qt5base-lts/tests/libfuzzer
Robert Löhning 8b691ce245 Fuzzing: Add CMake project files for fuzz targets
Change-Id: Ied44bfd2c83d5590066146187a7333b677ceb179
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
2021-05-31 16:44:06 +02:00
..
corelib Fuzzing: Add CMake project files for fuzz targets 2021-05-31 16:44:06 +02:00
gui Fuzzing: Add CMake project files for fuzz targets 2021-05-31 16:44:06 +02:00
network/ssl/qsslcertificate/qsslcertificate/pem Fuzzing: Add CMake project files for fuzz targets 2021-05-31 16:44:06 +02:00
README Fuzzing: Provide link to oss-fuzz 2020-12-11 13:45:25 +00:00

This directory contains tests to be run with clang's libFuzzer. It will generate data, pass this
data to the function

 LLVMFuzzerTestOneInput(const char *Data, size_t Size)

of the test and track the code execution. Should the test crash, libFuzzer will provide you with the
data which triggered the crash. You can then use this to debug and fix the called code.

! Please note: The purpose of fuzz testing is to find unexpected code paths. Running fuzz tests may!
! result in unforeseen behavior, including loss of data. Consider running the tests in an isolated !
! environment, e.g. on a virtual machine. You have been warned.                                    !

To run a test with libFuzzer:

1. Install clang 5.0 or later, e.g. from the repositories of the Linux distribution you are using.
   Depending on the version of clang and the source you are installing from, you might have to
   install libFuzzer for this version of clang explicitly.
2. Make sure clang and clang++ from this version of clang are found in PATH.
3. Configure Qt with
    -platform linux-clang -sanitize fuzzer-no-link
   or, if you are using clang 5
    -platform linux-clang -coverage trace-pc-guard
   to add the needed code coverage instrumentation. Since speed of execution is crucial for fuzz
   testing, it's recommendable to also use the switches
    -release -static
   It might also make sense to add sanitizers by passing
    -sanitize <...>
4. Build Qt.
5. Build one of the tests using this Qt build.
6. Execute the resulting executable.
   Depending on the expected input format of the tested function, you will get results faster if
   you:
    * provide a set of interesting input data by passing the path of a directory which contains
      these data, each in one file. You can find such data sets in the subdirectory
      "fuzzing/testcases" of the qtqa repository.
    * pass a so-called dictionary listing keywords of the input format using
       -dict=<dictionary file>
      A couple of such dictionaries are provided by AFL (http://lcamtuf.coredump.cx/afl/)
    * tell libFuzzer to generate only ASCII data using
       -only_ascii=1

For further info about libFuzzer, see https://llvm.org/docs/LibFuzzer.html

Some of these tests are continuously being run on oss-fuzz which is documented at
https://google.github.io/oss-fuzz/

You can find:
 - The build logs for Qt at
   https://oss-fuzz-build-logs.storage.googleapis.com/index.html#qt
 - The code coverage of the running fuzzers at
   https://storage.googleapis.com/oss-fuzz-coverage/qt/reports/20201104/linux/report.html
   Update the date in the URL to get more recent data.
 - The found issues which were already published at:
   https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj%3Dqt