aboutsummaryrefslogtreecommitdiff
path: root/doc/fuzzing.md
AgeCommit message (Collapse)Author
2021-03-09doc: Update fuzzing docs for afl-clang-ltoMarcoFalke
2021-02-17Merge #20380: doc: Add instructions on how to fuzz the P2P layer using ↵MarcoFalke
Honggfuzz NetDriver fd0be92cff6a4b5e343e6ddae7481868354b9869 doc: Add instructions on how to fuzz the P2P layer using Honggfuzz NetDriver (practicalswift) Pull request description: Add instructions on how to fuzz the P2P layer using [Honggfuzz NetDriver](http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html). Honggfuzz NetDriver allows for very easy fuzzing of TCP servers such as Bitcoin Core without having to write any custom fuzzing harness. The `bitcoind` server process is largely fuzzed without modification. This makes the fuzzing highly realistic: a bug reachable by the fuzzer is likely also remotely triggerable by an untrusted peer. Top commit has no ACKs. Tree-SHA512: 9e98cb30f00664c00c8ff9fd224ff9822bff3fd849652172df48dbaeade1dd1a5fc67ae53203f1966a1d4210671b35656009a2d8b84affccf3ddf1fd86124f6e
2020-12-10fuzz: Link all targets onceMarcoFalke
2020-11-12doc: Add instructions on how to fuzz the P2P layer using Honggfuzz NetDriverpracticalswift
2020-07-05doc: afl fuzzing comment about afl-gcc and afl-g++nsa
This commit includes a short comment in doc/fuzzing.md that gives guidance on compiling Bitcoin Core with AFL instrumentation using afl-gcc and afl-g++.
2020-06-05build: turn on --enable-c++17 by --enable-fuzzVasil Dimov
Fuzzing code uses C++17 specific code (e.g. std::optional), so it is not possible to compile with --enable-fuzz and without --enable-c++17. Thus, turn on --enable-c++17 whenever --enable-fuzz is used.
2020-05-11doc: add c++17-enable to fuzzing instructionsMartin Zumsande
2020-04-22doc: Document how to fuzz Bitcoin Core using honggfuzzpracticalswift
2020-03-18doc: Add fuzzing quickstart guides for libFuzzer and afl-fuzz. Simplify ↵practicalswift
instructions.
2020-03-09doc: Remove --disable-ccache from docsMarcoFalke
2020-01-29doc: Improve fuzzing docs for macOS usersFabian Jahr
2019-10-30docs: Add undefined to --with-sanitizers=fuzzer,addresspracticalswift
2019-07-08Update doc and CI configqmma
2019-02-13qa: Add test/fuzz/test_runner.pyMarcoFalke
2019-01-29test: Build fuzz targets into seperate executablesMarcoFalke
2019-01-16docs: Spelling error fix on fuzzing.mdbenthecarman
2019-01-05build: Allow to configure --with-sanitizers=fuzzerMarcoFalke
2017-05-19[test] Speed up fuzzing by ~200x when using afl-fuzzpracticalswift
Enable the `afl-clang-fast++` features deferred forkserver (`__AFL_INIT`) and persistent mode (`__AFL_LOOP(1000)`). Before this patch: ``` $ afl-fuzz -i input -o output -m512 -- src/test/test_bitcoin_fuzzy [*] Validating target binary... [!] WARNING: The target binary is pretty slow! See /usr/local/share/doc/afl/perf_tips.txt. [+] Here are some useful stats: Test case count : 1 favored, 0 variable, 1 total Bitmap range : 1072 to 1072 bits (average: 1072.00 bits) Exec timing : 20.4k to 20.4k us (average: 20.4k us) … exec speed : 57.58/sec (slow!) exec speed : 48.35/sec (slow!) exec speed : 53.78/sec (slow!) ``` After this patch: ``` $ afl-fuzz -i input -o output -m512 -- src/test/test_bitcoin_fuzzy [*] Validating target binary... [+] Persistent mode binary detected. [+] Deferred forkserver binary detected. [+] Here are some useful stats: Test case count : 1 favored, 0 variable, 1 total Bitmap range : 24 to 24 bits (average: 24.00 bits) Exec timing : 114 to 114 us (average: 114 us) … exec speed : 15.9k/sec exec speed : 13.1k/sec exec speed : 15.1k/sec ```
2016-12-15doc: Add bare-bones documentation for fuzzingWladimir J. van der Laan