diff options
author | Kostya Serebryany <kcc@google.com> | 2016-05-25 18:41:53 +0000 |
---|---|---|
committer | Kostya Serebryany <kcc@google.com> | 2016-05-25 18:41:53 +0000 |
commit | 7dd7cd10c8d15741fe192d37fc022c43d538d652 (patch) | |
tree | 470540644e821be3206ddc535ce435ac68b46625 /docs/LibFuzzer.rst | |
parent | 6dc628ff615c93d5293d931fc2ed347ee212617f (diff) |
[libFuzzer] document the proposed FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270744 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'docs/LibFuzzer.rst')
-rw-r--r-- | docs/LibFuzzer.rst | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst index 79e8d2947aa4..2bffb5aae4d2 100644 --- a/docs/LibFuzzer.rst +++ b/docs/LibFuzzer.rst @@ -600,6 +600,35 @@ It will later use those recorded inputs during mutations. This mode can be combined with DataFlowSanitizer_ to achieve better sensitivity. +Fuzzer-friendly build mode +--------------------------- +Sometimes the code under test is not fuzzing-friendly. Examples: + + - The target code uses a PRNG seeded e.g. by system time and + thus two consequent invocations may potentially execute different code paths + even if the end result will be the same. This will cause a fuzzer to treat + two similar inputs as significantly different and it will blow up the test corpus. + E.g. libxml uses ``rand()`` inside its hash table. + - The target code uses checksums to protect from invalid inputs. + E.g. png checks CRC for every chunk. + +In many cases it makes sense to build a special fuzzing-friendly build +with certain fuzzing-unfriendly features disabled. We propose to use a common build macro +for all such cases for consistency: ``FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION``. + +.. code-block:: c++ + + void MyInitPRNG() { + #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + // In fuzzing mode the behavior of the code should be deterministic. + srand(0); + #else + srand(time(0)); + #endif + } + + + AFL compatibility ----------------- LibFuzzer can be used together with AFL_ on the same test corpus. |