Code Monkey home page Code Monkey logo

Comments (2)

skx avatar skx commented on July 23, 2024

Fuzzing was simple to add via go-fuzz. Just create fuzz/fuzz.go:

   // +build gofuzz
   
   package fuzz
   
   import (
   	"github.com/skx/go.vm/cpu"
   )
   
   func Fuzz(data []byte) int {
   	c := cpu.NewCPU()
   	c.LoadBytes(data)
   	c.Run()
   	return 0
   }

Unfortunately that was too simple!

   $ go get github.com/dvyukov/go-fuzz/go-fuzz
   $ go get github.com/dvyukov/go-fuzz/go-fuzz-build
   $ go-fuzz-build github.com/skx/go.vm/fuzz
   $ go-fuzz -bin=fuzz-fuzz.zip -workdir=workdir

Immediately 100+ "crashes" were detected:

     frodo ~/go/src/github.com/skx/go.vm/workdir/crashers $ ../../go.vm execute 8efd86fb78a56a5145ed7739dcb00c78581c5375
     Loading file: 8efd86fb78a56a5145ed7739dcb00c78581c5375
     Unrecognized/Unimplemented opcode 74 at IP 0000

So to fuzz properly we need to remove all unrecognized handlers. As a quick hack I removed the default handler from cpu/cpu.go:

   index fc3c0e5..2af7d2d 100644
   --- a/cpu/cpu.go
   +++ b/cpu/cpu.go
   @@ -681,9 +681,9 @@ func (c *CPU) Run() {
                           if fn != nil {
                                   fn(c, num)
                           }
   -               default:
   -                       fmt.Printf("Unrecognized/Unimplemented opcode %02X at IP %04X\n", op.Value(),        c.ip)
   -                       os.Exit(1)
   +                       //              default:
   +                       //                      fmt.Printf("Unrecognized/Unimplemented opcode %02X at IP        %04X\n", op.Value(), c.ip)
   +                       //                      os.Exit(1)
                   }

                   // Ensure our instruction-pointer wraps around.

With that done no immediate crashes, but of course they will come. I expect to see failures if a fuzzer tries to store an int into a register outside the correct bounds, etc.

from go.vm.

skx avatar skx commented on July 23, 2024

I think I've documented this enough now to close, invalid-traps, etc will cause termination. Patching the os.Exit( calls to allow fuzzing to continue is a trivial operation...

from go.vm.

Related Issues (8)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.