A toy project for Python interpreter fuzzing using AST-base mutators, based on LibFuzzer.
Started in SEFCOM.
- nix-shell
- git for pulling source code
- python for code generation
./build.sharguments:
-p/--cpythonforces to re-clone, re-patch and rebuild CPython-f/--forceforces to re-generate all codgen codes, re-configure cmake and build--clearremove all cache directories-j <core>/--jobs <core>equivalent tomake -j<core>
./main.sharguments:
-c/--cleanremoving all log directories-d/--debugusing stdout instead of redirecting into log file--covgenerate coverage report usingllvm-cov-r <turns>/--runs <turns>equivalent to libFuzzer-runs=<turns>-l/--last-caseload most recent corpus saved under log folder as dummy AST instead of plain AST.
./check.sh./gen_hints.shpipline.md
For mutators list, check mutators.h.
My goal is to recover and find more similar bugs like the motivation samples in pipline.md.
- Using Atheris to extend target modules from only builtin to others (Atheris only support Python <= 3.11 so far)
- Free useless ASTs in appropriate time
- Add more guide to mutator picking instead of pure randomness
- More mutator, more performance
- Automatically document parse
- is there any way to enable Corpus?
- More depth(it's only 2 rn)
- Multi-inherit class support(risk at conflicted class)