On Tue, Mar 07, 2017 at 12:27:58AM -0500, D L wrote: > On Sun, Mar 5, 2017 at 2:47 AM, Michal Privoznik <mprivozn@xxxxxxxxxx> wrote: > Regarding fuzzing, I think we can try several fuzzing tools to run in > parallel, as different > fuzzers tend to find different kinds of bugs. Thus, AFL (American Fuzz > Lop) [1], > which is a coverage-guided mutation-based fuzzer with genetic algorithm, > can > take hand-crafted xml seed to fuzz our libvert target. Alternatively, we > could > develop generation-based grammar module in AFL (which is definitely > non-trivial); > so far I have not seen active development in AFL community on xml format > grammar generation. Another option could be clang-libfuzzer [2]. > > Several related articles show examples of fuzzing are using AFL to generate > SQL [3], llvm-afl [4], and hexml fuzzing with AFL [5]. In combination with > lcov, we > could compare different fuzzers and guide our fuzzing tuning. FYI, I would very much like to see it use a fuzzer that is open source, because I'd like the end result of the project to ideally produce some test suite or test framework that we can put in to our CI system and run daily to validate future changes. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
