puzzles/fuzzpuzz.c, branch master My sgt-puzzles tree Don't give the libFuzzer version of fuzzpuzz a special name 2023-02-23T11:34:32+00:00 Ben Harris bjh21@bjh21.me.uk 2023-02-21T21:04:58+00:00 015bd1447472f82a5607ecb5fabaf25bf37cd4e2 I've changed my mind already. The other versions of fuzzpuzz all have different command-line interfaces anyway, so I think the best approach is to just accept that and decide that precisely how fuzzpuzz works isn't a defined API. Fuzzing is inherently not an end-user activity, so I think it's acceptable to make it a bit inconsistent. This means that in Clang builds you get the non-libFuzzer version of fuzzpuzz by default (so you can use it with other fuzzers), but if you turn on WITH_LIBFUZZER then you'll get the libFuzzer version instead. 
I've changed my mind already.  The other versions of fuzzpuzz all have
different command-line interfaces anyway, so I think the best approach
is to just accept that and decide that precisely how fuzzpuzz works
isn't a defined API.  Fuzzing is inherently not an end-user activity, so
I think it's acceptable to make it a bit inconsistent.

This means that in Clang builds you get the non-libFuzzer version of
fuzzpuzz by default (so you can use it with other fuzzers), but if you
turn on WITH_LIBFUZZER then you'll get the libFuzzer version instead.
Try to clean up fuzzpuzz a bit 2023-02-23T11:34:26+00:00 Ben Harris bjh21@bjh21.me.uk 2023-02-20T22:53:33+00:00 80de73a6aa4c4e726860c492d2264d4958a56b0d I've separated out the various versions of main(), which has helped a little bit. I've also stopped using fmemopen() since libFuzzer might work on Windows. But I think I probably still have something fundamentally wrong in my approach. 
I've separated out the various versions of main(), which has helped a
little bit.  I've also stopped using fmemopen() since libFuzzer might
work on Windows.  But I think I probably still have something
fundamentally wrong in my approach.
Rough support for fuzzing with libFuzzer 2023-02-23T11:34:20+00:00 Ben Harris bjh21@bjh21.me.uk 2023-02-20T21:51:18+00:00 5ba227031c865aff55fdaf7c9a1b0e8abcbbabc4 For AFL++ and Honggfuzz, our approach is to build a standard fuzzpuzz binary with extra hooks for interacting with an external fuzzer. This works well for AFL++ and tolerably for Honggfuzz. LibFuzzer, though, provides its own main() so that the resulting program has a very different command-line interface from the normal one. Also, since libFuzzer is a standard part of Clang, we can't decide whether to use it based on the behaviour of the compiler. So what I've done, at least for now, is to have CMake detect when we're using Clang and in that case build a separate binary called "fuzzpuzz-libfuzzer" which is built with -fsanitize=fuzzer, while the ordinary fuzzpuzz is built without. I'm not sure if this is the right approach, though. 
For AFL++ and Honggfuzz, our approach is to build a standard fuzzpuzz
binary with extra hooks for interacting with an external fuzzer.  This
works well for AFL++ and tolerably for Honggfuzz.  LibFuzzer, though,
provides its own main() so that the resulting program has a very
different command-line interface from the normal one.  Also, since
libFuzzer is a standard part of Clang, we can't decide whether to use it
based on the behaviour of the compiler.

So what I've done, at least for now, is to have CMake detect when we're
using Clang and in that case build a separate binary called
"fuzzpuzz-libfuzzer" which is built with -fsanitize=fuzzer, while the
ordinary fuzzpuzz is built without.  I'm not sure if this is the right
approach, though.
Revert "Stop persistent-mode fuzzpuzz exiting prematurely" 2023-02-18T20:23:23+00:00 Ben Harris bjh21@bjh21.me.uk 2023-02-18T20:23:23+00:00 fccd2a55e705a991f22f1aa393c9324846d80515 That was completely wrong: a "continue" at the end of the loop is unnecessary. This reverts commit b91f9824b6f73290051025317f3387c7212fa05f. 
That was completely wrong: a "continue" at the end of the loop is
unnecessary.

This reverts commit b91f9824b6f73290051025317f3387c7212fa05f.
Stop persistent-mode fuzzpuzz exiting prematurely 2023-02-18T13:56:10+00:00 Ben Harris bjh21@bjh21.me.uk 2023-02-18T12:28:29+00:00 b91f9824b6f73290051025317f3387c7212fa05f In the transition to fuzz_one() I'd lost a "continue". 
In the transition to fuzz_one() I'd lost a "continue".
Support Honggfuzz's persistent mode in fuzzpuzz 2023-02-18T13:56:10+00:00 Ben Harris bjh21@bjh21.me.uk 2023-02-18T11:59:08+00:00 150c05a2989ec5e50768718686c2c997b95af0df Unlike AFL, Honggfuzz's compiler wrapper doesn't provide a convenient preprocessor macro, so we have to have CMake detect the existence of HF_ITER. Also the resulting program can't run outside of Honggfuzz, so maybe some additional cleverness is called for there as well. Still, it makes Honggfuzz go ten times faster, which is nice. 
Unlike AFL, Honggfuzz's compiler wrapper doesn't provide a convenient
preprocessor macro, so we have to have CMake detect the existence of
HF_ITER.  Also the resulting program can't run outside of Honggfuzz, so
maybe some additional cleverness is called for there as well.  Still, it
makes Honggfuzz go ten times faster, which is nice.
Adjust fuzzpuzz sample shell commands to not include "/*" 2023-02-16T23:43:50+00:00 Ben Harris bjh21@bjh21.me.uk 2023-02-16T23:40:40+00:00 1717d5b685828ce3ab22a82d073022ce69de6bcf GCC warns about that character sequence in a comment. I shouldn't have assumed that having only edited a comment meant I could get away without a test build. 
GCC warns about that character sequence in a comment.  I shouldn't have
assumed that having only edited a comment meant I could get away without
a test build.
Update and expand comment at the head of fuzzpuzz 2023-02-16T23:26:43+00:00 Ben Harris bjh21@bjh21.me.uk 2023-02-16T23:26:43+00:00 a1f1d7c24713277a96c1f508cd3782e5aaf18c69 It now correctly describes what fuzzpuzz does. It also provides an example of how to use it with AFL++. 
It now correctly describes what fuzzpuzz does.  It also provides an
example of how to use it with AFL++.
Separate fuzzing and harness in fuzzpuzz 2023-02-16T22:57:23+00:00 Ben Harris bjh21@bjh21.me.uk 2023-02-16T22:57:23+00:00 100cfd2e994fe870af1bd247097dfc105291c1bd There's now a function, fuzz_one(), that processes a single save file, and main() arranges to call this a suitable number of times depending on whether we're in AFL persistent mode or not. This makes things a bit cleaner, and will probably make adding good support for other fuzzers, or just switching entirely to the horrible but popular libFuzzer interface, simpler. 
There's now a function, fuzz_one(), that processes a single save file,
and main() arranges to call this a suitable number of times depending
on whether we're in AFL persistent mode or not.  This makes things a
bit cleaner, and will probably make adding good support for other
fuzzers, or just switching entirely to the horrible but popular
libFuzzer interface, simpler.
Extend fuzzpuzz to test more code 2023-02-13T21:23:58+00:00 Ben Harris bjh21@bjh21.me.uk 2023-02-12T22:57:51+00:00 ffe2fa169f9fdc411d00e1c75cf3cdc5f3099727 Now if the input save file loads correctly, fuzzpuzz asks the back-end to draw the puzzle. All the drawing operations are no-ops, but this tests the drawing code in the back-end. 
Now if the input save file loads correctly, fuzzpuzz asks the back-end
to draw the puzzle.  All the drawing operations are no-ops, but this
tests the drawing code in the back-end.