From 09c4508aee96ca20d084b8a60b4c6603de8bff8b Mon Sep 17 00:00:00 2001
From: Aqua-sama <aqua@iserlohn-fortress.net>
Date: Sun, 25 Nov 2018 13:01:17 +0100
Subject: Add Session Dialog

---
 doc/Development/Fuzzing.asciidoc | 49 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 doc/Development/Fuzzing.asciidoc

(limited to 'doc/Development')

diff --git a/doc/Development/Fuzzing.asciidoc b/doc/Development/Fuzzing.asciidoc
new file mode 100644
index 0000000..0981f1a
--- /dev/null
+++ b/doc/Development/Fuzzing.asciidoc
@@ -0,0 +1,49 @@
+=== Setup
+Required packages: afl
+
+==== Compiling Qt
+This will build an instrumented Qt:
+
+[source, sh]
+----
+export CC=$(which afl-gcc)
+export CXX=$(which afl-g++)
+./configure ...
+make
+----
+
+=== Running the fuzzer
+[source, sh]
+----
+cd /sys/devices/system/cpu
+su
+echo performance | tee cpu*/cpufreq/scaling_governor
+exit
+
+cd $testdir
+afl-fuzz -m 512 -t 40 -i $input -o $output -- $testexe @@
+
+# see for available scaling_governor values:
+cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
+
+cd /sys/devices/system/cpu
+su
+echo powersave | tee cpu*/cpufreq/scaling_governor
+exit
+----
+
+The $input directory contains your reference input files, while the findings of the fuzzers will be written in $output.
+
+@@ gets replaced by the name of a file generated by AFL, containing the mutated input.
+
+=== Using ramdisk for tests
+[source, sh]
+----
+$ mkdir afl
+# mount -t tmpfs -o size=1024M tmpfs afl/
+$ cd afl/
+$ afl-fuzz -i inputs -o findings ...
+----
+
+=== Sources
+1. https://www.kdab.com/fuzzing-qt-fun-profit/
-- 
cgit v1.2.1