[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Poke fuzzing
From: |
Jose E. Marchesi |
Subject: |
Re: Poke fuzzing |
Date: |
Thu, 26 Mar 2020 12:30:27 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Hi Tim!
I created a first fuzzer at [1] in branch 'add-fuzzer', if you like to
take a look (build instructions in fuzz/README.md). It's pretty early
stage, but already has some files for OSS-Fuzz integration, Google's
continuous fuzzing platform.
Very nice. We have already done some fuzzing with poke. In particular:
- Fuzzing Poke programs with AFL:
https://lists.gnu.org/archive/html/poke-devel/2020-01/msg00043.htmlSee
https://lists.gnu.org:443/archive/html/poke-devel/2020-01/msg00083.html
- Fuzzing valid Poke programs with grammarinator:
See section Grammarinator in HACKING.
One of the problems I found is that poke does not have a library.
Library fuzzing is much easier, faster and allows modular fuzzing.
So I build a convenience library in src/.
Another issue is arbitrary calls to exit() or abort() which has to be
mitigated somehow (that's another reason why library fuzzing is easier).
Could you amend poke in a way that all functions are like library
function, returning an error instead of calling exit() ?
Actually, at some point we should have a proper libpoke.so with a
well-defined API, containing at least the compiler, PVM, and the IO
subsystem.
Patches in that direction (like removing calls to exit() or abort()) are
welcome.
By the way, we already have a lib/libpoke.la with the gnulib. It is
probably a good idea to rename it to lib/libgnulib.la or something.
Then it would be nice to allow
pkl_free(pkl_new()). Currently this immediately stops with NULL ptr
accesses since this is pretty ripped out of main().
Will look into this.
- Re: Poke fuzzing,
Jose E. Marchesi <=