Xen project Mailing List

Re: [Xen-devel] [PATCH 4/4] tools/fuzz: add README.afl

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 25 Jan 2017 09:49:26 +0000

Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>

Delivery-date: Wed, 25 Jan 2017 09:49:45 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, Jan 24, 2017 at 07:27:36PM +0000, Andrew Cooper wrote: > On 20/01/17 12:11, Wei Liu wrote: > > And rename README to README.oss-fuzz. > > > > Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx> > > --- > > Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > > Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx> > > Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> > > Cc: Jan Beulich <jbeulich@xxxxxxxx> > > --- > > tools/fuzz/README.afl | 27 +++++++++++++++++++++++++++ > > tools/fuzz/{README => README.oss-fuzz} | 0 > > 2 files changed, 27 insertions(+) > > create mode 100644 tools/fuzz/README.afl > > rename tools/fuzz/{README => README.oss-fuzz} (100%) > > > > diff --git a/tools/fuzz/README.afl b/tools/fuzz/README.afl > > new file mode 100644 > > index 0000000..7214b61 > > --- /dev/null > > +++ b/tools/fuzz/README.afl > > @@ -0,0 +1,27 @@ > > +# OVERVIEW > > + > > +Some fuzzing targets have American Fuzzy Lop (AFL) support. > > + > > +See also http://lcamtuf.coredump.cx/afl/ > > + > > +# HOW IT WORKS > > + > > +AFL provides a customised toolchain to build an executable, which in > > +turn is launched by the fuzzer. > > + > > +# HOW TO USE IT > > + > > +Use the x86 instruction emulator fuzzer as an example. > > + > > +1. download and compile AFL in $AFLPATH. > > + > > +2. run the following commands to build: > > + $ cd tools/fuzz/x86_instruction_emulator > > + $ make distclean > > + $ make CC=$AFLPATH/afl-gcc afl # produces afl-x86-insn-emulator-fuzzer > > + > > +3. run the fuzzer with AFL: > > + $ $AFLPATH/afl-fuzz -m none -t 1000 -i testcase_dir -o findings_dir -- \ > > + ./afl-x86-insn-emulator-fuzzer @@ > > + > > +Please see AFL documentation for more information. > > Having just debugged this README (I totally haven't forgotten how to > use AFL, despite all the recent work on it ;p), it is missing the > initial test case. > > I previously used a ret instruction as the seed testcase. > > $ mkdir testcase_dir > $ echo -n -e '\xc3' > testcase_dir/ret.bin > > after which ALF is happy to start running. Right, I will add this to README.afl. Wei. > > ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.