boa icon indicating copy to clipboard operation
boa copied to clipboard

Published 20 hours ago verified publisher icon boa-dev

Catching lexer/parser bugs with fuzzed input

Open HalidOdat opened this issue 3 years ago • 2 comments

The fuzzer would generate tests with fuzzed input and we would check what is the expected behaviour

HalidOdat avatar Oct 02 '20 17:10 HalidOdat

I uploaded the fuzzer I used here: https://github.com/alexanderkjall/boa-hongg feel free to use it however you want.

I used honggfuzz, as it's a bit better than cargo-fuzz, and have run it overnight so far.

I In addition to the bugs I have reported with it, there is also a SIGSEGV due to running out of stackspace when parsing a very nested expression, but I felt that might be out of scope?

alexanderkjall avatar Oct 03 '20 09:10 alexanderkjall

It would be nice to have some automation of fuzzing going on, however, as fuzzers last indefinitely, unsure of whether using CI is applicable... I also found AFL which seems simple enough to use and can use an input to converge on bugs quicker, I’m unsure of whether honggfuzz has the same capabilities, but it might be useful to use AFL if not!

Also, as for automation, Google has OSS-Fuzz which allows for automated fuzzing and has a GH integration, might be worth looking into!

neeldug avatar Oct 06 '20 23:10 neeldug

Closed by #2400

jedel1043 avatar Nov 08 '22 00:11 jedel1043