#26265: A proposal and demo for a fuzzing system that works with Rust through C
code
------------------------------+------------------------------------
Reporter: debily | Owner: (none)
Type: enhancement | Status: needs_revision
Priority: Low | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version:
Severity: Trivial | Resolution:
Keywords: fuzzing Rust afl | Actual Points:
Parent ID: #25386 | Points:
Reviewer: nickm | Sponsor:
------------------------------+------------------------------------
Changes (by nickm):
* status: needs_review => needs_revision
Comment:
Setting as needs_revision per isis's comment above. This is a decent
example of Rust fuzzing, but what we need is a feature to run the C and
the rust in parallel, and compare their outputs. In many cases, the
outputs will be strings, lists of strings, booleans, or some similar data
structure, so the comparison shouldn't be too hard. For us to get the
benefit of trace-aware fuzzing, we really need both of the implementations
to run in the same process.
Additionally, it would be much more useful if this fuzzing could be done
through the infrastructure currently in `src/test/fuzz` directory: That
way, we could run this fuzzing not only with AFL, but also with llvm's
libfuzzer, with google's OSS-Fuzz, and whatever else we wind up having in
the future.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26265#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
