Rothalyx ships with sanitizer-backed corpus runners for parser and trace-ingestion coverage. The goal is to catch hostile-input bugs before they ship, not to optimize for vanity fuzzing numbers.
rothalyx_loader_corpus_runner
Exercises binary loading, section mapping, symbol population, and rebasing against a corpus of valid and malformed binaries.rothalyx_trace_corpus_runner
Exercises trace parsing against valid, truncated, oversized, and malformed trace inputs.
Use the sanitizer preset:
cmake --preset asan-fuzz
cmake --build --preset asan-fuzz./fuzz/prepare_corpus.sh /tmp/rothalyx-fuzz-corpusThat creates:
loader/
Seed binaries, malformed inputs, truncations, and mutated samples.trace/
Valid traces plus malformed-address and oversized-label cases.
./build/asan-fuzz/fuzz/rothalyx_loader_corpus_runner /tmp/rothalyx-fuzz-corpus/loader --repeat 5
./build/asan-fuzz/fuzz/rothalyx_trace_corpus_runner /tmp/rothalyx-fuzz-corpus/trace --repeat 10Malformed inputs are expected to be rejected cleanly. A crash, sanitizer finding, or unexpected termination is a failure.
./fuzz/run_sustained_campaign.sh ./build/asan-fuzz /tmp/rothalyx-fuzz-corpus /tmp/rothalyx-fuzz-outUseful overrides:
ROTHALYX_FUZZ_REPEAT_LOADER=50 \
ROTHALYX_FUZZ_REPEAT_TRACE=100 \
./fuzz/run_sustained_campaign.shThe wrapper prepares a corpus, runs both replay runners, and writes timestamped logs under the chosen output directory.
If sanitizer binaries are run under a tracer or in a restricted sandbox, LeakSanitizer may refuse to start. In that case, keep ASan and UBSan enabled and disable leak detection for that session:
ASAN_OPTIONS=detect_leaks=0 ./fuzz/run_sustained_campaign.sh- keep adversarial corpora separate from benchmarks
- run the sanitizer preset after parser or trace-ingestion changes
- keep a small daily corpus and a larger pre-release corpus
- treat sanitizer findings as release blockers until triaged