[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] tools/fuzz: add README.afl

commit 9e739d7cfed50304c94a30d2525a1f89c789a2e5
Author:     Wei Liu <wei.liu2@xxxxxxxxxx>
AuthorDate: Fri Jan 20 11:21:40 2017 +0000
Commit:     Wei Liu <wei.liu2@xxxxxxxxxx>
CommitDate: Wed Jan 25 10:04:31 2017 +0000

    tools/fuzz: add README.afl
    
    And rename README to README.oss-fuzz.
    
    Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
    Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
---
 tools/fuzz/README          | 39 ---------------------------------------
 tools/fuzz/README.afl      | 31 +++++++++++++++++++++++++++++++
 tools/fuzz/README.oss-fuzz | 39 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+), 39 deletions(-)

diff --git a/tools/fuzz/README b/tools/fuzz/README
deleted file mode 100644
index cf47bf6..0000000
--- a/tools/fuzz/README
+++ /dev/null
@@ -1,39 +0,0 @@
-# OVERVIEW
-
-This directory provides fuzzing targets to be run inside Google
-oss-fuzz infrastructure.
-
-See also https://github.com/google/oss-fuzz.
-
-# HOW IT WORKS
-
-We need to provide the source code and the rune to produce objects or
-archives (artefacts) from source code. These items ideally should live
-inside xen.git so that they can be kept up to date.
-
-The artefacts contain all the code we wish to fuzz and a function
-called LLVMFuzzerTestOneInput. LLVMFuzzerTestOneInput is the entry
-point to the code we wish to fuzz. Note that we don't produce
-executable programs because we don't have libFuzzEngine
-locally. libFuzzEngine is maintained by oss-fuzz.
-
-We also provide build script to oss-fuzz. The build script will
-inherit the correct compiler settings and be run in a pre-setup
-environment, which has libFuzzEngine installed. The build script is
-responsible for calling the correct Xen build rune to produce the
-artefacts, then link them against libFuzzEngine to produce
-executables, which will run in oss-fuzz infrastructure.
-
-Please refer to official oss-fuzz documents for the most up-to-date
-descriptions for all moving parts.
-
-# HOW TO IMPROVE THE FUZZING TARGETS
-
-Feel free to modify each fuzzing targets at will. Make sure they build
-by invoking make as you would build tools.
-
-To actually test the new code, you would need to run the target in
-standalone mode, please refer to oss-fuzz documents on how to do that.
-
-It is highly recommended that you run the new target for a while to
-weed out error in plumbing code to avoid false positives.
diff --git a/tools/fuzz/README.afl b/tools/fuzz/README.afl
new file mode 100644
index 0000000..431b4a8
--- /dev/null
+++ b/tools/fuzz/README.afl
@@ -0,0 +1,31 @@
+# OVERVIEW
+
+Some fuzzing targets have American Fuzzy Lop (AFL) support.
+
+See also http://lcamtuf.coredump.cx/afl/
+
+# HOW IT WORKS
+
+AFL provides a customised toolchain to build an executable, which in
+turn is launched by the fuzzer.
+
+# HOW TO USE IT
+
+Use the x86 instruction emulator fuzzer as an example.
+
+1. download and compile AFL in $AFLPATH.
+
+2. run the following commands to build:
+   $ cd tools/fuzz/x86_instruction_emulator
+   $ make distclean
+   $ make CC=$AFLPATH/afl-gcc afl # produces afl-x86-insn-emulator-fuzzer
+
+3. provide initial test case:
+   $ mkdir testcase_dir
+   $ echo -n -e '\xc3' > testcase_dir/ret.bin
+
+4. run the fuzzer with AFL:
+   $ $AFLPATH/afl-fuzz -m none -t 1000 -i testcase_dir -o findings_dir -- \
+     ./afl-x86-insn-emulator-fuzzer @@
+
+Please see AFL documentation for more information.
diff --git a/tools/fuzz/README.oss-fuzz b/tools/fuzz/README.oss-fuzz
new file mode 100644
index 0000000..cf47bf6
--- /dev/null
+++ b/tools/fuzz/README.oss-fuzz
@@ -0,0 +1,39 @@
+# OVERVIEW
+
+This directory provides fuzzing targets to be run inside Google
+oss-fuzz infrastructure.
+
+See also https://github.com/google/oss-fuzz.
+
+# HOW IT WORKS
+
+We need to provide the source code and the rune to produce objects or
+archives (artefacts) from source code. These items ideally should live
+inside xen.git so that they can be kept up to date.
+
+The artefacts contain all the code we wish to fuzz and a function
+called LLVMFuzzerTestOneInput. LLVMFuzzerTestOneInput is the entry
+point to the code we wish to fuzz. Note that we don't produce
+executable programs because we don't have libFuzzEngine
+locally. libFuzzEngine is maintained by oss-fuzz.
+
+We also provide build script to oss-fuzz. The build script will
+inherit the correct compiler settings and be run in a pre-setup
+environment, which has libFuzzEngine installed. The build script is
+responsible for calling the correct Xen build rune to produce the
+artefacts, then link them against libFuzzEngine to produce
+executables, which will run in oss-fuzz infrastructure.
+
+Please refer to official oss-fuzz documents for the most up-to-date
+descriptions for all moving parts.
+
+# HOW TO IMPROVE THE FUZZING TARGETS
+
+Feel free to modify each fuzzing targets at will. Make sure they build
+by invoking make as you would build tools.
+
+To actually test the new code, you would need to run the target in
+standalone mode, please refer to oss-fuzz documents on how to do that.
+
+It is highly recommended that you run the new target for a while to
+weed out error in plumbing code to avoid false positives.
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.