mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-17 19:00:58 +00:00
docs(crypto): update fuzzer documentation
This commit is contained in:
parent
18192e8eb2
commit
47a05720aa
@ -18,8 +18,8 @@ Recommended: ASAN / UBSAN / MSAN flags for error detection can be specified via
|
|||||||
|
|
||||||
Examples:
|
Examples:
|
||||||
|
|
||||||
* `SANFLAGS="-fsanitize=address,undefined"`
|
* `SANFLAGS="-fsanitize=address,undefined"`
|
||||||
* `SANFLAGS="-fsanitize=memory -fsanitize-memory-track-origins"`
|
* `SANFLAGS="-fsanitize=memory -fsanitize-memory-track-origins"`
|
||||||
|
|
||||||
### Optimizations
|
### Optimizations
|
||||||
|
|
||||||
@ -27,18 +27,26 @@ Override `OPTFLAGS` to test the library at different optimization levels or simp
|
|||||||
|
|
||||||
Examples:
|
Examples:
|
||||||
|
|
||||||
* `OPTFLAGS="-O0 -ggdb3"`
|
* `OPTFLAGS="-O0 -ggdb3"`
|
||||||
* `OPTFLAGS="-O3 -march=native"`
|
* `OPTFLAGS="-O3 -march=native"`
|
||||||
|
|
||||||
To be determined: use of `-fsanitize-ignorelist` to reduce sanitizer overhead on hot functions
|
To be determined:
|
||||||
|
|
||||||
|
* use of `-fsanitize-ignorelist` to reduce sanitizer overhead on hot functions
|
||||||
|
* `-flto` and `-flto=thin` link time optimization
|
||||||
|
|
||||||
|
Advanced usage:
|
||||||
|
* [Profile guided optimization](https://clang.llvm.org/docs/UsersManual.html#profile-guided-optimization)
|
||||||
### Other Flags
|
### Other Flags
|
||||||
|
|
||||||
To be determined:
|
To be determined:
|
||||||
|
|
||||||
* `-DNDEBUG`
|
* `-DNDEBUG`
|
||||||
* `-DUSE_BIP39_CACHE=0 -DUSE_BIP32_CACHE=0`
|
* `-DUSE_BIP39_CACHE=0 -DUSE_BIP32_CACHE=0` to avoid persistent side effects through the cache
|
||||||
* `-D_FORTIFY_SOURCE=2`
|
* `-D_FORTIFY_SOURCE=2` together with optimization flag -O2 or above
|
||||||
* `-fstack-protector-strong` or `-fstack-protector-all`
|
* `-fstack-protector-strong` or `-fstack-protector-all`
|
||||||
|
* `-m32` to closer evaluate the 32 bit behavior
|
||||||
|
* this requires 32bit build support for gcc-multilib, libc and others
|
||||||
|
|
||||||
## Operation
|
## Operation
|
||||||
|
|
||||||
@ -79,3 +87,8 @@ The resulting file can be used as a fuzzer dictionary.
|
|||||||
1. render the data `llvm-cov show fuzzer/fuzzer -instr-profile=default.profdata -format=html -output-dir=coverage-report`
|
1. render the data `llvm-cov show fuzzer/fuzzer -instr-profile=default.profdata -format=html -output-dir=coverage-report`
|
||||||
1. analyze report at `coverage-report/index.html`
|
1. analyze report at `coverage-report/index.html`
|
||||||
1. (optional) remove artifacts with `rm default.profraw default.profdata && rm -r coverage-report`
|
1. (optional) remove artifacts with `rm default.profraw default.profdata && rm -r coverage-report`
|
||||||
|
|
||||||
|
## Using Honggfuzz Fuzzer
|
||||||
|
|
||||||
|
Although this code is designed primarily for libFuzzer, it can also be used with [Honggfuzz](https://honggfuzz.dev).
|
||||||
|
However, the usage details are out of scope of this document.
|
||||||
|
Loading…
Reference in New Issue
Block a user