docs: update fuzz-harness.md

riebl · May 24, 2024 · 59ef097 · 59ef097
1 parent 9f64195
commit 59ef097
Showing 1 changed file with 16 additions and 47 deletions.
diff --git a/docs/tools/fuzz-harness.md b/docs/tools/fuzz-harness.md
@@ -1,58 +1,27 @@
 # fuzz-harness
 
-The fuzz harness for vanetza is a testing tool designed to identify bugs, vulnerabilities, and unexpected behaviors within the vanetza codebase. Fuzz testing, also known as fuzzing, involves providing invalid, unexpected, or random data as input to a program to uncover errors or security issues.
+The fuzz harness for Vanetza is a testing tool designed to identify bugs, vulnerabilities, and unexpected behaviors within Vanetza's codebase. Fuzz testing, also known as fuzzing, involves providing invalid, unexpected, or random data as input to a program to uncover errors or security issues.
+
 ## Requirements
 
-- AFL++: You will need AFL++ installed on your system. Refer to the AFL++ documentation for installation instructions: https://aflplus.plus/docs/install/
+You will need AFL++ installed on your system.
+Please refer to the [AFL++ documentation](https://aflplus.plus/docs/install/) for installation instructions.
+Alternatively, you can use the scripts located at *tools/fuzz-harness* for running fuzz tests in a Docker container.
 
 ## Usage
 
-### Compile the instrumentation CmpLog
-
-```
-mkdir build_cmplog && cd build_cmplog/
-```
-
-```
-export AFL_LLVM_CMPLOG=1
-```
-
-```
-cmake .. \
-   -DBUILD_FUZZ=ON \
-   -DCMAKE_C_COMPILER=afl-clang-lto \
-   -DCMAKE_CXX_COMPILER=afl-clang-lto++
-```
-
-```
-make
-```
-
-Make sure to `unset AFL_LLVM_CMPLOG` afterwards.
-
-### Compile with Address Sanitizer
-
-Same as before but this time with:
-
-```
-mkdir build_asan && cd build_asan/
-```
-
-```
-export AFL_USE_ASAN=1
-```
-
-### Fuzz
-
-```
-mkdir output
-```
-
-```
-afl-fuzz -i input/ -o output/ -c ../../build_cmplog/bin/routerIndicatePersistentFuzz -m none -- ../../build_asan/bin/routerIndicatePersistentFuzz
-```
+Running the script *fuzz-harness/docker.sh* will build a suitable Docker container based on the official *aflplusplus/aflplusplus* image.
+As soon as the container is ready, the script launches the built container and maps your local user and some Vanetza directories into it.
 
+Within the container, you can compile the *fuzz-harness* using the AFL++ toolchain by invoking the *compile.sh* script.
+The *fuzz.sh* script is a convenient way to run the built harness with *afl-fuzz*.
 If it crashes immediately, try again a few times. 
 
 ### Analyse
-You can use `routerIndicateTest` to investigate the crash and get more information about the possible problems. The address sanitizer is enabled by default. If you're not interested in memory leaks, make sure to disable the leak sanatizer with the environment variable `ASAN_OPTIONS=detect_leaks=0`.
+
+Fuzzing is executing the *fuzzing-persistent* executable.
+You can use its sibling *fuzzing-run* to investigate a particular crash and get more information about the possible problems.
+The address sanitizer is enabled by default. If you're not interested in memory leaks, make sure to disable the leak sanatizer by setting the environment variable `ASAN_OPTIONS=detect_leaks=0`.
+
+You may also want to classify the found issues using *casr-afl*: `casr-afl -i output -o output/casr`
+The classification process also eliminates duplicate issues.