Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ligurio/tarantool-corpus

Fuzzing seed corpus for Tarantool
https://github.com/ligurio/tarantool-corpus

fuzzing libfuzzer lua luajit tarantool

Last synced: 11 months ago
JSON representation

Fuzzing seed corpus for Tarantool

Awesome Lists containing this project

README 

          
### How-to build



```sh

$ git clone https://github.com/tarantool/tarantool

$ cd tarantool

$ git clone https://github.com/ligurio/tarantool-corpus test/static

$ CC=clang CXX=clang++ cmake -S . -B build -G Ninja -DENABLE_FUZZER=ON -DENABLE_UB_SANITIZER=ON

$ cmake --build build/ --parallel --target fuzzers

```



### How-to run



```

$ ctest --test-dir build -L fuzzing

```



### How-to merge corpuses



```sh

$ ./build/test/fuzz/lua_fuzzer/lua_fuzzer -set_cover_merge=1 corpus new_corpus

$ ./build/test/fuzz/lua_fuzzer/lua_fuzzer -merge=1 corpus new_corpus

```



### Code coverage



Compile and link with `-fprofile-instr-generate -fcoverage-mapping` options. When

using `-fsanitize=address`, no `.profraw` will be written on crash or abort, so

once the fuzzing test is finished, a second run is needed by passing only files

in corpus, run: `./fuzzer -runs=0 ./corpora_minimized`:



```

$ CFLAGS="-fprofile-instr-generate -fcoverage-mapping" CC=clang CXX=clang++ cmake -S . -B build -G Ninja -DENABLE_FUZZER=ON

$ cmake --build build --parallel

$ ./build/test/fuzz/http_parser_fuzzer -runs=0

```



Then to generate an html view:



```sh

$ llvm-profdata merge -sparse default.profraw -o default.profdata

$ llvm-cov show --format=html ./build/src/tarantool -instr-profile=default.profdata > coverage.html

```



Show code coverage for a single function with a name `http_parser`:



```sh

$ llvm-cov show ./build/src/tarantool -instr-profile=default.profdata -name=http_parser

```