RIOT-OS
fuzzing: Update to afl++, adding persistent-fuzzing example
Contribution description
Hello! 🦐
This upgrades the fuzzing infrastructure from AFL to AFL++.
The PR also adds an example usage of AFL++ persistent fuzzing, which increases the execution speed by about 4500%; from ~1800 exec/s to 81.000 exec/s, at least on my machine :). I picked, once again, the uri_parser as the example use-case.
To enable persistent fuzzing, one has to use afl-clang-fast instead of the old afl-gcc, I adjusted the Makefile accordingly - which might break backwards compatibility with certain afl-gcc-only setups. All fuzzing examples present in RIOT work fine with this change, with the exception of gcoap, where a small change of the used modules was necessary.
Testing procedure
Testing is done as usual with fuzzing:
cd RIOT/fuzzing/<target>/
make all-asan
make fuzz
Murdock results
:x: FAILED
a61d12940c8fb14c900bbc4d4f97ab30ac2d8fee fuzzing: Update to afl++, adding persisten-fuzzing example
| Success | Failures | Total | Runtime |
|---|---|---|---|
| 9669 | 0 | 10306 | 09m:19s |
Artifacts
CI is not happy - does this need an update of the CI riotdocker?
Not sure, it is by design that the macros e.g. __AFL_FUZZ_INIT() are not known outside of AFL. Correct me if I'm wrong but we do not use AFL(any version) within CI right?
The best course of action might be to disable building this fuzzing harness during CI?
we do not use AFL(any version) within CI right?
The fuzzing examples get build by CI - and they should be, otherwise they will just bitrot away. If we need to install AFL++ on CI, we should just do that by adding it to the riotdocker Dockerfile.
Hm, doesn't run anymore. Probably because it is now 64 bit and something broke? Will have to check that.
Hm, doesn't run anymore. Probably because it is now 64 bit and something broke? Will have to check that.
You can force to run it as 32-bit with BOARD=native32.
