GitHub - sefcom/CPython-AST-Fuzzer: A toy project for Python interpreter fuzzing using AST mutators based on LibFuzzer

GitHub - sefcom/CPython-AST-Fuzzer: A toy project for Python interpreter fuzzing using AST mutators based on LibFuzzer

pyFuzzer

A toy project for Python interpreter fuzzing using AST-base mutators, based on LibFuzzer.
Started in SEFCOM.

My other work: CPython Grammar Fuzzer

Requirements

nix-shell
git for pulling source code
python for code generation

How to build

arguments:

-p / --cpython forces to re-clone, re-patch and rebuild CPython
-f / --force forces to re-generate all codgen codes, re-configure cmake and build
--clear remove all cache directories
-j <core> / --jobs <core> equivalent to make -j<core>

How to run

arguments:

-c / --clean removing all log directories
-d / --debug using stdout instead of redirecting into log file
--cov generate coverage report using llvm-cov
-r <turns> / --runs <turns> equivalent to libFuzzer -runs=<turns>
-l / --last-case load most recent corpus saved under log folder as dummy AST instead of plain AST.

Executing every known crash

Type hints for VScode

Designing

pipline.md
For mutators list, check mutators.h.
My goal is to recover and find more similar bugs like the motivation samples in pipline.md.

TODO

Using Atheris to extend target modules from only builtin to others (Atheris only support Python <= 3.11 so far)
Free useless ASTs in appropriate time
Add more guide to mutator picking instead of pure randomness
More mutator, more performance
Automatically document parse
is there any way to enable Corpus?
More depth(it's only 2 rn)
Multi-inherit class support(risk at conflicted class)