From eaa5b1530452f24470a35bdd13539f675a0c383c Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 11 Mar 2021 10:15:53 +0100 Subject: [PATCH] readmes --- README.md | 2 +- TODO.md | 2 +- fuzzers/libfuzzer_libpng_cmpalloc/README.md | 9 ++++++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0ff353378b..290967aae0 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ We're still working on the documentation. In the meantime, you can watch the Vid + ~~Minset corpus scheduler~~ still doc missing + Win32 shared mem and crash handler to have Windows in-process executor -+ Other feedbacks examples (e.g. maximize allocations to spot OOMs) ++ ~~Other feedbacks examples (e.g. maximize allocations to spot OOMs)~~ + Other objectives examples (e.g. execution of a given program point) + ~~A macro crate with derive directives (e.g. for SerdeAny impl)~~ just `derive(SerdeAny)`, missing doc. + Good documentation diff --git a/TODO.md b/TODO.md index c5a59e1a49..92c16f6403 100644 --- a/TODO.md +++ b/TODO.md @@ -2,7 +2,7 @@ - [x] ~~Minset corpus scheduler~~ still doc missing - [ ] Win32 shared mem and crash handler to have Windows in-process executor -- [ ] Other feedbacks examples (e.g. maximize allocations to spot OOMs) +- [x] Other feedbacks examples (e.g. maximize allocations to spot OOMs) - [ ] Other objectives examples (e.g. execution of a given program point) - [ ] Objective-Specific Corpuses (named per objective) - [x] A macro crate with derive directives (e.g. for SerdeAny impl). diff --git a/fuzzers/libfuzzer_libpng_cmpalloc/README.md b/fuzzers/libfuzzer_libpng_cmpalloc/README.md index f56138c2b5..bfd858fbcb 100644 --- a/fuzzers/libfuzzer_libpng_cmpalloc/README.md +++ b/fuzzers/libfuzzer_libpng_cmpalloc/README.md @@ -1,15 +1,18 @@ -# Libfuzzer for libpng +# Libfuzzer for libpng (cmp+alloc) This folder contains an example fuzzer for libpng, using LLMP for fast multi-process fuzzing and crash detection. To show off crash detection, we added a ud2 instruction to the harness, edit harness.cc if you want a non-crashing example. It has been tested on Linux. +The difference between the normal Libfuzzer for libpng example here is that this fuzzer is not just using edge coverage as feedback but also comparisons values (-value-profile like) and allocations sizes. +This is an example how multiple feedbacks can be combined in a fuzzer. + ## Build -To build this example, run `cargo build --example libfuzzer_libpng --release`. +To build this example, run `cargo build --example libfuzzer_libpng_cmpalloc --release`. This will call (the build.rs)[./builld.rs], which in turn downloads a libpng archive from the web. Then, it will link (the fuzzer)[./src/fuzzer.rs] against (the C++ harness)[./harness.cc] and the instrumented `libpng`. -Afterwards, the fuzzer will be ready to run, from `../../target/examples/libfuzzer_libpng`. +Afterwards, the fuzzer will be ready to run, from `../../target/examples/libfuzzer_libpng_cmpalloc`. ## Run