[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poke fuzzing

From: Jose E. Marchesi
Subject: Re: Poke fuzzing
Date: Thu, 26 Mar 2020 12:30:27 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Hi Tim!
    I created a first fuzzer at [1] in branch 'add-fuzzer', if you like to
    take a look (build instructions in fuzz/README.md). It's pretty early
    stage, but already has some files for OSS-Fuzz integration, Google's
    continuous fuzzing platform.

Very nice.  We have already done some fuzzing with poke.  In particular:

- Fuzzing Poke programs with AFL:

- Fuzzing valid Poke programs with grammarinator:
  See section Grammarinator in HACKING.

    One of the problems I found is that poke does not have a library.
    Library fuzzing is much easier, faster and allows modular fuzzing.
    So I build a convenience library in src/.

    Another issue is arbitrary calls to exit() or abort() which has to be
    mitigated somehow (that's another reason why library fuzzing is easier).
    Could you amend poke in a way that all functions are like library
    function, returning an error instead of calling exit() ?

Actually, at some point we should have a proper libpoke.so with a
well-defined API, containing at least the compiler, PVM, and the IO

Patches in that direction (like removing calls to exit() or abort()) are

By the way, we already have a lib/libpoke.la with the gnulib.  It is
probably a good idea to rename it to lib/libgnulib.la or something.
    Then it would be nice to allow
    pkl_free(pkl_new()). Currently this immediately stops with NULL ptr
    accesses since this is pretty ripped out of main().

Will look into this.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]