-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: Print Debug output when using Arbitrary #215
Comments
In principle, it could, but I think this would require significant changes to afl.rs. Right now, AFL's output directory is opaque to afl.rs. A change like this would require afl.rs to have some knowledge of that directory's structure, which would add maintenance costs to afl.rs. Also, as far as I am aware, there is no easy way to tell when AFL has found a crash, e.g., via a return code. You can pass For myself, I would lean toward not making a change like this. I personally like the idea of afl.rs being a lightweight wrapper around AFL, and of other tools adding functionality on top of afl.rs. (At the risk of sounding like a sales pitch, You're probably already aware of this, but for your specific problem, you should be able to: fuzz!(|my_struct: MyStruct| {
println!("{:?}", my_struct);
...
} And then: target/debug/my_target < output/crashes/crashing_input I know this is not ideal, though. |
Actually, I think I was being a little rash. Looking more closely at how libfuzzer does this, I think it would be possible to incorporate something similar to afl.rs without running into the problems I mentioned. One thing we might do different is, rather than write the file at the target's entry point, we might write it only after a panic occurs (here maybe?). Then, when AFL exits, cargo-afl could check whether the file is non-empty and, if so, print it out. I think this would circumvent the "not knowing when you've found a crash" problem. Does this idea sound reasonable to you, @ParkMyCar? Is it something you would like to try to tackle? |
When fuzzing with
libfuzzer
and usingarbitrary::Arbitrary
, if you find a failing input thencargo fuzz
prints theDebug
representation of yourArbitrary
struct. This is quite useful because it's easier to create a unit test and repro the failing scenario.Could
afl.rs
add a similar feature that when usingArbitrary
it'll output theDebug
representation of your failing struct?The text was updated successfully, but these errors were encountered: