DeepState version of code accompanying a blog post about fuzzing a red-black tree implementation: http://blog.regehr.org/archives/896
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
generatedMutants
libfuzzer.tests
symex.4.tests
symex.tests symex tests Dec 14, 2018
.gitignore
CHANGES
LICENSE
Makefile
README.md
blogpost.md
compiling.mutants.txt
container.c
container.h
deepstate_harness.cpp
easy_deepstate_fuzzer.cpp
fuzz_red_black_tree.c
fuzzing.killed.mutants.txt
interesting.mutants.txt
misc.c
misc.h
red_black_tree.c
red_black_tree.h
simple_test.sh
stack.c
stack.h
symex.cpp
symex.killed.mutants.txt
test_red_black_tree.c

README.md

rb_tree_demo adapted for DeepState

This was originally code accompanying a blog post about fuzzing a red-black tree implementation:

http://blog.regehr.org/archives/896

John Regehr posted it on GitHub:

https://github.com/regehr/rb_tree_demo

The original code is still there, but this adds a new file, deepstate_harness.cpp, that uses DeepState instead of a C random number generator, to perform (I think) the same testing as John's harness. The Makefile will build two executables, ds_rb and ds_rb_lf, the first of which is for symbolic execution, test replay, AFL fuzzing, etc., and the second of which is for libFuzzer fuzzing.

To fuzz this, you will want to do something like:

$ ./ds_rb_lf corpus -use_value_profile=1 -detect_leaks=0

The leak detection disabling is because when the test terminates early due to violated assumes in ranges, etc., this will leak memory.

A lot more information (more than you probably want) is here.