(M)(L)
afl-graphs
I've been hacking on CircuitPython lately. A lot of what I've done is fix bugs found by afl. Here's how to try it for yourself:

I recommend that you use a throwaway virtual machine for this, because at one point afl-fuzz learned how to create files in the filesystem! that was a big surprise, waking up to a directory full of filenames like "tesppppppppppppppppppppppppppppptfile"!

First, make sure you can build circuitpython's unix port. The steps are, approximately,

  1. Clone circuitpython
  2. git submodule update --init --recursive
  3. make -C ports/unix -j5 deplibs
  4. make -C ports/unix -j5
(you can review the .travis.yml file in the CircuitPython source tree for the packages they install on top of a regular Ubuntu system to get it building)

Note that the executable is ports/unix/micropython even when you have cloned circuitpython.

Next, get afl from http://lcamtuf.coredump.cx/afl/. If you can, follow the instructions in llvm_mode/README.llvm to get afl-clang-fast. Now, clean and rebuild:

  1. make -C ports/unix clean
  2. make -C ports/unix CC=/path/to/afl-clang-fast -j5 deplibs
  3. make -C ports/unix CC=/path/to/afl-clang-fast -j5
(If you couldn't use afl-clang-fast, then use CC=afl-clang or CC=afl-gcc)

Prepare the testcases directory for afl-fuzz. I used a number of tests from tests/basic:

  1. mkdir testcases
  2. cp tests/basics/*.py testcases

And start the fuzzer:

  1. /path/to/afl-fuzz -i testcases -o findings -- ports/unix/circuitpython

If you have any good findings, drop by the adafruit circuitpython discord and let us know about them! Even better if you fix them.