diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2017-06-24 12:38:41 +0100 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2017-06-24 16:46:18 +0100 |
commit | 841231e5bd0d90e8a57d6fd997701a70ef520730 (patch) | |
tree | 0fc42786a1302b126187bc12b935f6f4accca10c /contrib/fuzz_testing/fuzz.sh | |
parent | Merge pull request #2087 (diff) | |
download | monero-841231e5bd0d90e8a57d6fd997701a70ef520730.tar.xz |
Add fuzz testing using american fuzzy lop
Existing tests: block, transaction, signature, cold outputs,
cold transaction.
Data for these is in tests/data/fuzz.
A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg:
contrib/fuzz_testing/fuzz.sh signature
The fuzzer will run indefinitely, ^C to stop.
Fuzzing is currently supported for GCC only. I can't get CLANG
to build Monero here as it dies on some system headers, so if
someone wants to make it work on both, that'd be great.
In particular, the __AFL_LOOP construct should be made to work
so that a given run can fuzz multiple inputs, as the C++ load
time is substantial.
Diffstat (limited to '')
-rwxr-xr-x | contrib/fuzz_testing/fuzz.sh | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/contrib/fuzz_testing/fuzz.sh b/contrib/fuzz_testing/fuzz.sh new file mode 100755 index 000000000..35b74f7e4 --- /dev/null +++ b/contrib/fuzz_testing/fuzz.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +AFLFUZZ=$(which afl-fuzz) +if ! test -x "$AFLFUZZ" +then + echo "afl-fuzz not found - install american-fuzzy-lop" + exit 1 +fi + +type="$1" +if test -z "$type" +then + echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction" + exit 1 +fi +case "$type" in + block|transaction|signature|cold-outputs|cold-transaction) ;; + *) echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction"; exit 1 ;; +esac + +afl-fuzz -i tests/data/fuzz/$type -m 150 -t 250 -o fuzz-out/$type build/fuzz/tests/fuzz/${type}_fuzz_tests |