This commit is contained in:
Antonis Geralis 2022-09-09 15:45:31 +03:00
parent 7c704f596d
commit 8ee55b12b4
4 changed files with 37 additions and 5 deletions

View File

@ -152,7 +152,7 @@ must also be defined. `drchaos/common` exports read/write procs that assist with
### Dos and don'ts ### Dos and don'ts
- Don't `echo` in a fuzz target as it slows down execution speed. - Don't `echo` in a fuzz target as it slows down execution speed.
- Prefer `-d:danger|release` for maximum performance. - Prefer `-d:danger` for maximum performance.
- Once you have a crash you can recompile with `-d:debug` and pass the crashing test case as parameter. - Once you have a crash you can recompile with `-d:debug` and pass the crashing test case as parameter.
- Use `debugEcho(x)` in a target to print the crashing input. - Use `debugEcho(x)` in a target to print the crashing input.
- You could compile without sanitizers, AddressSanitizer slows down programs by ~2x, but it's not recommended. - You could compile without sanitizers, AddressSanitizer slows down programs by ~2x, but it's not recommended.

View File

@ -1,6 +1,6 @@
# WARNING: This benchmark does not run a complete fuzzing iteration, just the mutator. # WARNING: This benchmark does not run a complete fuzzing iteration, just the mutator.
# As such it doesn't account for LibFuzzer's overhead or the efficiency of the cache. # As such it doesn't account for LibFuzzer's overhead or the efficiency of the cache.
# Compile with: nim c --mm:arc -d:danger bench_graph.nim # Compile with: nim c --mm:arc --threads:off -d:danger bench_graph.nim
# Then run: perf record -e cycles:pp --call-graph dwarf ./bench_graph # Then run: perf record -e cycles:pp --call-graph dwarf ./bench_graph
include examples/fuzz_graph include examples/fuzz_graph

View File

@ -52,10 +52,10 @@ when isMainModule:
proc default[M, N: static[int]](_: typedesc[Matrix32[M, N]]): Matrix32[M, N] = proc default[M, N: static[int]](_: typedesc[Matrix32[M, N]]): Matrix32[M, N] =
zeros(M, N, float32) zeros(M, N, float32)
func fuzzTarget(x: Matrix32[2, 2]) = func fuzzTarget(x: Matrix32[3, 3]) =
when defined(dumpFuzzInput): debugEcho(x) when defined(dumpFuzzInput): debugEcho(x)
# Here you could multiply `x` with the identity matrix and make sure it doesn't change. # Here you could multiply `x` with the identity matrix and make sure it doesn't change.
#doAssert x * eye(2, float32) =~ x #doAssert x * eye(3, float32) =~ x
doAssert x != eye(2, float32) doAssert x != eye(3, float32)
defaultMutator(fuzzTarget) defaultMutator(fuzzTarget)

32
examples/fuzz_simple.nim Normal file
View File

@ -0,0 +1,32 @@
import drchaos
type
SampleStruct[T, U] = object
x: T
y: U
SampleEnum = enum
A, B, C
SampleCase = object
case kind: SampleEnum
of A: z: uint16
of B: discard
of C: x, y: bool
func `==`(a, b: SampleCase): bool =
if a.kind != b.kind: return false
case a.kind
of A: return a.z == b.z
of B: return true
of C: return a.x == b.x and a.y == b.y
func fuzzTarget(xs: seq[SampleStruct[uint8, SampleCase]]) =
if xs.len > 3 and
xs[0].x == 100 and (xs[0].y.kind == C and xs[0].y.x == false and xs[0].y.y == true) and
xs[1].x == 55 and (xs[1].y.kind == C and xs[1].y.x == true and xs[1].y.y == false) and
xs[2].x == 87 and (xs[2].y.kind == C and xs[2].y.x == false and xs[2].y.y == false) and
xs[3].x == 24 and (xs[3].y.kind == C and xs[3].y.x == true and xs[3].y.y == true):
doAssert false
defaultMutator(fuzzTarget)