[Python-Dev] [ANNOUNCE] fuzzpy

Brian Cain brian.cain at gmail.com
Sun Feb 28 22:44:39 EST 2016 

##################################################################

    *---------------------------------------------------*
    *    fuzzpy: CPython fuzz tester is now available   *
    *                                                   *
    *                   Version 0.8                     *
    *        https://bitbucket.org/ebadf/fuzzpy/        *
    *---------------------------------------------------*

I am pleased to announce the creation of a coverage-guided fuzz tester for
CPython.  It's a pretty small wrapper around LLVM's libFuzzer that enables
some powerful testing logic.  AFL (American Fuzzy Lop) is another popular
fuzzer lately -- libFuzzer is very similar in concept to AFL.  From what
I've read on list archives, Victor Stinner had previously done some good
fuzz testing on CPython using fusil.  This project should expand on that
concept.

I'd love to get feedback, suggestions, patches and anything else the list
can offer.


Q: What is fuzzpy for?
A: It's primarily for testing CPython itself, but could also be used for
individual python projects too.  Pure-python projects will be the simplest
to integrate at this point.  Also, interesting test cases output by fuzzpy
may end up being useful in testing others such as pypy, pyston, etc.

Q: What is a fuzz tester?
A: It modifies inputs to a test case in order to find unique/rare failures.

Q: What does "coverage-guided" mean?
A: It means that libFuzzer is able to witness the specific code executed as
a result of a given test case.  It feeds this information back into an
engine to modify the test cases to optimize for coverage.

Q: How can I help?
A1: donate cycles: build the project and crank away on one of the existing
tests.  Relative to other common fuzzing, it's awfully slow, so consider
throwing as many cycles as you can afford to.
A2: contribute tests: write a ~10-line python script that exercises a
feature that you think could benefit from fuzz testing.
A3: if there's interest, I can accept cryptocoin donations to purchase
cycles on a cloud server.


##################################################################


-- 
-Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20160228/75ffaf76/attachment.html>

More information about the Python-Dev mailing list