A fast grammar fuzzer
Project description
F1 Fuzzer
This is the F1 Fuzzer described in the paper Building Fast Fuzzers
Installation
$ python3 -m pip install f1-fuzzer
Usage
- First, create the grammar file.
$ cat json.json
{
"<start>": [["<json>"]],
"<json>": [["<element>"]],
"<element>": [["<ws>", "<value>", "<ws>"]],
"<value>": [["<object>"], ["<array>"], ["<string>"], ["<number>"],
["true"], ["false"],
["null"]],
"<object>": [["{", "<ws>", "}"], ["{", "<members>", "}"]],
"<members>": [["<member>", "<symbol-2>"]],
"<member>": [["<ws>", "<string>", "<ws>", ":", "<element>"]],
"<array>": [["[", "<ws>", "]"], ["[", "<elements>", "]"]],
"<elements>": [["<element>", "<symbol-1-1>"]],
"<string>": [["\"", "<characters>", "\""]],
"<characters>": [["<character-1>"]],
"<character>": [["0"], ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"],
["8"], ["9"], ["a"], ["b"], ["c"], ["d"], ["e"], ["f"],
["g"], ["h"], ["i"], ["j"], ["k"], ["l"], ["m"], ["n"],
["o"], ["p"], ["q"], ["r"], ["s"], ["t"], ["u"], ["v"],
["w"], ["x"], ["y"], ["z"], ["A"], ["B"], ["C"], ["D"],
["E"], ["F"], ["G"], ["H"], ["I"], ["J"], ["K"], ["L"],
["M"], ["N"], ["O"], ["P"], ["Q"], ["R"], ["S"], ["T"],
["U"], ["V"], ["W"], ["X"], ["Y"], ["Z"], ["!"], ["#"],
["$"], ["%"], ["&"], ["\""], ["("], [")"], ["*"], ["+"],
[","], ["-"], ["."], ["/"], [":"], [";"], ["<"], ["="],
[">"], ["?"], ["@"], ["["], ["]"], ["^"], ["_"], ["`"],
["{"], ["|"], ["}"], ["~"], [" "], ["<esc>"]],
"<esc>": [["\\","<escc>"]],
"<escc>": [["\\"],["b"],["f"], ["n"], ["r"],["t"],["\""]],
"<number>": [["<int>", "<frac>", "<exp>"]],
"<int>": [["<digit>"], ["<onenine>", "<digits>"], ["-", "<digits>"],
["-", "<onenine>", "<digits>"]],
"<digits>": [["<digit-1>"]],
"<digit>": [["0"], ["<onenine>"]],
"<onenine>": [["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"],
["9"]],
"<frac>": [[], [".", "<digits>"]],
"<exp>": [[], ["E", "<sign>", "<digits>"], ["e", "<sign>", "<digits>"]],
"<sign>": [[], ["+"], ["-"]],
"<ws>": [["<sp1>", "<ws>"], []],
"<sp1>": [[" "],["\n"],["\t"],["\r"]],
"<symbol>": [[",", "<members>"]],
"<symbol-1>": [[",", "<elements>"]],
"<symbol-2>": [[], ["<symbol>", "<symbol-2>"]],
"<symbol-1-1>": [[], ["<symbol-1>", "<symbol-1-1>"]],
"<character-1>": [[], ["<character>", "<character-1>"]],
"<digit-1>": [["<digit>"], ["<digit>", "<digit-1>"]]
}
- Next, run the F1 fuzzer to compile the grammar.
$ python3 -m F1 json.json
Next step:
$ cc -g -Ofast -o fuzzer main.c fuzz.s
$ rm -f io.x
$ ./fuzzer 0 1000 1000
$ cat io.x
- Use the command lines detailed in the output to produce the compiled fuzzer.
(Note, only tested on MacOSX 10.15.1)
$ cc -g -Ofast -o fuzzer main.c fuzz.s
- Run the fuzzer with the required command lines.
$ ./fuzzer
./fuzzer <seed> <max_num> <max_depth>
$ rm -f io.x
$ ./fuzzer 82 1 100
- Check the result
$ cat io.x
-40.07e0
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
F1-Fuzzer-0.0.3.tar.gz
(11.2 kB
view hashes)
Built Distribution
F1_Fuzzer-0.0.3-py3-none-any.whl
(12.4 kB
view hashes)
Close
Hashes for F1_Fuzzer-0.0.3-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 76f6a530e17aaef47249b3da1bc7815468fde4d15d1e4a321b21b8143230287d |
|
| MD5 | 5ecb289baf41a9c9f02116bcb7e8168c |
|
| BLAKE2b-256 | 45fd68543185cbc07c48945ad84f06f0edc8de9486b9ba39aaddb36bd308c518 |
