Skip to content

csmith fuzzing #1033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 25, 2017
Merged

csmith fuzzing #1033

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions csmith-fuzzing/README
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Fuzz bindgen with `csmith` https://github.com/csmith-project/csmith .

Run with `python3 driver.py`. It will run until until it encounters an error in `bindgen`.

Requires `python3`, `csmith` and `bindgen` to be in `$PATH`.

csmith is run with `--no-checksum --nomain --max-block-size 1 --max-block-depth 1` which disables the `main` function and makes function bodies as simple as possible as bindgen does not care about them but they cannot be completely disabled in csmith. Run `csmith --help` to see what exactly those options do.
15 changes: 15 additions & 0 deletions csmith-fuzzing/csmith.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
// Type definitions from csmith's csmith_minimal.h included in csmith.h .
// Since other header contents are not needed we put them in here
// so the other original header is not needed anymore.

#define int8_t signed char
#define uint8_t unsigned char

#define int16_t short
#define uint16_t unsigned short

#define int32_t int
#define uint32_t unsigned

#define int64_t long long
#define uint64_t unsigned long long
33 changes: 33 additions & 0 deletions csmith-fuzzing/driver.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
from subprocess import run, DEVNULL, PIPE

csmith_command = [
"csmith",
"--no-checksum",
"--nomain",
"--max-block-size", "1",
"--max-block-depth", "1",
"--output", "generated.h"]

bindgen_command = ["bindgen", "generated.h"]

if __name__ == "__main__":
print("Bindgen fuzzing with csmith.")
print(
"This script will write to generated.h, bindgen_stdout, bindgen_stderr and platform.info . "
"These files can be deleted after running.")

iterations = 0
while True:
print("\rIteration: {}".format(iterations), end="", flush=True)

run(csmith_command, stdin=DEVNULL, stdout=DEVNULL, stderr=DEVNULL)
with open("bindgen_stdout", "wb") as stdout, open("bindgen_stdout", "wb") as stderr:
result = run(bindgen_command, stdin=DEVNULL, stdout=stdout, stderr=stderr)
if result.returncode != 0:
print()
print(
"Error: bindgen existed with non zero exit code {} when ran on generated.h . "
"You can find its output in bindgen_stoud and bindgen_stderr."
.format(result.returncode))
exit()
iterations += 1