From 95b794744b4edd6e32eefc97998ec6aa041c5275 Mon Sep 17 00:00:00 2001
From: llzmb <46303940+llzmb@users.noreply.github.com>
Date: Thu, 12 Aug 2021 23:06:34 +0200
Subject: Edit README.md

Changes:
- Move advanced content to docs/.
- Add links.
- Fix links.
- Restructure content.
---
 docs/beyond_crashes.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 docs/beyond_crashes.md

(limited to 'docs/beyond_crashes.md')

diff --git a/docs/beyond_crashes.md b/docs/beyond_crashes.md
new file mode 100644
index 00000000..4836419c
--- /dev/null
+++ b/docs/beyond_crashes.md
@@ -0,0 +1,23 @@
+# Going beyond crashes
+
+Fuzzing is a wonderful and underutilized technique for discovering non-crashing
+design and implementation errors, too. Quite a few interesting bugs have been
+found by modifying the target programs to call abort() when say:
+
+  - Two bignum libraries produce different outputs when given the same
+    fuzzer-generated input,
+
+  - An image library produces different outputs when asked to decode the same
+    input image several times in a row,
+
+  - A serialization / deserialization library fails to produce stable outputs
+    when iteratively serializing and deserializing fuzzer-supplied data,
+
+  - A compression library produces an output inconsistent with the input file
+    when asked to compress and then decompress a particular blob.
+
+Implementing these or similar sanity checks usually takes very little time;
+if you are the maintainer of a particular package, you can make this code
+conditional with `#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` (a flag also
+shared with libfuzzer and honggfuzz) or `#ifdef __AFL_COMPILER` (this one is
+just for AFL).
\ No newline at end of file
-- 
cgit 1.4.1