On Tue, Mar 07, 2017 at 12:27:58AM -0500, D L wrote:
On Sun, Mar 5, 2017 at 2:47 AM, Michal Privoznik
<mprivozn(a)redhat.com> wrote:
Regarding fuzzing, I think we can try several fuzzing tools to run in
parallel, as different
fuzzers tend to find different kinds of bugs. Thus, AFL (American Fuzz
Lop) [1],
which is a coverage-guided mutation-based fuzzer with genetic algorithm,
can
take hand-crafted xml seed to fuzz our libvert target. Alternatively, we
could
develop generation-based grammar module in AFL (which is definitely
non-trivial);
so far I have not seen active development in AFL community on xml format
grammar generation. Another option could be clang-libfuzzer [2].
Several related articles show examples of fuzzing are using AFL to generate
SQL [3], llvm-afl [4], and hexml fuzzing with AFL [5]. In combination with
lcov, we
could compare different fuzzers and guide our fuzzing tuning.
FYI, I would very much like to see it use a fuzzer that is open source, because
I'd like the end result of the project to ideally produce some test suite or
test framework that we can put in to our CI system and run daily to validate
future changes.
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://entangle-photo.org -o-
http://search.cpan.org/~danberr/ :|