Skip to content

ligurio/tarantool-corpus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

65 Commits
corpus
corpus
 
 
README.md
README.md
 
 
csv_fuzzer.dict
csv_fuzzer.dict
 
 
datetime_parse_full_fuzzer.dict
datetime_parse_full_fuzzer.dict
 
 
datetime_strptime_fuzzer.dict
datetime_strptime_fuzzer.dict
 
 
json_decode_test.dict
json_decode_test.dict
 
 
luaL_gsub_test.dict
luaL_gsub_test.dict
 
 
luaL_gsub_test.options
luaL_gsub_test.options
 
 
luaL_loadbuffer.dict
luaL_loadbuffer.dict
 
 
luaL_loadbufferx_test.dict
luaL_loadbufferx_test.dict
 
 
luaL_loadbufferx_test.options
luaL_loadbufferx_test.options
 
 
luaL_traceback_test.dict
luaL_traceback_test.dict
 
 
luaL_traceback_test.options
luaL_traceback_test.options
 
 
lua_dump_test.options
lua_dump_test.options
 
 
lua_load_test.options
lua_load_test.options
 
 
msgpack_decode_test.dict
msgpack_decode_test.dict
 
 
sql_fuzzer.dict
sql_fuzzer.dict
 
 
swim_proto_member_fuzzer.dict
swim_proto_member_fuzzer.dict
 
 
swim_proto_meta_fuzzer.dict
swim_proto_meta_fuzzer.dict
 
 
torture_test.dict
torture_test.dict
 
 
torture_test.options
torture_test.options
 
 
yaml_decode_test.dict
yaml_decode_test.dict
 
 

Repository files navigation

How-to build

$ git clone https://github.com/tarantool/tarantool
$ cd tarantool
$ git clone https://github.com/ligurio/tarantool-corpus test/static
$ CC=clang CXX=clang++ cmake -S . -B build -G Ninja -DENABLE_FUZZER=ON -DENABLE_UB_SANITIZER=ON
$ cmake --build build/ --parallel --target fuzzers

How-to run

$ ctest --test-dir build -L fuzzing

How-to merge corpuses

$ ./build/test/fuzz/lua_fuzzer/lua_fuzzer -set_cover_merge=1 corpus new_corpus
$ ./build/test/fuzz/lua_fuzzer/lua_fuzzer -merge=1 corpus new_corpus

Code coverage

Compile and link with -fprofile-instr-generate -fcoverage-mapping options. When using -fsanitize=address, no .profraw will be written on crash or abort, so once the fuzzing test is finished, a second run is needed by passing only files in corpus, run: ./fuzzer -runs=0 ./corpora_minimized:

$ CFLAGS="-fprofile-instr-generate -fcoverage-mapping" CC=clang CXX=clang++ cmake -S . -B build -G Ninja -DENABLE_FUZZER=ON
$ cmake --build build --parallel
$ ./build/test/fuzz/http_parser_fuzzer -runs=0

Then to generate an html view:

$ llvm-profdata merge -sparse default.profraw -o default.profdata
$ llvm-cov show --format=html ./build/src/tarantool -instr-profile=default.profdata > coverage.html

Show code coverage for a single function with a name http_parser:

$ llvm-cov show ./build/src/tarantool -instr-profile=default.profdata -name=http_parser

About

Fuzzing seed corpus for Tarantool

www.tarantool.io

Topics

lua luajit fuzzing tarantool libfuzzer

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages