fuzzingbook
You have a program to test. You want to generate tests as quickly as possible and as thoroughly as possible. You don’t care so much how something is implemented, but it should get the job done. You want to learn how to use things.
Start with Introduction to Testing to get the basic concepts. (You would know most of these anyway, but it can’t hurt to get quick reminders). 程序可能收到各种各样的奇怪的输入导致错误
Use the simple fuzzers from the chapter on Fuzzers to test your program against the first random inputs. 产生随机的输入查看能不能使得程序崩溃
Get coverage from your program and use coverage information to guide test generation towards code coverage.
Define an input grammar for your program and use this grammar to thoroughly fuzz your program with syntactically correct inputs. As fuzzer, we would recommend a grammar coverage fuzzer, as this ensures coverage of input elements.
If you want more control over the generated inputs, consider probabilistic fuzzing and fuzzing with generator functions.
If you want to deploy a large set of fuzzers, learn how to manage a large set of fuzzers.
In each of these chapters, start with the “Synopsis” parts; these will give you quick introductions on how to use things, as well as point you to relevant usage examples. With this, enough said. Get back to work and enjoy!
sanitizer
-fsanitize=address 选项可以开启