Skip to content

Commit d6f6a85

Browse files
laanwjfurszy
laanwj
authored and
furszy
committed
doc: Add bare-bones documentation for fuzzing
1 parent 5c3b550 commit d6f6a85

File tree

2 files changed

+67
-0
lines changed

2 files changed

+67
-0
lines changed

doc/README.md

+1
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ The PIVX repo's [root README](/README.md) contains relevant information on the d
6464
### Miscellaneous
6565
- [Assets Attribution](assets-attribution.md)
6666
- [Files](files.md)
67+
- [Fuzz-testing](fuzzing.md)
6768
- [Reduce Memory](reduce-memory.md)
6869
- [Tor Support](tor.md)
6970
- [Init Scripts (systemd/upstart/openrc)](init.md)

doc/fuzzing.md

+66
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
Fuzz-testing Bitcoin Core
2+
==========================
3+
4+
A special test harness `test_bitcoin_fuzzy` is provided to provide an easy
5+
entry point for fuzzers and the like. In this document we'll describe how to
6+
use it with AFL.
7+
8+
Building AFL
9+
-------------
10+
11+
It is recommended to always use the latest version of afl:
12+
```
13+
wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
14+
tar -zxvf afl-latest.tgz
15+
cd afl-<version>
16+
make
17+
export AFLPATH=$PWD
18+
```
19+
20+
Instrumentation
21+
----------------
22+
23+
To build Bitcoin Core using AFL instrumentation (this assumes that the
24+
`AFLPATH` was set as above):
25+
```
26+
./configure --disable-ccache --disable-shared --enable-tests CC=${AFLPATH}/afl-gcc CXX=${AFLPATH}/afl-g++
27+
export AFL_HARDEN=1
28+
cd src/
29+
make test/test_bitcoin_fuzzy
30+
```
31+
We disable ccache because we don't want to pollute the ccache with instrumented
32+
objects, and similarly don't want to use non-instrumented cached objects linked
33+
in.
34+
35+
Preparing fuzzing
36+
------------------
37+
38+
AFL needs an input directory with examples, and an output directory where it
39+
will place examples that it found. These can be anywhere in the file system,
40+
we'll define environment variables to make it easy to reference them.
41+
42+
```
43+
mkdir inputs
44+
AFLIN=$PWD/inputs
45+
mkdir outputs
46+
AFLOUT=$PWD/outputs
47+
```
48+
49+
Example inputs are available from:
50+
51+
- https://download.visucore.com/bitcoin/bitcoin_fuzzy_in.tar.xz
52+
- http://strateman.ninja/fuzzing.tar.xz
53+
54+
Extract these (or other starting inputs) into the `inputs` directory before starting fuzzing.
55+
56+
Fuzzing
57+
--------
58+
59+
To start the actual fuzzing use:
60+
```
61+
$AFLPATH/afl-fuzz -i ${AFLIN} -o ${AFLOUT} -m52 -- test/test_bitcoin_fuzzy
62+
```
63+
64+
You may have to change a few kernel parameters to test optimally - `afl-fuzz`
65+
will print an error and suggestion if so.
66+

0 commit comments

Comments
 (0)