zstd/tests/fuzz
Eiichi Tsukata 7492e7f1c7 tests/fuzz: change ZSTD_BLOCKSIZE_ABSOLUTEMAX into ZSTD_BLOCKSIZE_MAX
ZSTD_BLOCKSIZE_ABSOLUTEMAX is changed at the commit:
fa3671eac7
2017-09-01 16:37:39 +09:00
..
fuzz_helpers.h fixed a bunch of headers after license change (#825) 2017-08-31 11:24:54 -07:00
fuzz.h fixed more file headers after license change (#825) 2017-08-31 12:11:57 -07:00
Makefile tests/fuzz: fix make all target names 2017-09-01 16:32:40 +09:00
README.md [fuzz] Move from fuzz/ to tests/fuzz/ 2017-07-03 12:40:12 -07:00
regression_driver.c fixed more file headers after license change (#825) 2017-08-31 12:11:57 -07:00
simple_decompress.c fixed a bunch of headers after license change (#825) 2017-08-31 11:24:54 -07:00
simple_round_trip.c fixed more file headers after license change (#825) 2017-08-31 12:11:57 -07:00
stream_decompress.c tests/fuzz: change ZSTD_BLOCKSIZE_ABSOLUTEMAX into ZSTD_BLOCKSIZE_MAX 2017-09-01 16:37:39 +09:00
stream_round_trip.c fixed more file headers after license change (#825) 2017-08-31 12:11:57 -07:00

Fuzzing

Each fuzzing target can be built with multiple engines.

LibFuzzer

You can install libFuzzer with make libFuzzer. Then you can make each target with make target LDFLAGS=-L. CC=clang CXX=clang++.

AFL

The regression driver also serves as a binary for afl-fuzz. You can make each target with one of these commands:

make target-regression CC=afl-clang CXX=afl-clang++
AFL_MSAN=1 make target-regression-msan CC=afl-clang CXX=afl-clang++
AFL_ASAN=1 make target-regression-uasan CC=afl-clang CXX=afl-clang++

Then run as ./target @@.

Regression Testing

Each fuzz target has a corpus checked into the repo under fuzz/corpora/. You can run regression tests on the corpora to ensure that inputs which previously exposed bugs still pass. You can make these targets to run the regression tests with different sanitizers.

make regression-test
make regression-test-msan
make regression-test-uasan