Some notes on fuzzing the
tools/fidl parser using
Download and build it, then:
with whatever path you downloaded and built it with.
Patch the parser to not trap on invalid syntax
afl-fuzz treats crashes as interesting but the parser currently calls
when it encounters invalid syntax.
Remove that line in parser.h - it's in the
fidl tool with afl-fuzz's instrumentation
Clear any existing build and then build with the afl-fuzz compiler wrappers.
cd $ZIRCON_DIR rm -fr build-x86 PATH=$PWD/prebuilt/downloads/clang+llvm-x86_64-linux/bin/:$PATH:$AFL_PATH make \ build-x86/tools/fidl HOST_TOOLCHAIN_PREFIX=afl-
adjusting if you're not building on x86 Linux, etc.
Run the fuzzer
The parser includes some examples to use as inputs.
As FIDL becomes adopted we can expand our inputs to include all of the different protocols
declared across our tree, but for now we use what's in
$AFL_PATH/afl-fuzz -i tools/fidl/examples -o fidl-fuzz-out build-x86/tools/fidl dump '@@'
Running against the source from early May 2017, there were no crashes or hangs after two days of fuzzing on a fairly fast machine. It ran over 300 million executions.