{"id":11121,"date":"2015-05-01T11:12:12","date_gmt":"2015-05-01T15:12:12","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=11121"},"modified":"2015-05-04T16:04:23","modified_gmt":"2015-05-04T20:04:23","slug":"llvms-new-libfuzzer","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2015\/05\/01\/llvms-new-libfuzzer\/","title":{"rendered":"LLVM&rsquo;s New libFuzzer"},"content":{"rendered":"<p><a href=\"http:\/\/blog.llvm.org\/2015\/04\/fuzz-all-clangs.html\">Kostya Serebryany<\/a>:<\/p><blockquote cite=\"http:\/\/blog.llvm.org\/2015\/04\/fuzz-all-clangs.html\"><p>Fuzzing (or <a href=\"http:\/\/en.wikipedia.org\/wiki\/Fuzz_testing\">fuzz testing<\/a>) is becoming increasingly popular. Fuzzing Clang and fuzzing <em>with<\/em> Clang is not new: Clang-based <a href=\"http:\/\/clang.llvm.org\/docs\/AddressSanitizer.html\">AddressSanitizer<\/a> has been used for fuzz-testing the Chrome browser for <a href=\"http:\/\/blog.chromium.org\/2012\/04\/fuzzing-for-security.html\">several years<\/a> and Clang itself has been extensively fuzzed using <a href=\"https:\/\/embed.cs.utah.edu\/csmith\/\">csmith<\/a>and, more recently, using <a href=\"http:\/\/lcamtuf.coredump.cx\/afl\/\">AFL<\/a>. Now we&rsquo;ve closed the loop and started to fuzz parts of LLVM (including Clang) using LLVM itself.<\/p>\n<p><a href=\"http:\/\/llvm.org\/docs\/LibFuzzer.html\">LibFuzzer<\/a>, recently added to the LLVM tree, is a library for in-process fuzzing that uses <a href=\"https:\/\/code.google.com\/p\/address-sanitizer\/wiki\/AsanCoverage\">Sanitizer Coverage instrumentation<\/a> to guide test generation. With LibFuzzer one can implement a guided fuzzer for some library by writing one simple function:<\/p><pre>extern \"C\" void TestOneInput(const uint8_t *Data, size_t Size);<\/pre><\/blockquote>\n<p>Update (2015-05-02): <a href=\"https:\/\/www.mikeash.com\/pyblog\/friday-qa-2015-05-01-fuzzing-with-afl-fuzz.html\">Mike Ash<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.mikeash.com\/pyblog\/friday-qa-2015-05-01-fuzzing-with-afl-fuzz.html\"><p>With computer security high on everyone&rsquo;s minds these days, tools that help assess and improve the security of our code are extremely useful. Today I&rsquo;m going to talk about one such tool, <a href=\"http:\/\/lcamtuf.coredump.cx\/afl\/\"><code>afl-fuzz<\/code><\/a>, which has seen a lot of attention lately and produces some interesting results. I&rsquo;ll discuss how it works and how to use it on your own code.<\/p><\/blockquote>\n<p>Update (2015-05-04): <a href=\"http:\/\/blog.regehr.org\/archives\/1238\">John Regehr<\/a>:<\/p>\n<blockquote cite=\"http:\/\/blog.regehr.org\/archives\/1238\"><p><a href=\"http:\/\/lcamtuf.coredump.cx\/afl\/\">American fuzzy lop<\/a> is a polished and effective fuzzing tool. It has found tons of bugs and there are any number of blog posts talking about that. Here we&rsquo;re going to take a quick look at what it isn&rsquo;t good at. For example, here&rsquo;s a program that&rsquo;s trivial to crash by hand, that afl-fuzz isn&rsquo;t likely to crash in an amount of time you&rsquo;re prepared to wait[&#8230;]<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Kostya Serebryany:Fuzzing (or fuzz testing) is becoming increasingly popular. Fuzzing Clang and fuzzing with Clang is not new: Clang-based AddressSanitizer has been used for fuzz-testing the Chrome browser for several years and Clang itself has been extensively fuzzed using csmithand, more recently, using AFL. Now we&rsquo;ve closed the loop and started to fuzz parts of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[230,255,56,229,71],"class_list":["post-11121","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-clang","tag-compiler","tag-debugging","tag-llvm","tag-programming"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=11121"}],"version-history":[{"count":3,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11121\/revisions"}],"predecessor-version":[{"id":11143,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11121\/revisions\/11143"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=11121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=11121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=11121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}