SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

readmes

Browse Source
This commit is contained in:
Andrea Fioraldi 2021-03-11 10:15:53 +01:00
parent 93d484bb58
commit eaa5b15304
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -23,7 +23,7 @@ We're still working on the documentation. In the meantime, you can watch the Vid
+ ~~Minset corpus scheduler~~ still doc missing
+ Win32 shared mem and crash handler to have Windows in-process executor
+ Other feedbacks examples (e.g. maximize allocations to spot OOMs)
+ ~~Other feedbacks examples (e.g. maximize allocations to spot OOMs)~~
+ Other objectives examples (e.g. execution of a given program point)
+ ~~A macro crate with derive directives (e.g. for SerdeAny impl)~~ just `derive(SerdeAny)`, missing doc.
+ Good documentation

2
TODO.md
View File

@ -2,7 +2,7 @@
- [x] ~~Minset corpus scheduler~~ still doc missing
- [ ] Win32 shared mem and crash handler to have Windows in-process executor
- [ ] Other feedbacks examples (e.g. maximize allocations to spot OOMs)
- [x] Other feedbacks examples (e.g. maximize allocations to spot OOMs)
- [ ] Other objectives examples (e.g. execution of a given program point)
- [ ] Objective-Specific Corpuses (named per objective)
- [x] A macro crate with derive directives (e.g. for SerdeAny impl).

9
fuzzers/libfuzzer_libpng_cmpalloc/README.md
View File

@ -1,15 +1,18 @@
# Libfuzzer for libpng
# Libfuzzer for libpng (cmp+alloc)
This folder contains an example fuzzer for libpng, using LLMP for fast multi-process fuzzing and crash detection.
To show off crash detection, we added a ud2 instruction to the harness, edit harness.cc if you want a non-crashing example.
It has been tested on Linux.
The difference between the normal Libfuzzer for libpng example here is that this fuzzer is not just using edge coverage as feedback but also comparisons values (-value-profile like) and allocations sizes.
This is an example how multiple feedbacks can be combined in a fuzzer.
## Build
To build this example, run `cargo build --example libfuzzer_libpng --release`.
To build this example, run `cargo build --example libfuzzer_libpng_cmpalloc --release`.
This will call (the build.rs)[./builld.rs], which in turn downloads a libpng archive from the web.
Then, it will link (the fuzzer)[./src/fuzzer.rs] against (the C++ harness)[./harness.cc] and the instrumented `libpng`.
Afterwards, the fuzzer will be ready to run, from `../../target/examples/libfuzzer_libpng`.
Afterwards, the fuzzer will be ready to run, from `../../target/examples/libfuzzer_libpng_cmpalloc`.
## Run