From 0cd1011ba2fc877b7d902f1a80374c71d792fd64 Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Tue, 31 Jul 2018 10:27:51 -0700 Subject: [PATCH] add memory note, mention libFuzzer early --- README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3b884b4..767ce0b 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ The [2018 IEEE Cybersecurity Development Conference](https://secdev.ieee.org/201 * Tests look like Google Test, but can use symbolic execution/fuzzing to generate data (parameterized unit testing) * Easier to learn than binary analysis tools/fuzzers, but provides similar functionality -* Already supports Manticore, Angr, Dr. Fuzz, file-based fuzzing with e.g., AFL; more back-ends likely in future +* Already supports Manticore, Angr, libFuzzer, file-based fuzzing with e.g., AFL; more back-ends likely in future * Switch test generation tool without re-writing test harness * Work around show-stopper bugs * Find out which tool works best for your code under test @@ -46,7 +46,7 @@ Runtime: ## Building on Ubuntu 16.04 (Xenial) -```shell +AFL```shell sudo apt update && sudo apt-get install build-essential gcc-multilib g++-multilib cmake python python-setuptools libffi-dev z3 git clone https://github.com/trailofbits/deepstate deepstate mkdir deepstate/build && cd deepstate/build @@ -109,7 +109,13 @@ mkdir OneOf_corpus Use the `LIBFUZZER_WHICH_TEST` environment variable to control which test libFuzzer runs, using a -fully qualified name (e.g., `Arithmetic_InvertibleMultiplication_CanFail`). +fully qualified name (e.g., +`Arithmetic_InvertibleMultiplication_CanFail`). + +One hint when using libFuzzer is to avoid dynamically allocating +memory during a test, if that memory would not be freed on a test +failure. This will leak memory and libFuzzer will run out of memory +very quickly in each fuzzing session. ## Fuzzing with AFL