From 9bf00148df34802ef5ab7be3d62495145795cf89 Mon Sep 17 00:00:00 2001 From: Patryk Kaminski Date: Thu, 31 Aug 2023 17:57:22 +0200 Subject: [PATCH] Add information on generating new corpus files Add instructions for generating new short fuzz test scenarios. --- test/fuzz/README.md | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/test/fuzz/README.md b/test/fuzz/README.md index 2787385338..22213b4dbf 100644 --- a/test/fuzz/README.md +++ b/test/fuzz/README.md @@ -1,8 +1,32 @@ # Corpora for fuzz tests with fixed API calls scenarios Corpora in 'corpus' directory contain UR API calls in a predefined order described below. -All scenarios begin with single calls to urInit() and urAdapterGet(). +All such scenarios begin with single calls to urInit() and urAdapterGet(). +Corpus files are binary files containing ASCII characters which are interpreted by the test +backwards, meaning that bytes are read from the end of the file to the beginning of the file. + +More corpora can be generated by fuzzer. Just run the test with a first positional parameter +which provides the path where any new corpus will be saved. The path has to exist. +It's worth running the test with tracing enabled while picking scenarios to be added to the repository +for future short fuzz tests runs. Example of running the test with generating new corpus files: +``` +UR_ADAPTERS_FORCE_LOAD=build/lib/libur_adapter_null.so \ +XPTI_TRACE_ENABLE=1 \ +XPTI_FRAMEWORK_DISPATCHER=build/lib/libxptifw.so \ +XPTI_SUBSCRIBERS=build/lib/libcollector.so \ +UR_ENABLE_LAYERS=UR_LAYER_TRACING \ +./build/bin/fuzztest-base test/fuzz/corpus -seed=1 -max_total_time=120 -verbosity=1 +``` + +Pass path to a corpus file instead to run a single scenario: +``` +UR_ADAPTERS_FORCE_LOAD=build/lib/libur_adapter_null.so \ +XPTI_TRACE_ENABLE=1 \ +XPTI_FRAMEWORK_DISPATCHER=build/lib/libxptifw.so \ +XPTI_SUBSCRIBERS=build/lib/libcollector.so \ +UR_ENABLE_LAYERS=UR_LAYER_TRACING \ +./build/bin/fuzztest-base test/fuzz/corpus/alloc -verbosity=1 +``` - More details on seed corpora for fuzzer can be found [here](https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md#seed-corpus).