Skip to content

Commit

Permalink
Merge pull request #839 from PatKamin/fuzztest-readme
Browse files Browse the repository at this point in the history
Add information on generating new corpus files
  • Loading branch information
pbalcer authored Sep 1, 2023
2 parents 6114e57 + 9bf0014 commit d242d04
Showing 1 changed file with 26 additions and 2 deletions.
28 changes: 26 additions & 2 deletions test/fuzz/README.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,32 @@
# Corpora for fuzz tests with fixed API calls scenarios
Corpora in 'corpus' directory contain UR API calls in a predefined order described below.
All scenarios begin with single calls to urInit() and urAdapterGet().
All such scenarios begin with single calls to urInit() and urAdapterGet().
Corpus files are binary files containing ASCII characters which are interpreted by the test
backwards, meaning that bytes are read from the end of the file to the beginning of the file.

More corpora can be generated by fuzzer. Just run the test with a first positional parameter
which provides the path where any new corpus will be saved. The path has to exist.
It's worth running the test with tracing enabled while picking scenarios to be added to the repository
for future short fuzz tests runs. Example of running the test with generating new corpus files:
```
UR_ADAPTERS_FORCE_LOAD=build/lib/libur_adapter_null.so \
XPTI_TRACE_ENABLE=1 \
XPTI_FRAMEWORK_DISPATCHER=build/lib/libxptifw.so \
XPTI_SUBSCRIBERS=build/lib/libcollector.so \
UR_ENABLE_LAYERS=UR_LAYER_TRACING \
./build/bin/fuzztest-base test/fuzz/corpus -seed=1 -max_total_time=120 -verbosity=1
```

Pass path to a corpus file instead to run a single scenario:
```
UR_ADAPTERS_FORCE_LOAD=build/lib/libur_adapter_null.so \
XPTI_TRACE_ENABLE=1 \
XPTI_FRAMEWORK_DISPATCHER=build/lib/libxptifw.so \
XPTI_SUBSCRIBERS=build/lib/libcollector.so \
UR_ENABLE_LAYERS=UR_LAYER_TRACING \
./build/bin/fuzztest-base test/fuzz/corpus/alloc -verbosity=1
```

<!--- TODO: extend this doc -->
More details on seed corpora for fuzzer can be found
[here](https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md#seed-corpus).

Expand Down

0 comments on commit d242d04

Please sign in to comment.