Add fuzz testing using american fuzzy lop
Existing tests: block, transaction, signature, cold outputs,
cold transaction.
Data for these is in tests/data/fuzz.
A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg:
contrib/fuzz_testing/fuzz.sh signature
The fuzzer will run indefinitely, ^C to stop.
Fuzzing is currently supported for GCC only. I can't get CLANG
to build Monero here as it dies on some system headers, so if
someone wants to make it work on both, that'd be great.
In particular, the __AFL_LOOP construct should be made to work
so that a given run can fuzz multiple inputs, as the C++ load
time is substantial.
2017-06-24 11:38:41 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
AFLFUZZ=$(which afl-fuzz)
|
|
|
|
if ! test -x "$AFLFUZZ"
|
|
|
|
then
|
|
|
|
echo "afl-fuzz not found - install american-fuzzy-lop"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
type="$1"
|
|
|
|
if test -z "$type"
|
|
|
|
then
|
2017-12-10 15:52:24 +00:00
|
|
|
echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction|load-from-binary|load-from-json|base58"
|
Add fuzz testing using american fuzzy lop
Existing tests: block, transaction, signature, cold outputs,
cold transaction.
Data for these is in tests/data/fuzz.
A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg:
contrib/fuzz_testing/fuzz.sh signature
The fuzzer will run indefinitely, ^C to stop.
Fuzzing is currently supported for GCC only. I can't get CLANG
to build Monero here as it dies on some system headers, so if
someone wants to make it work on both, that'd be great.
In particular, the __AFL_LOOP construct should be made to work
so that a given run can fuzz multiple inputs, as the C++ load
time is substantial.
2017-06-24 11:38:41 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
case "$type" in
|
2017-12-10 15:52:24 +00:00
|
|
|
block|transaction|signature|cold-outputs|cold-transaction|load-from-binary|load-from-json|base58) ;;
|
|
|
|
*) echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction|load-from-binary|load-from-json|base58"; exit 1 ;;
|
Add fuzz testing using american fuzzy lop
Existing tests: block, transaction, signature, cold outputs,
cold transaction.
Data for these is in tests/data/fuzz.
A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg:
contrib/fuzz_testing/fuzz.sh signature
The fuzzer will run indefinitely, ^C to stop.
Fuzzing is currently supported for GCC only. I can't get CLANG
to build Monero here as it dies on some system headers, so if
someone wants to make it work on both, that'd be great.
In particular, the __AFL_LOOP construct should be made to work
so that a given run can fuzz multiple inputs, as the C++ load
time is substantial.
2017-06-24 11:38:41 +00:00
|
|
|
esac
|
|
|
|
|
2017-12-10 13:20:32 +00:00
|
|
|
if test -d "fuzz-out/$type"
|
|
|
|
then
|
|
|
|
dir="-"
|
|
|
|
else
|
|
|
|
dir="tests/data/fuzz/$type"
|
|
|
|
fi
|
|
|
|
|
2017-12-10 11:24:26 +00:00
|
|
|
mkdir -p fuzz-out
|
2017-12-10 13:20:32 +00:00
|
|
|
afl-fuzz -i "$dir" -m none -t 250 -o fuzz-out/$type build/fuzz/tests/fuzz/${type}_fuzz_tests @@
|