Fuzzing模糊测试

1. What is fuzz test?

Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks.

模糊测试是一种通过向目标系统提供非预期的输入并监视异常结果来发现软件漏洞的方法。
模糊测试（Fuzz testing）是一种发现安全漏洞的有效的测试方法，模糊测试将随机的坏数据插入程序，观察程序是否能容忍杂乱输入，模糊测试是不合逻辑的，只是产生杂乱数据攻击程序，采用模糊测试攻击应用程序可发现其他采用逻辑思维来测试很难发现的安全漏洞。
（早期其实是一种基于黑盒的随机的测试方法。）

https://github.com/kudelskisecurity/cdf CDF is a tool to automatically test the correctness and security of cryptographic software. CDF can detect implementation errors, compliance failures, side-channel leaks, and so on.

2. Fuzz test example

以https://github.com/dalek-cryptography/subtle为例：

cd fuzz
cargo rustc --bin conditional_assign_i128 -- -C passes='sancov' -C llvm-args='-sanitizer-coverage-level=3' -Z sanitizer=address
./target/debug/conditional_assign_i128 ##开始fuzz测试

其中fuzz测试打印信息含义可参见：http://llvm.org/docs/LibFuzzer.html#output

参考资料：
[1] https://en.wikipedia.org/wiki/Fuzz_testing
[2] https://www.freebuf.com/column/157277.html
[3] https://github.com/kudelskisecurity/cdf
[4] http://llvm.org/docs/LibFuzzer.html#output
[5] https://rust-fuzz.github.io/book/cargo-fuzz/tutorial.html