RPCSX/llvm
1
0
Fork 0
mirror of https://github.com/RPCSX/llvm.git synced 2025-04-03 16:51:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[libFuzzer] refresh docs more

Browse Source 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263332 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
Kostya Serebryany 2016-03-12 03:23:02 +00:00
parent b3dcade510
commit 258d1e6be7
1 changed files with 7 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/LibFuzzer.rst
View File

@ -438,23 +438,11 @@ Buildbot
We have a buildbot that runs the above fuzzers for LLVM components We have a buildbot that runs the above fuzzers for LLVM components
24/7/365 at http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer . 24/7/365 at http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer .
Pre-fuzzed test inputs in git
-----------------------------
The buildbot occumulates large test corpuses over time.
The corpuses are stored in git on github and can be used like this::
git clone https://github.com/kcc/fuzzing-with-sanitizers.git
bin/clang-format-fuzzer fuzzing-with-sanitizers/llvm/clang-format/C1
bin/clang-fuzzer fuzzing-with-sanitizers/llvm/clang/C1/
bin/llvm-as-fuzzer fuzzing-with-sanitizers/llvm/llvm-as/C1 -only_ascii=1
FAQ FAQ
========================= =========================
Q. Why Fuzzer does not use any of the LLVM support? Q. Why libFuzzer does not use any of the LLVM support?
--------------------------------------------------- ------------------------------------------------------
There are two reasons. There are two reasons.
@ -473,15 +461,13 @@ reason for it to exist is extreme speed.
Q. What about Windows then? The Fuzzer contains code that does not build on Windows. Q. What about Windows then? The Fuzzer contains code that does not build on Windows.
------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------
The sanitizer coverage support does not work on Windows either as of 01/2015. Volunteers are welcome.
Once it's there, we'll need to re-implement OS-specific parts (I/O, signals).
Q. When this Fuzzer is not a good solution for a problem? Q. When this Fuzzer is not a good solution for a problem?
--------------------------------------------------------- ---------------------------------------------------------
* If the test inputs are validated by the target library and the validator * If the test inputs are validated by the target library and the validator
asserts/crashes on invalid inputs, the in-process fuzzer is not applicable asserts/crashes on invalid inputs, in-process fuzzing is not applicable.
(we could use fork() w/o exec, but it comes with extra overhead).
* Bugs in the target library may accumulate w/o being detected. E.g. a memory * Bugs in the target library may accumulate w/o being detected. E.g. a memory
corruption that goes undetected at first and then leads to a crash while corruption that goes undetected at first and then leads to a crash while
testing another input. This is why it is highly recommended to run this testing another input. This is why it is highly recommended to run this
@ -502,9 +488,10 @@ Q. So, what exactly this Fuzzer is good for?
-------------------------------------------- --------------------------------------------
This Fuzzer might be a good choice for testing libraries that have relatively This Fuzzer might be a good choice for testing libraries that have relatively
small inputs, each input takes < 1ms to run, and the library code is not expected small inputs, each input takes < 10ms to run, and the library code is not expected
to crash on invalid inputs. to crash on invalid inputs.
Examples: regular expression matchers, text or binary format parsers. Examples: regular expression matchers, text or binary format parsers, compression,
network, crypto.
Trophies Trophies
======== ========