using fuzz introspector with other fuzzers (AFL-Like) #1331
Comments
|
In essence Fuzz Introspector is independent of libFuzzer as such -- it relies on identifying the entrypoint Could you give some specifics about your usecase and in particular (1) your harness and (2) hw you collect code coverage? Then I might be able to come up with something that generates the introspector report. |
|
I appreciate your response so much. Obviously, there are some harnesses that are libfuzzer-compatible for OSS-fuzz, but my challenge is in this specific case. Like this, I want to fuzz PHP without any specific harness: This link could be a good starting point to learn how to merge and generate reports. Do I have the right direction? The questions are, how do I compile the fuzzer? Is it necessary to have LLVMFuzzerTestOneInput function? Thank you in advance for your response. |
For now yes, however, it may be possible to simply switch this as the only entrypoint to something more flexible. I'm happy to support the process if you're interested in implementing this. The key would be to make it possible to compile the php binary using LLVM LTO and then enable the LLVM frontend from here https://github.com/ossf/fuzz-introspector/tree/main/frontends/llvm to run on the linked module. This frontend essentially outputs a call tree for the "fuzzer" which I assume in this case would be from the |
I read the LocalBuild documentation page and understand that libFuzzer is the default fuzzer used. However, I could not find any documentation showing how to use fuzz introspector with other fuzzers like AFL, Honggfuzz, or custom fuzzers.
I would appreciate a link to a manual or source code that will help me understand how to use this project.
The text was updated successfully, but these errors were encountered: