Skip to content

Commit

Permalink
added slow input example information to the readme and slightly chang…
Browse files Browse the repository at this point in the history 
…ed some wordings in the readme as well
  • Loading branch information
@PBetzler
PBetzler committed Aug 22, 2024
1 parent 1c5f096 commit 1fe0ec2
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# Testing C/C++ for Security and Reliability
Building robust C/C++ applications is a highly challenging endeavor that requires thorough testing. While C/C++ enables us to write high-performance code, the memory-unsafety nature of the language brings a broad spectrum of security risks. Memory corruption issues constitute the vast majority of bugs and security vulnerabilities found in C/C++ projects, and their impact is best demonstrated by the [Heartbleed](https://en.wikipedia.org/wiki/Heartbleed) bug on OpenSSL. Regular unit and integration tests are essential to test that our code functions correctly - they are not enough to uncover memory-corruption bugs. (Whitebox and smart) Fuzz testing on the other hand, has established itself as the best practical method to find these issues in large code bases such as Google Chrome.

In this example, we demonstrate how you can use CI Fuzz to integrate fuzz testing into your C/C++ projects. The example project uses [CMake](https://cmake.org/) as the build system and contains the following use cases:
In this example, we demonstrate how you can use CI Fuzz to integrate fuzz testing into your C/C++ projects. The example project uses [CMake](https://cmake.org/) as the build system and contains the following examples:
* [Simple Checks Example](src/simple_examples/explore_me.cpp#L10):
A simple example that triggers a buffer over when the input parameters satisfy certain criteria.
We show that CI Fuzz can quickly generate a test case that trigger this bug.
Expand Down Expand Up @@ -37,6 +37,12 @@ Execute with:
```sh
cifuzz run custom_mutator_example_checks_fuzz_test
```
* [Slow Input Example](src/advanced_examples/slow_input_checks_test.cpp#L17):
An example that shows how the fuzzer can detect inputs that lead to a slow program execution.
Execute with:
```sh
cifuzz run slow_input_checks_fuzz_test
```


To execute all fuzz tests at the same time, or calculate the code coverage for all, just skip the fuzz target name. Like:
Expand Down

0 comments on commit 1fe0ec2

Please sign in to comment.