aboutsummaryrefslogtreecommitdiff
path: root/contrib/fuzz_testing/fuzz.sh
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2017-06-24 12:38:41 +0100
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2017-06-24 16:46:18 +0100
commit841231e5bd0d90e8a57d6fd997701a70ef520730 (patch)
tree0fc42786a1302b126187bc12b935f6f4accca10c /contrib/fuzz_testing/fuzz.sh
parentMerge pull request #2087 (diff)
downloadmonero-841231e5bd0d90e8a57d6fd997701a70ef520730.tar.xz
Add fuzz testing using american fuzzy lop
Existing tests: block, transaction, signature, cold outputs, cold transaction. Data for these is in tests/data/fuzz. A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg: contrib/fuzz_testing/fuzz.sh signature The fuzzer will run indefinitely, ^C to stop. Fuzzing is currently supported for GCC only. I can't get CLANG to build Monero here as it dies on some system headers, so if someone wants to make it work on both, that'd be great. In particular, the __AFL_LOOP construct should be made to work so that a given run can fuzz multiple inputs, as the C++ load time is substantial.
Diffstat (limited to '')
-rwxr-xr-xcontrib/fuzz_testing/fuzz.sh21
1 files changed, 21 insertions, 0 deletions
diff --git a/contrib/fuzz_testing/fuzz.sh b/contrib/fuzz_testing/fuzz.sh
new file mode 100755
index 000000000..35b74f7e4
--- /dev/null
+++ b/contrib/fuzz_testing/fuzz.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+AFLFUZZ=$(which afl-fuzz)
+if ! test -x "$AFLFUZZ"
+then
+ echo "afl-fuzz not found - install american-fuzzy-lop"
+ exit 1
+fi
+
+type="$1"
+if test -z "$type"
+then
+ echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction"
+ exit 1
+fi
+case "$type" in
+ block|transaction|signature|cold-outputs|cold-transaction) ;;
+ *) echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction"; exit 1 ;;
+esac
+
+afl-fuzz -i tests/data/fuzz/$type -m 150 -t 250 -o fuzz-out/$type build/fuzz/tests/fuzz/${type}_fuzz_tests