diff options
author | Nico Weber <nicolasweber@gmx.de> | 2015-03-03 01:11:30 (GMT) |
---|---|---|
committer | Nico Weber <nicolasweber@gmx.de> | 2015-03-19 17:41:28 (GMT) |
commit | 5560e2e26bd9ed6968ed6971610d68846ead7a86 (patch) | |
tree | cdce5bc31cf64b1f50ed9223b49ea78cfeaeedb1 | |
parent | 81aa36a8a95935cc1d579858de47496a9a2020fa (diff) | |
download | Ninja-5560e2e26bd9ed6968ed6971610d68846ead7a86.zip Ninja-5560e2e26bd9ed6968ed6971610d68846ead7a86.tar.gz Ninja-5560e2e26bd9ed6968ed6971610d68846ead7a86.tar.bz2 |
Add notes on using afl-fuzz to HACKING.
-rw-r--r-- | HACKING.md | 30 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/kw_build | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/kw_default | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/kw_include | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/kw_pool | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/kw_rule | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/kw_subninja | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/misc_a | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/misc_b | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/misc_colon | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/misc_cont | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/misc_dollar | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/misc_eq | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/misc_indent | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/misc_pipe | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/misc_pipepipe | 1 | ||||
-rw-r--r-- | misc/afl-fuzz-tokens/misc_space | 1 | ||||
-rw-r--r-- | misc/afl-fuzz/build.ninja | 5 |
18 files changed, 51 insertions, 0 deletions
@@ -177,3 +177,33 @@ root directory: gcov build/*.o Look at the generated `.gcov` files directly, or use your favorit gcov viewer. + +### Using afl-fuzz + +Build with afl-clang++: + + CXX=path/to/afl-1.20b/afl-clang++ ./configure.py + ninja + +Then run afl-fuzz like so: + + afl-fuzz -i misc/afl-fuzz -o /tmp/afl-fuzz-out ./ninja -n -f @@ + +You can pass `-x misc/afl-fuzz-tokens` to use the token dictionary. In my +testing, that did not seem more effective though. + +#### Using afl-fuzz with asan + +If you want to use asan (the `isysroot` bit is only needed on OS X; if clang +can't find C++ standard headers make sure your LLVM checkout includes a libc++ +checkout and has libc++ installed in the build directory): + + CFLAGS="-fsanitize=address -isysroot $(xcrun -show-sdk-path)" \ + LDFLAGS=-fsanitize=address CXX=path/to/afl-1.20b/afl-clang++ \ + ./configure.py + AFL_CXX=path/to/clang++ ninja + +Make sure ninja can find the asan runtime: + + DYLD_LIBRARY_PATH=path/to//lib/clang/3.7.0/lib/darwin/ \ + afl-fuzz -i misc/afl-fuzz -o /tmp/afl-fuzz-out ./ninja -n -f @@ diff --git a/misc/afl-fuzz-tokens/kw_build b/misc/afl-fuzz-tokens/kw_build new file mode 100644 index 0000000..c795b05 --- /dev/null +++ b/misc/afl-fuzz-tokens/kw_build @@ -0,0 +1 @@ +build
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/kw_default b/misc/afl-fuzz-tokens/kw_default new file mode 100644 index 0000000..331d858 --- /dev/null +++ b/misc/afl-fuzz-tokens/kw_default @@ -0,0 +1 @@ +default
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/kw_include b/misc/afl-fuzz-tokens/kw_include new file mode 100644 index 0000000..2996fba --- /dev/null +++ b/misc/afl-fuzz-tokens/kw_include @@ -0,0 +1 @@ +include
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/kw_pool b/misc/afl-fuzz-tokens/kw_pool new file mode 100644 index 0000000..e783591 --- /dev/null +++ b/misc/afl-fuzz-tokens/kw_pool @@ -0,0 +1 @@ +pool
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/kw_rule b/misc/afl-fuzz-tokens/kw_rule new file mode 100644 index 0000000..841e840 --- /dev/null +++ b/misc/afl-fuzz-tokens/kw_rule @@ -0,0 +1 @@ +rule
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/kw_subninja b/misc/afl-fuzz-tokens/kw_subninja new file mode 100644 index 0000000..c4fe0c7 --- /dev/null +++ b/misc/afl-fuzz-tokens/kw_subninja @@ -0,0 +1 @@ +subninja
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/misc_a b/misc/afl-fuzz-tokens/misc_a new file mode 100644 index 0000000..2e65efe --- /dev/null +++ b/misc/afl-fuzz-tokens/misc_a @@ -0,0 +1 @@ +a
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/misc_b b/misc/afl-fuzz-tokens/misc_b new file mode 100644 index 0000000..63d8dbd --- /dev/null +++ b/misc/afl-fuzz-tokens/misc_b @@ -0,0 +1 @@ +b
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/misc_colon b/misc/afl-fuzz-tokens/misc_colon new file mode 100644 index 0000000..22ded55 --- /dev/null +++ b/misc/afl-fuzz-tokens/misc_colon @@ -0,0 +1 @@ +:
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/misc_cont b/misc/afl-fuzz-tokens/misc_cont new file mode 100644 index 0000000..857f13a --- /dev/null +++ b/misc/afl-fuzz-tokens/misc_cont @@ -0,0 +1 @@ +$ diff --git a/misc/afl-fuzz-tokens/misc_dollar b/misc/afl-fuzz-tokens/misc_dollar new file mode 100644 index 0000000..6f4f765 --- /dev/null +++ b/misc/afl-fuzz-tokens/misc_dollar @@ -0,0 +1 @@ +$
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/misc_eq b/misc/afl-fuzz-tokens/misc_eq new file mode 100644 index 0000000..851c75c --- /dev/null +++ b/misc/afl-fuzz-tokens/misc_eq @@ -0,0 +1 @@ +=
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/misc_indent b/misc/afl-fuzz-tokens/misc_indent new file mode 100644 index 0000000..136d063 --- /dev/null +++ b/misc/afl-fuzz-tokens/misc_indent @@ -0,0 +1 @@ +
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/misc_pipe b/misc/afl-fuzz-tokens/misc_pipe new file mode 100644 index 0000000..a3871d4 --- /dev/null +++ b/misc/afl-fuzz-tokens/misc_pipe @@ -0,0 +1 @@ +|
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/misc_pipepipe b/misc/afl-fuzz-tokens/misc_pipepipe new file mode 100644 index 0000000..27cc728 --- /dev/null +++ b/misc/afl-fuzz-tokens/misc_pipepipe @@ -0,0 +1 @@ +||
\ No newline at end of file diff --git a/misc/afl-fuzz-tokens/misc_space b/misc/afl-fuzz-tokens/misc_space new file mode 100644 index 0000000..0519ecb --- /dev/null +++ b/misc/afl-fuzz-tokens/misc_space @@ -0,0 +1 @@ +
\ No newline at end of file diff --git a/misc/afl-fuzz/build.ninja b/misc/afl-fuzz/build.ninja new file mode 100644 index 0000000..52cd2f1 --- /dev/null +++ b/misc/afl-fuzz/build.ninja @@ -0,0 +1,5 @@ +rule b + command = clang -MMD -MF $out.d -o $out -c $in + description = building $out + +build a.o: b a.c |