ERROR_CXXFLAGS=

34
doc/fuzzing.md
View file

@ -3,10 +3,11 @@ Fuzz-testing Bitcoin Core
A special test harness `test_bitcoin_fuzzy` is provided to provide an easy A special test harness `test_bitcoin_fuzzy` is provided to provide an easy
entry point for fuzzers and the like. In this document we'll describe how to entry point for fuzzers and the like. In this document we'll describe how to
use it with AFL. use it with AFL and libFuzzer.
Building AFL ## AFL
-------------
### Building AFL
It is recommended to always use the latest version of afl: It is recommended to always use the latest version of afl:
``` ```
@ -17,8 +18,7 @@ make
export AFLPATH=$PWD export AFLPATH=$PWD
``` ```
Instrumentation ### Instrumentation
----------------
To build Bitcoin Core using AFL instrumentation (this assumes that the To build Bitcoin Core using AFL instrumentation (this assumes that the
`AFLPATH` was set as above): `AFLPATH` was set as above):
@ -39,8 +39,7 @@ compiling using `afl-clang-fast`/`afl-clang-fast++` the resulting
features "persistent mode" and "deferred forkserver" can be used. See features "persistent mode" and "deferred forkserver" can be used. See
https://github.com/mcarpenter/afl/tree/master/llvm_mode for details. https://github.com/mcarpenter/afl/tree/master/llvm_mode for details.
Preparing fuzzing ### Preparing fuzzing
------------------
AFL needs an input directory with examples, and an output directory where it AFL needs an input directory with examples, and an output directory where it
will place examples that it found. These can be anywhere in the file system, will place examples that it found. These can be anywhere in the file system,
@ -60,8 +59,7 @@ Example inputs are available from:
Extract these (or other starting inputs) into the `inputs` directory before starting fuzzing. Extract these (or other starting inputs) into the `inputs` directory before starting fuzzing.
Fuzzing ### Fuzzing
--------
To start the actual fuzzing use: To start the actual fuzzing use:
``` ```
@ -70,3 +68,21 @@ $AFLPATH/afl-fuzz -i ${AFLIN} -o ${AFLOUT} -m52 -- test/test_bitcoin_fuzzy
You may have to change a few kernel parameters to test optimally - `afl-fuzz` You may have to change a few kernel parameters to test optimally - `afl-fuzz`
will print an error and suggestion if so. will print an error and suggestion if so.
## libFuzzer
A recent version of `clang`, the address sanitizer and libFuzzer is needed (all
found in the `compiler-rt` runtime libraries package).
To build the `test/test_bitcoin_fuzzy` executable run
```
./configure --disable-ccache --with-sanitizers=fuzzer,address CC=clang CXX=clang++
make
```
The fuzzer needs some inputs to work on, but the inputs or seeds can be used
interchangably between libFuzzer and AFL.
See https://llvm.org/docs/LibFuzzer.html#running on how to run the libFuzzer
instrumented executable.