[libvirt] [GSOC] project libvirt fuzzing
Daniel P. Berrange
berrange at redhat.com
Thu Mar 16 17:29:00 UTC 2017
On Tue, Mar 07, 2017 at 12:27:58AM -0500, D L wrote:
> On Sun, Mar 5, 2017 at 2:47 AM, Michal Privoznik <mprivozn at redhat.com> wrote:
> Regarding fuzzing, I think we can try several fuzzing tools to run in
> parallel, as different
> fuzzers tend to find different kinds of bugs. Thus, AFL (American Fuzz
> Lop) [1],
> which is a coverage-guided mutation-based fuzzer with genetic algorithm,
> can
> take hand-crafted xml seed to fuzz our libvert target. Alternatively, we
> could
> develop generation-based grammar module in AFL (which is definitely
> non-trivial);
> so far I have not seen active development in AFL community on xml format
> grammar generation. Another option could be clang-libfuzzer [2].
>
> Several related articles show examples of fuzzing are using AFL to generate
> SQL [3], llvm-afl [4], and hexml fuzzing with AFL [5]. In combination with
> lcov, we
> could compare different fuzzers and guide our fuzzing tuning.
FYI, I would very much like to see it use a fuzzer that is open source, because
I'd like the end result of the project to ideally produce some test suite or
test framework that we can put in to our CI system and run daily to validate
future changes.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
More information about the libvir-list
mailing list