arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-17 19:00:58 +00:00
Code Issues Releases Wiki Activity

docs(crypto): update fuzzer documentation

Browse Source
This commit is contained in:
Christian Reitter 2021-12-08 13:11:13 +01:00 committed by Andrew Kozlik
parent 18192e8eb2
commit 47a05720aa
1 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
crypto/fuzzer/README.md
View File

@ -18,8 +18,8 @@ Recommended: ASAN / UBSAN / MSAN flags for error detection can be specified via
Examples:
* `SANFLAGS="-fsanitize=address,undefined"`
* `SANFLAGS="-fsanitize=memory -fsanitize-memory-track-origins"`
* `SANFLAGS="-fsanitize=address,undefined"`
* `SANFLAGS="-fsanitize=memory -fsanitize-memory-track-origins"`
### Optimizations
@ -27,18 +27,26 @@ Override `OPTFLAGS` to test the library at different optimization levels or simp
Examples:
* `OPTFLAGS="-O0 -ggdb3"`
* `OPTFLAGS="-O3 -march=native"`
* `OPTFLAGS="-O0 -ggdb3"`
* `OPTFLAGS="-O3 -march=native"`
To be determined: use of `-fsanitize-ignorelist` to reduce sanitizer overhead on hot functions
To be determined:
* use of `-fsanitize-ignorelist` to reduce sanitizer overhead on hot functions
* `-flto` and `-flto=thin` link time optimization
Advanced usage:
* [Profile guided optimization](https://clang.llvm.org/docs/UsersManual.html#profile-guided-optimization)
### Other Flags
To be determined:
* `-DNDEBUG`
* `-DUSE_BIP39_CACHE=0 -DUSE_BIP32_CACHE=0`
* `-D_FORTIFY_SOURCE=2`
* `-DUSE_BIP39_CACHE=0 -DUSE_BIP32_CACHE=0` to avoid persistent side effects through the cache
* `-D_FORTIFY_SOURCE=2` together with optimization flag -O2 or above
* `-fstack-protector-strong` or `-fstack-protector-all`
* `-m32` to closer evaluate the 32 bit behavior
* this requires 32bit build support for gcc-multilib, libc and others
## Operation
@ -79,3 +87,8 @@ The resulting file can be used as a fuzzer dictionary.
1. render the data `llvm-cov show fuzzer/fuzzer -instr-profile=default.profdata -format=html -output-dir=coverage-report`
1. analyze report at `coverage-report/index.html`
1. (optional) remove artifacts with `rm default.profraw default.profdata && rm -r coverage-report`
## Using Honggfuzz Fuzzer
Although this code is designed primarily for libFuzzer, it can also be used with [Honggfuzz](https://honggfuzz.dev).
However, the usage details are out of scope of this document.